• Corpus ID: 9251449

Fully Countering Trusting Trust through Diverse Double-Compiling

  title={Fully Countering Trusting Trust through Diverse Double-Compiling},
  author={David A. Wheeler},
FULLY COUNTERING TRUSTING TRUST THROUGH DIVERSE DOUBLE-COMPILING David A. Wheeler, PhD George Mason University, 2009 Dissertation Directors: Dr. Daniel A. Menascé and Dr. Ravi Sandhu An Air Force evaluation of Multics, and Ken Thompson’s Turing award lecture (“Reflections on Trusting Trust”), showed that compilers can be subverted to insert malicious Trojan horses into critical software, including themselves. If this “trusting trust” attack goes undetected, even complete analysis of a system’s… 
Prova de conceito de ataque trusting-trust
This work tries to explore the process of construction of a trusting trust attack aimed at the GCC compiler and based on a real vulnerability, more precisely the Debian/OpenSSL case occurred in 2006.
Improving Trust in Software through Diverse Double-Compiling and Reproducible Builds
This thesis explores how software can be manipulated so that source code and compiled code are no longer equivalent and what can be done to increase the trust that they are equivalent, by implementing a self-replicating compiler attack against the Go language compiler.
Toward a Trustable, Self-Hosting Computer System
  • Gabriel Somlo
  • Computer Science
    2020 IEEE Security and Privacy Workshops (SPW)
  • 2020
This work proposes a method of field stripping a computer system by empirically proving an equivalence between the trustability of the fielded system on one hand, and its comprehensive set of sources on the other, to facilitate comprehensive verification and validation of fielded computer systems from fully self-contained hard-ware+software sources.
Challenges and implications of verifiable builds for security-critical open-source software
This paper analyzes a widely-used encryption tool, TrueCrypt, to verify its official binary with the corresponding source, and provides the missing guarantee on official binaries that they are indeed backdoor-free, and makes audits on TrueCrypt's source code more meaningful.
in-toto: Providing farm-to-table guarantees for bits and bytes
In-toto is a framework that cryptographically ensures the integrity of the software supply chain and grants the end user the ability to verify the software’s supply chain from the project’'s inception to its deployment.
Evaluation of diverse compiling for software-fault detection
This paper shows that diverse compiling also enhances the software fault tolerance by increasing the chance of finding defects in the source code of the executed software during runtime, when the memory is organized differently, when using different compilers and compiler flags.
Decompilation as search
This thesis makes the case that decompilation is more effectively accomplished through search, and proposes an approach to prototype recovery that follows the principle of conformant execution, in the form of inlined data source tracking, to infer arrays, pointer-to-pointers and recursive data structures.
The Future of Voting End-to-end Verifiable Internet Voting Specification and Feasibility Assessment Study Internet Voting Today No Guarantees End-to-end Verifiability E2e-viv
This report examines the future of voting and the possibility of conducting secure elections online and explores whether End-to-End Verifiable Internet Voting (E2E-VIV) systems are a viable and responsible alternative to traditional election systems.
State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation
This paper describes a possible overall process for selecting and using appropriate analysis tool/technique types for evaluating software, to enable DoD program managers, and their staff, to make effective software assurance and software supply chain risk management decisions.
Bicycles for the mind have to be see-through
The hypothesis is that abstractions help insiders who understand a project but hinder newcomers who understand only that project's domain, and the approach to keeping software comprehensible is to reduce information hiding and abstraction, and instead encourage curiosity about internals.


On Trojan Horses in Compiler Implementations
It is proved that source level veriication is not suu-cient in order to guarantee compiler correctness, and it is shown that a compiler that will pass nearly every test, state of the art compiler validation, the strong bootstrap test, but for all that, it nevertheless might eventually cause a catastrophe.
Compiler verification revisited
It is proved that source level verification is not sufficient to guarantee compiler correctness, and the scenario of a well-known attack to Unix operating system programs due to intruded Trojan Horses in compiler executables is adopted.
Mechanical verification of compiler correctness
This thesis presents the development of the proof of correctness of a compiler for a small imperative language Tosca, targeted at an imaginary assembler Aida, and assesses the lessons learnt in the translation of a hand treatment of the problem in a partial logic to an automatic treatment in a total logic with a richly expressive type system.
Static Analysis of Executables to Detect Malicious Patterns
An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, and experimental results demonstrate the efficacy of the prototype tool, SAFE (a static analyzer for executables).
On the security of open source software
Evaluating the suitability of open source software with respect to one of the key attributes that tomorrow's Internet will require, namely security represents preliminary quantitative evidence concerning the security issues surrounding the use and development ofopen source software, in particular relative to traditional proprietary software.
Static detection of application backdoors
This paper will cover the techniques that can be employed to detect special credentials, hidden commands, information leakage, rootkit behavior, anti-debugging, and time bombs.
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
This paper reports on the development and formal certification of a compiler from Cminor (a C-like imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness.
Ivy: a preprocessor and proof checker for first-order logic
This case study shows how non-ACL2 programs can be combined with ACL2 functions in such a way that useful properties can be proved about the composite programs. Nothing is proved about the non-ACL2
Information Warfare: Chaos on the Electronic Superhighway
From the Publisher: As the National Information Infrastructure grows and evolves into everyman's electronic superhighway, are we opening the doors to an electronic cold war? Or are we on the edge of
Formal Verification of a C Compiler Front-End
This paper presents the formal verification of a compiler front-end that translates a subset of the C language into the Cminor intermediate language and presents the proof of observational semantic equivalence between the source and generated code.