All - As you know, in the "trusting trust" attack, compilers can be subverted to insert malicious Trojan horses into critical software... including themselves. This turns out to be a nasty attack that's not easy to counter.
I've just released my draft PhD dissertation, "Fully Countering Trusting Trust through Diverse Double-Compiling" (DDC), that describes how to counter the "trusting trust" attack. More details, including the dissertation, are here: http://www.dwheeler.com/trusting-trust On November 23, 2009, 1-3pm, I will be giving a public defense of this dissertation. If you're interested, please come! It will be at George Mason University, Fairfax, Virginia, Innovation Hall, room 105. This 2009 dissertation significantly extends my previous 2005 ACSAC paper. For example, I now have a formal proof that DDC is effective (the ACSAC paper only had an informal justification). I also have additional demonstrations, including one with GCC (to show that it scales up) and one with a maliciously corrupted compiler (to show that it really does detect them in the real world). The dissertation is also more general; the ACSAC paper only considered the special case of a "self-parenting" compiler, while the dissertation eliminates that assumption. --- David A. Wheeler _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
