HomeReflections on Trusting Trust - by Ken Thompson

Reply to comment

Reflections on Trusting Trust - by Ken Thompson

Mon, 2009-03-09 19:44 — jason

In 1984 the Communications of the ACM published an article, Reflections on Trusting Trust. Which is an amazing, and disturbing read about software trust.

The article begins with the exercise, "create a program which can replicate itself."

This leads deftly to the idea of modifying a compiler such that every time code is compiled it adds a security vulnerability. The author points out that this kind of problem in a compiler could and would be found rather quickly.

However, it takes a compiler to compile a new compiler. With this in mind, and the techniques in place for writing self replicating code, one could write a compiler that detected when it was compiling a new compiler and inject its self replicating code into the new compiler.

Thompson certainly makes you question just how much you can trust your code - unless you fully control every aspect of your system.

Reply

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>
  • Lines and paragraphs break automatically.
  • You may post PHP code. You should include <?php ?> tags.
  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <cpp>. The supported tag styles are: <foo>, [foo]. PHP source code can also be enclosed in <?php ... ?> or <% ... %>.
  • Images can be added to this post.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
1 + 12 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.