All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Countering the 'Trusting Trust' Compiler Attack through Diverse Double-Compiling

By

ibobev

7mo ago· 86 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

The bagel they save for the regulars. Don't skim, savour.

Score100TypeanalysisSentimentpositive

Summary

This extensive technical paper by David A. Wheeler presents a method called Diverse Double-Compiling (DDC) to counter the 'Trusting Trust' attack - a sophisticated computer security vulnerability where a compromised compiler can insert malicious code into compiled programs. The attack was originally described by Ken Thompson and was long considered uncounterable. Wheeler's DDC approach involves compiling the compiler with different compilers to detect and prevent such attacks, providing a practical solution to what was previously thought to be an unsolvable security problem.

Key quotes

· 4 pulled
The 'Trusting Trust' attack is an incredibly nasty attack in computer security; up to now it's been presumed to be the essential uncounterable attack.
After all, if there's a known attack that cannot be effectively countered, should we be using computers at all?
I've worried about it for a long time, essentially since Ken Thompson publicly described it.
Thankfully, I think the [solution exists through Diverse Double-Compiling].
Snippet from the RSS feed
David A. Wheeler's Page on Countering 'Trusting Trust' through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers

You might also wanna read

KERNHELM: Plan-Bound Authorization Architecture for Governing Privileged Effects in Untrusted AI Agents

The article presents KERNHELM, a plan-bound authorization architecture designed to govern privileged effects in untrusted computational agen

github.com·3mo ago

Technical Analysis of ARM Pointer Authentication Code (PAC) Security Feature

This technical article provides an in-depth exploration of Pointer Authentication Code (PAC), an ARM architecture security feature that sign

preludesecurity.com·6mo ago

Technical Analysis of macOS Boot Chain and Security Architecture on Apple Silicon

This technical article provides a comprehensive reverse engineering analysis of the macOS boot chain and security architecture on Apple Sili

stack.int.mov·6mo ago

Ken Thompson's 1983 'Reflections on Trusting Trust' Lecture and Its Relevance to Modern Supply Chain Security

The article discusses Ken Thompson's 1983 Turing Award lecture 'Reflections on Trusting Trust,' which addressed supply chain security long b

research.swtch.com·6mo ago

Understanding Memory Safety: Addressing Skepticism in Software Development

This article addresses skepticism around memory safety in software development, explaining why memory safety matters despite being a frequen

queue.acm.org·6mo ago

Ken Thompson's Turing Award Lecture: The Self-Reproducing Compiler Backdoor

The article recounts the story of Ken Thompson's 1983 Turing Award lecture where he revealed a clever, self-reproducing backdoor he had buil

micahkepe.com·7mo ago