180 likes | 492 Vues
Reflections on Trusting Trust. Ken Thompson. Overview. Introduction “Cutest Program” Stage 1 Stage 2 Stage 3 Moral Conclusion. Introduction. The author’s acknowledgement UNIX Background Presentation. “Cutest Program”. Stage 1 Shortest self-reproducing program
E N D
Reflections on Trusting Trust Ken Thompson
Overview • Introduction • “Cutest Program” • Stage 1 • Stage 2 • Stage 3 • Moral • Conclusion
Introduction • The author’s acknowledgement • UNIX • Background • Presentation
“Cutest Program” • Stage 1 • Shortest self-reproducing program • Write a source program that will produce an exact copy of its source • Figure 1 • Produces a self-reproducing program • Can be easily written by another program • Can contain baggage that will be reproduced along with main algorithm • Source Code next slide
“Cutest Program” • Stage 2 • C Compiler written in C • “Chicken and egg” problem • Compilers written in their own language • Example from C compiler • Figure 2 • C compiler interprets the character escape sequence • Figure 3 and 4 • Figure 3 adds vertical tab “\v” • Binary version does not know about “\v” add ASCII value if(c == ‘v’) return(‘11’)
Figure 2 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); Figure 3 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); if(c == ‘v’) return(‘\v’); Stage 2 Example
Stage 2 Cont. Figure 4 c = next( ); if(c != ‘\\’) return(c); c = next( ); if(c == ‘\\’) return(‘\\’); if(c == ‘n’) return(‘\n’); if(c == ‘v’) return(‘11’);
Stage 3 • Takes the code and modifies it • Figure 5 • High level control of the C compiler • “compile” is called to compile next line of code • Figure 6 • Modified to mis-compile source when a pattern is matched • Not deliberate would be a “bug”. Since deliberate should be called “Trojan horse”.
Figure 5 compile(s) char *s; { } Figure 6 compile(s) char *s; { if(match(s, “pattern”)) { compile (‘bug’); return; } } Source Code
Results of Code • The bug planted would match code in UNIX “login” command • Replacement code will miscompile login command • Giving access to login • Accepting the intended encrypted password OR • Accepting a particular known password
Figure 7 compile(s) char *s; { if(match(s, “pattern1”)) { compile (‘bug 1’); return; } if(match(s, “pattern2”)) { compile (‘bug 2’); return; } } Source Code
Stage 3 Cont. • Figure 7 adds a second Trojan horse . • Aimed for the C compiler • Figure 7 shows the use of stage 1 by applying self-reproducing program • This is done by compiling modified source with the C compiler • Produces bugged binary • The binary is installed as the official C • Remove the bugs from the compiler • New binary will reinsert the bugs whenever compiled
Moral • Can’t trust code you didn’t write • Source level verification will not protect us from using untrusted code • Could be done with any program-handling program • Assembler • Loaders • Hardware microcode • Level of program gets lower bugs will be harder to detect
Moral Cont. • Criticizes press on handling of hackers • Author states these acts by kids are “vandalism t best” • States inadequacy of law that saves hackers from real prosecution • Companies are pressing to update criminal code • 2 major issues • Press, TV, and etc. call these hackers “whiz kids” • The acts performed will be sending them to jail for many years
Conclusion • Creating bugs and viruses can be simple • There is a cultural gap • Kids have no idea these are serious acts • Social Stigma • Breaking into computers should be the same as breaking into homes Questions ?