Trusting the Tools - was Re: Open Source ...
Thor Lancelot Simon
tls at rek.tjls.com
Sun Oct 12 04:27:58 EDT 2003
On Thu, Oct 09, 2003 at 07:45:01PM -0700, Bill Frantz wrote:
> At 8:18 AM -0700 10/7/03, Rich Salz wrote:
> >Are you validating the toolchain? (See Ken Thompson's
> >Turing Aware lecture on trusting trust).
>
> With KeyKOS, we used the argument that since the assembler we were using
> was written and distributed before we designed KeyKOS, it was not feasible
> to include code to subvert KeyKOS. How do people feel about this form of
> argument?
Not too good. If I knew what the target processor were, I think I could
arrange to do some damage to most general-purpose operating systems; they
all have to do some of the same fundamental things.
This is a bit more sophisticated than what Thompson's compiler did, but
it's the same basic idea. There are some basic operations (in particular
on the MMU) that you can recognize regardless of their specific form and
subvert in a progammatic manner such that it's highly likely that you can
exploit the resulting weakness at a later date, I think.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list