reflections on trusting trust
DESCRIPTION
a small ppt made by me during my MTech phaseTRANSCRIPT
Abhiram. SCS10M001
Reflections on Trusting Trust- Ken Thompson
THE FLOW
Flashback!
Ken Thompson – A Demigod Bird’s Eye view of what was
THE FLOW…
Flashback!
Contributions that led to a Turing award in 1983
UNICS or UNIX? The B (B for Bon) Language Birth of ‘ed’ & Unix Portability Plan 9 – First distributed OS based on Unix
THE FLOW…
Flashback!
Significant Contributions that led to a Turing award
‘Reflections on Trusting Trust’ Backdoor Computing A Undetectable Trojan horse in a compiler!
Stage 1 – Self Production Program Stage 2 – “Training” a Compiler Stage 3 – Putting 2 & 2 together
THE FLOW…
Flashback!
Significant Contributions that led to a Turing award
‘Reflections on Trusting Trust’
The progress since Effects Diverse double-compiling – DDC an Overview
THE FLOW…
Flashback!
Significant Contributions that led to a Turing award
‘Reflections on Trusting Trust’
The progress since
Summary
FLASHBACK!
Ken Thompson – A Demigod
Born Feb 4, 1943, New Orleans.
Bachelor’s degree in 1965 in ECS Engg.
Master’s degree in 1966 in ECS Engg.
Hired by Bell Labs – for furthering research in MULTICS Multiplexed Information & Computing Service
FLASHBACK!...
Bird’s Eye View of what was
Decline and fall of MULTICS - Ken Thompson, D Ritchie, MD McElroy and JF Ossanna significantly improved MULTICS from 1966-69.
Thompson’s game – The Space travel and its connection with the obsolete DEC PDP-7 computer.
Thompson’s itch for creation of an Operating system grew stronger.
SIGNIFICANT CONTRIBUTIONS
Birth of (UNICS) UNIX The need for a better OS for his game ‘Space
Travel’ led to the development of UNIX.
The existing Blueprint of proposed filesystem for MULTICS was implemented.
Development of user level utilities – copy, print, delete and edit (Shell & ‘ed’ the editor)
An assembler to enable the system to support itself.
1969-70
REF: Evolution of UNIX by D Ritchie - http://cm.bell-labs.com/cm/cs/who/dmr/hist.html
SIGNIFICANT CONTRIBUTIONS…
Birth of B (B for Bon) When improvising the existing Basic
Combined Programming Language (BCPL)
A precursor to C programming language, which was completed by Ritchie in 1972.
1969-70 – Birth of Unix
1970
REF: Evolution of C by D Ritchie - http://cm.bell-labs.com/cm/cs/who/dmr/hist.html
QUOTE Unquote
When Seibel (Coders at Work's interview) asked Ken:
"How did you learn to program?"
He said that: "I was always fascinated with logic and even in grade school I’d work on arithmetic problems
in binary, stuff like that. Just because I was fascinated.”
SIGNIFICANT CONTRIBUTIONS…
Birth of ‘ed’ & UNIX portability 1971 – Birth of ‘ed’ - ed went on to influence
‘ex’, which in turn spawned ‘vi’.
1972 - Rewrote the UNIX kernel in ‘C’ - Adaption for different platforms with relative ease.
1969-70 – Birth of Unix
1970 – Birth of B programming language
1971- 72
REF: Wikipedia and LINFO - http://www.linfo.org/thompson.html
SIGNIFICANT CONTRIBUTIONS…
Plan 9 – First distributed OS An internal project by Bell Labs led by
Thompson with Rob Pike and support from Dennis Ritchie was ‘formulated’ and first released in 1992.
1969-70 – Birth of Unix
1970 – Birth of B programming language
1980
1972 – Birth of ‘ed’ & UNIX portability
REF: Wikipedia and LINFO - http://www.linfo.org/thompson.html
SIGNIFICANT CONTRIBUTIONS…
1983 - Thompson and Ritchie received the ACM Turing Award
1969-70 – Birth of Unix
1970 – Birth of B programming language
1972 – Birth of ‘ed’ & UNIX portability
1980 – Plan ‘9’ – First distributed OS
QUOTE Unquote
“I thank the ACM for this award. I can't help but feel that I am receiving this honor for timing and
serendipity as much as technical merit. Moreover, the current state of UNIX is the result of the labors of a
large number of people.”
- As told by Ken Thompson while receiving the award
REFLECTIONS ON TRUSTING TRUST
Backdoor Computing
A method of bypassing normal authentication – while attempting to remain undetected
Thompson’s paper was the first to widely publicize such an attack and point out that trust is relative Compiler – a trusted program which incorporates the backdoor
mechanism cleverly
REFLECTIONS ON TRUSTING TRUST
A Thompson hack or a Trusting Trust Attack
• Can contain arbitrary amount of excess baggage
• Can be easily written by another program
STAGE 1 – A self-production capable program
Has Property
char*f="char*f=%c%s%c; main(){printf(f,34,f,34,10);}%c";main(){printf(f,34,f,34,10);}
REFLECTIONS ON TRUSTING TRUST
A Thompson hack or a Trusting Trust attack
• To accept a new source like \v
STAGE 2 – “Train” the existing Compiler to identify new source segments!
Has Property
...c = next ();if (c != '\\')
return c;c = next ();if (c == '\\')
return '\\‘;if (c == 'n')
return '\n’;if (c == 'v')
return ‘11‘; ...
REFLECTIONS ON TRUSTING TRUST
A Thompson hack or a Trusting Trust attack
A Trojan Horse! Or Backdoor computing
STAGE 3 – Add a bug which matches code (pattern) with the Unix “Login” command.
Has Property
compile (s);char* s{ if (match (s, pattern))
{ compile (bug)return;
}...
}
REFLECTIONS ON TRUSTING TRUST
A Thompson hack or a Trusting Trust attack
To Re-insert the bugs whenever it is compiled – Future Compiler versions also!
Finally– Add a second trojan horse Which matches pattern with C compiler itself and return the self-producing program
Has Property
compile (s);char* s{ if (match (s, pattern1))
{ compile (bug1)return; } if (match (s, pattern2))
{ compile (bug2)return; } ...}
THE PROGRESS SINCE
This version was, officially, never released into the wild.
If Undetected attackers can quietly subvert entire classes of computer systems Result in gaining complete control over financial, infrastructure,
military, and/or business systems worldwide Recently (August 2009) discovered attack by Sophos labs: The
W32/Induc-A virus, not detected till a YEAR!
THE PROGRESS SINCE…
Research produced many papers but All of them required each defender to recompile themselves before use at
one stage or other during ‘detection’
None of them noted that it is possible to produce a bit-for-bit identical to original compiler but aimed at ‘functional equivalency’
Diverse-double coupling for fully countering Trusting trust Attack – David A Wheeler, 2009 Source code is compiled Twice with different compilers
If the DDC result is bit-for-bit identical with the original compiler-under-test’s executable then ‘Putative’ (clean)
REF: Wikipedia and David Wheeler’s homepage http://www.dwheeler.com/
SUMMARY
Trusting Trust attack or the Thompson hack is very much relevant even today!
Developers have aimed at developing their own compilers for mission critical applications. No amount of source-level verification or scrutiny will protect you
from untrusted code!
Thompson further developed UTF-8, Belle and won many more awards. He is now distinguished engineer at Google!
KEN THOMPSON WITH DM RITCHIE – DEMIGODS?
THANK YOU