Hello Sven,
Thank you for the Wheeler reference! Indeed, it would've been good to
mention it in the talk, as an example of dealing with "Trojan" threats,
as contrasted to the "Babel" threats we focused on. The contrast between
solution approaches is interesting in its own right.
Of course, Ken Thompson's larger thesis included all kinds of Trojan
bugs, down to microcode; in that sense, "Babel" might be easier to solve
once we resolve to do so.
Thanks,
--Sergey
On Fri, 3 Jan 2014, Sven Kieske wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I sadly didn't have the time to attend to 30c3
in person, but I watched the video here:
http://www.youtube.com/watch?v=QogdeTy7cDc
I just have a small addition regarding the
"magic wand" mentioned in the beginning.
To be more precise, the authors refer to
Ken Thompsons famous "trusting trust"[1]
and imply that this problem never was solved.
Well, to my understanding this was solved indeed
by David A. Wheelers, also famous, dissertation
"Fully Countering Trusting Trust through Diverse
Double-Compiling"[2]
I know that this does not prove anything wrong
which was shown later in the talk and I find the
findings really interesting, but I wanted
to share this information with you, just in case
you maybe missed Wheelers paper.
I hope I did understand the talk correctly and
that my findings are correct, if not, I accuse
my poor English skills ;-)
kind regards
Sven Kieske
[1] http://cm.bell-labs.com/who/ken/trust.html
[2]
http://www.dwheeler.com/trusting-trust/dissertation/html/wheeler-trusting-trust-ddc.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQGcBAEBAgAGBQJSxwy1AAoJEAq0kGAWDrqldakL/1hrkEPVjgVgkDCEJTrjKoSz
LFWAqvTovnk1DBig36fwYbhuUABS2eP/s8+OmqViNXCTB7dsyOkiFFc/HJ8RC2C2
/8EbPXvZdFBePgXijVTf5nPcVdfL+d0A/SiIHHL4/skbUIXKgO572ayYqM4cCHtc
1GDoXSp9Fo5tYNk5ScRRKscp0efIc10Ac2rtthE6SR4VXOW8fEI9IsUjGw6hYpho
oqTqZJVvgVgINjrAvcWO38dWEapBeI5p3W8EVOaC46ZgG2tUqSXUkDzIdAn0349D
ND2o2qog01GQrdkQlkezaLuTDbbQpk6Y5a7fZej809ydGlh+3mehzZMPm5MBjyTr
bJcKS92GtfhR0Z0e236daNZoBiG5vCZGGK2bYlzFZJI7Ct1kqGFibLmRDn4qFO+b
y1M8+Er8OHL9ABU2NJnlVygRQP6SjXkBBpleaF0FSRddL6bZ1HDdQhi+yp0VHsLi
BlcWxgb4JSaUoylvQxSYMvaQ2UdCU4meBeGtKKhovQ==
=Kv8K
-----END PGP SIGNATURE-----
_______________________________________________
langsec-discuss mailing list
[email protected]
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
_______________________________________________
langsec-discuss mailing list
[email protected]
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
