You are not logged in.

#1 2019-01-01 20:59:55

catnap
Member
Registered: 2016-10-03
Posts: 131

How to protect against compiler attacks?

I recently read about a security attack that is both ingenious and nefarious at the same time. Ken Thompson, a winner of the famed Turing award, raises this attack as one of the foremost concerns to the future of the computer science. Is there any well known way to guard against this hidden attack? Perhaps trust networks or check-sums can offer some protection if the compiler is, for example, tested for self consistency---i.e. it compiles itself flawlessly, without added Trojans.

Offline

#2 2019-01-02 01:38:12

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: How to protect against compiler attacks?

Yes, there are indeed defenses!

https://reproducible-builds.org/ is an effort to ensure that software in general, including compilers, can be verifiably built by many different parties. But on a much lower level, how do you trust the original compiler you used?

https://bootstrappable.org/ is an effort to ensure that you can build the seeds of a new OS platform from the smallest possible binary seed that is readable as source. With trust in your stage0 compiler, you can build on that to build bigger and better projects (and thus gain trust in monstrous projects like gcc and clang which require a gigantic binary seed in the form of a C++ compiler). The website does, in fact, link to the very article you mentioned, as contextual justification for "why bootstrappable builds".

Bootstrappable and reproducible builds work hand in hand, with the end goal of proving the authenticity of a complete operating system.

Last edited by eschwartz (2019-01-02 01:40:51)


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

Board footer

Powered by FluxBB