Reflections on Trusting Trust - Ken Thompson

Abhiram. S CS10M001

THE FLOW
Flashback!
 

Ken Thompson – A Demigod Bird’s Eye view of what was

THE FLOW… Flashback! Contributions that led to a Turing award in 1983     UNICS or UNIX? The B (B for Bon) Language Birth of ‘ed’ & Unix Portability Plan 9 – First distributed OS based on Unix .

THE FLOW… Flashback! Significant Contributions that led to a Turing award ‘Reflections on Trusting Trust’  Backdoor Computing  A Undetectable Trojan horse in a compiler!    Stage 1 – Self Production Program Stage 2 – “Training” a Compiler Stage 3 – Putting 2 & 2 together .

THE FLOW… Flashback! Significant Contributions that led to a Turing award ‘Reflections on Trusting Trust’ The progress since  Effects  Diverse double-compiling – DDC an Overview .

THE FLOW… Flashback! Significant Contributions that led to a Turing award ‘Reflections on Trusting Trust’ The progress since Summary .

Hired by Bell Labs – for furthering research in MULTICS     Multiplexed Information & Computing Service . Master’s degree in 1966 in ECS Engg.FLASHBACK! Ken Thompson – A Demigod  Born Feb 4. Bachelor’s degree in 1965 in ECS Engg. 1943. New Orleans.

Thompson’s game – The Space travel and its connection with the obsolete DEC PDP-7 computer.Ken Thompson.FLASHBACK!..   . D Ritchie. Thompson’s itch for creation of an Operating system grew stronger. MD McElroy and JF Ossanna significantly improved MULTICS from 1966-69. Bird’s Eye View of what was  Decline and fall of MULTICS ..

SIGNIFICANT CONTRIBUTIONS 1969-70 Birth of (UNICS) UNIX  The need for a better OS for his game ‘Space Travel’ led to the development of UNIX. The existing Blueprint of proposed filesystem for MULTICS was implemented. print.html .http://cm. Development of user level utilities – copy.com/cm/cs/who/dmr/hist.bell-labs.    REF: Evolution of UNIX by D Ritchie . delete and edit (Shell & ‘ed’ the editor) An assembler to enable the system to support itself.

 REF: Evolution of C by D Ritchie .SIGNIFICANT CONTRIBUTIONS… 1969-70 – Birth of Unix 1970 Birth of B (B for Bon)  When improvising the existing Basic Combined Programming Language (BCPL) A precursor to C programming language.html .http://cm.bell-labs. which was completed by Ritchie in 1972.com/cm/cs/who/dmr/hist.

QUOTE Unquote When Seibel (Coders at Work's interview) asked Ken: "How did you learn to program?" He said that: "I was always fascinated with logic and even in grade school I’d work on arithmetic problems in binary.” . Just because I was fascinated. stuff like that.

ed went on to influence ‘ex’.linfo.SIGNIFICANT CONTRIBUTIONS… 1969-70 – Birth of Unix 1970 – Birth of B programming language 1971.http://www. which in turn spawned ‘vi’.html .org/thompson.72 Birth of ‘ed’ & UNIX portability  1971 – Birth of ‘ed’ .Rewrote the UNIX kernel in ‘C’ Adaption for different platforms with relative ease.  REF: Wikipedia and LINFO . 1972 .

SIGNIFICANT CONTRIBUTIONS… 1969-70 – Birth of Unix 1970 – Birth of B programming language 1972 – Birth of ‘ed’ & UNIX portability 1980 Plan 9 – First distributed OS  An internal project by Bell Labs led by Thompson with Rob Pike and support from Dennis Ritchie was ‘formulated’ and first released in 1992.org/thompson.http://www.linfo. REF: Wikipedia and LINFO .html .

Thompson and Ritchie received the ACM Turing Award .SIGNIFICANT CONTRIBUTIONS… 1969-70 – Birth of Unix 1970 – Birth of B programming language 1972 – Birth of ‘ed’ & UNIX portability 1980 – Plan ‘9’ – First distributed OS 1983 .

the current state of UNIX is the result of the labors of a large number of people. I can't help but feel that I am receiving this honor for timing and serendipity as much as technical merit.” . Moreover.As told by Ken Thompson while receiving the award .QUOTE Unquote “I thank the ACM for this award.

REFLECTIONS ON TRUSTING TRUST Backdoor Computing  A method of bypassing normal authentication – while attempting to remain undetected Thompson’s paper was the first to widely publicize such an attack and point out that trust is relative   Compiler – a trusted program which incorporates the backdoor mechanism cleverly .

34.10).main() {printf(f.f.34. main() {printf(f.REFLECTIONS ON TRUSTING TRUST A Thompson hack or a Trusting Trust Attack STAGE 1 – A self-production capable program char*f="char*f=%c%s%c.34.} %c".34.} Has Property • Can contain arbitrary amount of excess baggage • Can be easily written by another program .f.10).

if (c == '\\') return '\\‘...REFLECTIONS ON TRUSTING TRUST A Thompson hack or a Trusting Trust attack STAGE 2 – “Train” the existing Compiler to identify new source segments! Has Property • To accept a new source like \v . if (c == 'v') return ‘11‘. c = next (). if (c != '\\') return c. c = next ().. .. . if (c == 'n') return '\n’.

pattern)) { compile (bug) return. } . } ...REFLECTIONS ON TRUSTING TRUST A Thompson hack or a Trusting Trust attack STAGE 3 – Add a bug which matches code (pattern) with the Unix “Login” command. Has Property A Trojan Horse! Or Backdoor computing compile (s). char* s { if (match (s.

REFLECTIONS ON TRUSTING TRUST A Thompson hack or a Trusting Trust attack Finally– Add a second trojan horse Which matches pattern with C compiler itself and return the selfproducing program Has Property To Re-insert the bugs whenever it is compiled – Future Compiler versions also! compile (s). } .. } . pattern2)) { compile (bug2) return. char* s { if (match (s. pattern1)) { compile (bug1) return.. } if (match (s.

not detected till a YEAR! . officially. If Undetected attackers can quietly subvert entire classes of computer systems   Result in gaining complete control over financial. military. and/or business systems worldwide Recently (August 2009) discovered attack by Sophos labs: The W32/Induc-A virus. never released into the wild.THE PROGRESS SINCE This version was. infrastructure.

dwheeler.THE PROGRESS SINCE… Research produced many papers but  All of them required each defender to recompile themselves before use at one stage or other during ‘detection’  None of them noted that it is possible to produce a bit-for-bit identical to original compiler but aimed at ‘functional equivalency’ Diverse-double coupling for fully countering Trusting trust Attack – David A Wheeler. 2009  Source code is compiled Twice with different compilers If the DDC result is bit-for-bit identical with the original compiler-undertest’s executable then ‘Putative’ (clean)  REF: Wikipedia and David Wheeler’s homepage http://www.com/ .

He is now distinguished engineer at Google! .  No amount of source-level verification or scrutiny will protect you from untrusted code! Thompson further developed UTF-8.SUMMARY Trusting Trust attack or the Thompson hack is very much relevant even today! Developers have aimed at developing their own compilers for mission critical applications. Belle and won many more awards.

KEN THOMPSON WITH DM RITCHIE – DEMIGODS? THANK YOU .

Sign up to vote on this title
UsefulNot useful