On Fri, 13 Sep 2013, Jerry Leichter wrote:
[[about Paul Karger's countermeasure to the "Ken Thompson" trojan-compiler
> I never met Roger Schell, but I knew Paul at DEC back in the mid
> 70's.  Not realizing his connection with the underlying ideas, I
> showed him Thompson's paper.  Paul explained how to counter it by
> examining the compiler output (not practical except in specialized
> circumstances) but never brought up his own role.
> The full details can be found on David A. Wheeler's page at
> http://www.dwheeler.com/trusting-trust/.  (Wheeler's 2005 dissertation
> provides a complete solution to the problem; he cites Henry Spencer
> for suggesting the idea underlying his formal treatment back in
> 1998.)

It's important to realise that Wheeler's "diverse double-compiling"
(DCC) countermeasure does NOT require hand examination of compiler
output -- the tests are (or can be) fully automated even for realistic
industrial-strength compilers like GCC (on which Wheeler demonstrated
DCC in his thesis).

And a tiny historical nit: Wheeler's dissertation was in 2009, not 2005.


-- "Jonathan Thornburg [remove -animal to reply]" 
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"
The cryptography mailing list

Reply via email to