• DocumentCode
    2857990
  • Title

    Countering trusting trust through diverse double-compiling

  • Author

    Wheeler, David A.

  • Author_Institution
    Inst. for Defense Analyses, Alexandria, VA
  • fYear
    2005
  • fDate
    5-9 Dec. 2005
  • Lastpage
    48
  • Abstract
    An air force evaluation of Multics, and Ken Thompson\´s famous Turing award lecture "reflections on trusting trust, " showed that compilers can be subverted to insert malicious Trojan horses into critical software, including themselves. If this attack goes undetected, even complete analysis of a system\´s source code can not find the malicious code that is running, and methods for detecting this particular attack are not widely known. This paper describes a practical technique, termed diverse double-compiling (DDC), that detects this attack and some compiler defects as well. Simply recompile the source code twice: once with a second (trusted) compiler, and again using the result of the first compilation. If the result is bit-for-bit identical with the untrusted binary, then the source code accurately represents the binary. This technique has been mentioned informally, but its issues and ramifications have not been identified or discussed in a peer-reviewed work, nor has a public demonstration been made. This paper describes the technique, justifies it, describes how to overcome practical challenges, and demonstrates it
  • Keywords
    invasive software; program compilers; safety-critical software; Multics; air force evaluation; critical software; diverse double compiling; malicious Trojan horse; malicious code; source code compilation; system source code analysis; untrusted binary; Application software; Computer security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 21st Annual
  • Conference_Location
    Tucson, AZ
  • ISSN
    1063-9527
  • Print_ISBN
    0-7695-2461-3
  • Type

    conf

  • DOI
    10.1109/CSAC.2005.17
  • Filename
    1565233