| |||||||||||||
Countering the trusting trust attackCountering the trusting trust attackPosted Feb 4, 2010 7:51 UTC (Thu) by hppnq (guest, #14462)In reply to: Countering the trusting trust attack by dwheeler Parent article: Security in the 20-teens
Eaxactly. But any of the N program-handling components of the build system may be subverted (and not necessarily the same one at each compilation, I suppose), so in order to make a reasonable assumption you have to make sure that none of the N components harbours a payload or trigger. So you have to verify the linker, loader, assembler, kernel, firmware -- i.e., you have to be on completely independent platforms, for both the compilation and verification. I can't see how you can reasonably assure that this is indeed the case, unless you make the assumption that enough components can be trusted. Which you can't, unless you literally assemble everything yourself. ;-) Obviously, practically there is a lot you can do to minimize the chance that someone unleashes the Thompson attack on you. But you can't reduce this chance to zero, so the question is the same as always: is an attacker motivated enough to break through your defense? I am quite sure there are compilers that are not public, to make this particular barrier more difficult. But those are not used to build global financial or even governmental infrastructures. Anyway, I'll shut up now and read the dissertation, it is an interesting topic. Thanks David, and belated congratulations! :-)
(Log in to post comments)
|
|||||||||||||