Dissertation/Thesis Abstract

Fully countering trusting trust through Diverse Double-Compiling
by Wheeler, David A., Ph.D., George Mason University, 2010, 199; 3393623
Abstract (Summary)

An Air Force evaluation of Multics, and Ken Thompson’s Turing award lecture (“Reflections on Trusting Trust”), showed that compilers can be subverted to insert malicious Trojan horses into critical software, including themselves. If this “trusting trust” attack goes undetected, even complete analysis of a system’s source code will not find the malicious code that is running. Previously-known countermeasures have been grossly inadequate. If this attack cannot be countered, attackers can quietly subvert entire classes of computer systems, gaining complete control over financial, infrastructure, military, and/or business systems worldwide. This dissertation’s thesis is that the trusting trust attack can be detected and effectively countered using the “Diverse Double-Compiling” (DDC) technique, as demonstrated by (1) a formal proof that DDC can determine if source code and generated executable code correspond, (2) a demonstration of DDC with four compilers (a small C compiler, a small Lisp compiler, a small maliciously corrupted Lisp compiler, and a large industrial-strength C compiler, GCC), and (3) a description of approaches for applying DDC in various real-world scenarios. In the DDC technique, source code is compiled twice: the source code of the compiler’s parent is compiled using a trusted compiler, and then the putative compiler source code is compiled using the result of the first compilation. If the DDC result is bit-for-bit identical with the original compiler-under-test’s executable, and certain other assumptions hold, then the compiler-under-test’s executable corresponds with its putative source code.

Indexing (document details)
Advisor: Menasce, Daniel A., Sandhu, Ravi
School: George Mason University
School Location: United States -- Virginia
Source: DAI-B 71/02, Dissertation Abstracts International
Subjects: Applied Mathematics, Computer Engineering, Computer science
Keywords: Compiler, Diverse double-compiling, Security, Subversion, Trojan horse
Publication Number: 3393623
ISBN: 9781109616835
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy