Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reflections on Trusting Trust Ken Thompson. Overview Introduction Introduction “Cutest Program” “Cutest Program” Stage 1 Stage 1 Stage 2 Stage 2 Stage.

Published byAlvin Baldwin Modified over 9 years ago

Similar presentations

Presentation on theme: "Reflections on Trusting Trust Ken Thompson. Overview Introduction Introduction “Cutest Program” “Cutest Program” Stage 1 Stage 1 Stage 2 Stage 2 Stage."— Presentation transcript:

1 Reflections on Trusting Trust Ken Thompson

2 Overview Introduction Introduction “Cutest Program” “Cutest Program” Stage 1 Stage 1 Stage 2 Stage 2 Stage 3 Stage 3 Moral Moral Conclusion Conclusion

3 Introduction Introduction The author’s acknowledgement The author’s acknowledgement UNIX UNIX Background Background Presentation Presentation

4 “Cutest Program” Stage 1 Stage 1 Shortest self-reproducing program Shortest self-reproducing program Write a source program that will produce an exact copy of its source Write a source program that will produce an exact copy of its source Figure 1 Figure 1 Produces a self-reproducing program Produces a self-reproducing program Can be easily written by another program Can be easily written by another program Can contain baggage that will be reproduced along with main algorithm Can contain baggage that will be reproduced along with main algorithm Source Code next slide Source Code next slide

5 Source Code

6 “Cutest Program” Stage 2 Stage 2 C Compiler written in C C Compiler written in C “Chicken and egg” problem “Chicken and egg” problem Compilers written in their own language Compilers written in their own language Example from C compiler Example from C compiler Figure 2 Figure 2 C compiler interprets the character escape sequence C compiler interprets the character escape sequence Figure 3 and 4 Figure 3 and 4 Figure 3 adds vertical tab “\v” Figure 3 adds vertical tab “\v” Binary version does not know about “\v” add ASCII value Binary version does not know about “\v” add ASCII value if(c == ‘v’) return(‘11’)

7 Stage 2 Example Figure 2 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); Figure 3 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); if(c == ‘v’) return(‘\v’);

8 Stage 2 Cont. Figure 4 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); if(c == ‘v’) return(‘11’);

9 Stage 3 Takes the code and modifies it Takes the code and modifies it Figure 5 Figure 5 High level control of the C compiler High level control of the C compiler “compile” is called to compile next line of code “compile” is called to compile next line of code Figure 6 Figure 6 Modified to mis-compile source when a pattern is matched Modified to mis-compile source when a pattern is matched Not deliberate would be a “bug”. Since deliberate should be called “Trojan horse”. Not deliberate would be a “bug”. Since deliberate should be called “Trojan horse”.

10 Source Code Figure 5 compile(s) char * s; { } Figure 6 compile(s) char * s; { if(match(s, “pattern”)) { compile (‘bug’); return; }  }

11 Results of Code The bug planted would match code in UNIX “login” command The bug planted would match code in UNIX “login” command Replacement code will miscompile login command Replacement code will miscompile login command Giving access to login Giving access to login Accepting the intended encrypted password Accepting the intended encrypted passwordOR Accepting a particular known password Accepting a particular known password

12 Source Code Figure 7 compile(s) char * s; { if(match(s, “pattern1”)) { compile (‘bug 1’); return;} if(match(s, “pattern2”)) {  compile (‘bug 2’); return;}}

13 Stage 3 Cont. Figure 7 adds a second Trojan horse. Figure 7 adds a second Trojan horse. Aimed for the C compiler Aimed for the C compiler Figure 7 shows the use of stage 1 by applying self-reproducing program Figure 7 shows the use of stage 1 by applying self-reproducing program This is done by compiling modified source with the C compiler This is done by compiling modified source with the C compiler Produces bugged binary Produces bugged binary The binary is installed as the official C The binary is installed as the official C Remove the bugs from the compiler Remove the bugs from the compiler New binary will reinsert the bugs whenever compiled New binary will reinsert the bugs whenever compiled

14 Moral Can’t trust code you didn’t write Can’t trust code you didn’t write Source level verification will not protect us from using untrusted code Source level verification will not protect us from using untrusted code Could be done with any program-handling program Could be done with any program-handling program Assembler Assembler Loaders Loaders Hardware microcode Hardware microcode Level of program gets lower bugs will be harder to detect Level of program gets lower bugs will be harder to detect

15 Moral Cont. Criticizes press on handling of hackers Criticizes press on handling of hackers Author states these acts by kids are “vandalism t best” Author states these acts by kids are “vandalism t best” States inadequacy of law that saves hackers from real prosecution States inadequacy of law that saves hackers from real prosecution Companies are pressing to update criminal code Companies are pressing to update criminal code 2 major issues 2 major issues Press, TV, and etc. call these hackers “whiz kids” Press, TV, and etc. call these hackers “whiz kids” The acts performed will be sending them to jail for many years The acts performed will be sending them to jail for many years

16 Conclusion Creating bugs and viruses can be simple Creating bugs and viruses can be simple There is a cultural gap There is a cultural gap Kids have no idea these are serious acts Kids have no idea these are serious acts Social Stigma Social Stigma Breaking into computers should be the same as breaking into homes Breaking into computers should be the same as breaking into homes Questions ?

Download ppt "Reflections on Trusting Trust Ken Thompson. Overview Introduction Introduction “Cutest Program” “Cutest Program” Stage 1 Stage 1 Stage 2 Stage 2 Stage."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Operating Systems Components of OS

Operating Systems Components of OS
Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
© 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 1 Eggs have the potential to cause catastrophic damage to private.

© 2001 By Default! A Free sample background from Slide 1 Eggs have the potential to cause catastrophic damage to private.
Introduction to Assembly language

Introduction to Assembly language
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Introduction to the gedit editor. gedit: the Gnome editor Gnome: Gnome is a freely available (i.e., no cost) desktop environment for the UNIX system The.

Introduction to the gedit editor. gedit: the Gnome editor Gnome: Gnome is a freely available (i.e., no cost) desktop environment for the UNIX system The.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing.

Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp Copyright 1984, Association for Computing.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
CS201 – Makefile Tutorial. A Trivial Makefile # Trivial Makefile for puzzle1.c # Ray S. Babcock, CS201, MSU-Bozeman # 1/5/05 # puzzle1: puzzle1.c gcc.

CS201 – Makefile Tutorial. A Trivial Makefile # Trivial Makefile for puzzle1.c # Ray S. Babcock, CS201, MSU-Bozeman # 1/5/05 # puzzle1: puzzle1.c gcc.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Introduction to a Programming Environment

Introduction to a Programming Environment
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
1 Lecture 24 Hiding Exploit in Compilers bootstrapping, self-generating code, tombstone diagrams Ras Bodik Mangpo and Ali Hack Your Language! CS164: Introduction.

1 Lecture 24 Hiding Exploit in Compilers bootstrapping, self-generating code, tombstone diagrams Ras Bodik Mangpo and Ali Hack Your Language! CS164: Introduction.

Similar presentations

Ads by Google