1 / 16

Reflections on Trusting Trust

Reflections on Trusting Trust. Ken Thompson. Overview. Introduction “Cutest Program” Stage 1 Stage 2 Stage 3 Moral Conclusion. Introduction. The author’s acknowledgement UNIX Background Presentation. “Cutest Program”. Stage 1 Shortest self-reproducing program

edith
Télécharger la présentation

Reflections on Trusting Trust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reflections on Trusting Trust Ken Thompson

  2. Overview • Introduction • “Cutest Program” • Stage 1 • Stage 2 • Stage 3 • Moral • Conclusion

  3. Introduction • The author’s acknowledgement • UNIX • Background • Presentation

  4. “Cutest Program” • Stage 1 • Shortest self-reproducing program • Write a source program that will produce an exact copy of its source • Figure 1 • Produces a self-reproducing program • Can be easily written by another program • Can contain baggage that will be reproduced along with main algorithm • Source Code next slide

  5. Source Code

  6. “Cutest Program” • Stage 2 • C Compiler written in C • “Chicken and egg” problem • Compilers written in their own language • Example from C compiler • Figure 2 • C compiler interprets the character escape sequence • Figure 3 and 4 • Figure 3 adds vertical tab “\v” • Binary version does not know about “\v” add ASCII value if(c == ‘v’) return(‘11’)

  7. Figure 2 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); Figure 3 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); if(c == ‘v’) return(‘\v’); Stage 2 Example

  8. Stage 2 Cont. Figure 4 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); if(c == ‘v’) return(‘11’);

  9. Stage 3 • Takes the code and modifies it • Figure 5 • High level control of the C compiler • “compile” is called to compile next line of code • Figure 6 • Modified to mis-compile source when a pattern is matched • Not deliberate would be a “bug”. Since deliberate should be called “Trojan horse”.

  10. Figure 5 compile(s) char *s; {  } Figure 6 compile(s) char *s; { if(match(s, “pattern”)) { compile (‘bug’); return; }  } Source Code

  11. Results of Code • The bug planted would match code in UNIX “login” command • Replacement code will miscompile login command • Giving access to login • Accepting the intended encrypted password OR • Accepting a particular known password

  12. Figure 7 compile(s) char *s; { if(match(s, “pattern1”)) { compile (‘bug 1’); return; } if(match(s, “pattern2”)) { compile (‘bug 2’); return; }  } Source Code

  13. Stage 3 Cont. • Figure 7 adds a second Trojan horse . • Aimed for the C compiler • Figure 7 shows the use of stage 1 by applying self-reproducing program • This is done by compiling modified source with the C compiler • Produces bugged binary • The binary is installed as the official C • Remove the bugs from the compiler • New binary will reinsert the bugs whenever compiled

  14. Moral • Can’t trust code you didn’t write • Source level verification will not protect us from using untrusted code • Could be done with any program-handling program • Assembler • Loaders • Hardware microcode • Level of program gets lower bugs will be harder to detect

  15. Moral Cont. • Criticizes press on handling of hackers • Author states these acts by kids are “vandalism t best” • States inadequacy of law that saves hackers from real prosecution • Companies are pressing to update criminal code • 2 major issues • Press, TV, and etc. call these hackers “whiz kids” • The acts performed will be sending them to jail for many years

  16. Conclusion • Creating bugs and viruses can be simple • There is a cultural gap • Kids have no idea these are serious acts • Social Stigma • Breaking into computers should be the same as breaking into homes Questions ?

More Related