As usual, I’ll link to the guy, Paul Karger, that actually invented the attack along with much of INFOSEC. Originally a PL/1 subversion. Thompson read about it in the report while working on MULTICS, demonstrated it for C compiler about 10 years later, and is widely remembered for it. Karger et al had solved much of the problem by that time with TCSEC criteria. However, full solution of total, compiler correctness with small TCB took longer. I’ll also link to five solutions with various tradeoffs. Original successes, the CLI stack & translation validation, were done in the 70’s-80’s with simplified languages.
A C2 Wiki page about «The reflections on Trusting Trust» by Ken Thompson.
This well-known hack is inserting code into compiler that recognizes the compiler itself and the login program, inserts a backdoor when compiling the login program and inserts itself when compiling the compiler from non-backdoored source.
As usual, I’ll link to the guy, Paul Karger, that actually invented the attack along with much of INFOSEC. Originally a PL/1 subversion. Thompson read about it in the report while working on MULTICS, demonstrated it for C compiler about 10 years later, and is widely remembered for it. Karger et al had solved much of the problem by that time with TCSEC criteria. However, full solution of total, compiler correctness with small TCB took longer. I’ll also link to five solutions with various tradeoffs. Original successes, the CLI stack & translation validation, were done in the 70’s-80’s with simplified languages.
http://hack.org/mc/texts/classic-multics.pdf
https://www.cs.utexas.edu/users/boyer/ftp/cli-reports/037.pdf
http://compcert.inria.fr/compcert-C.html
https://www.utdallas.edu/~hamlen/Papers/necula97proofcarrying.pdf
https://www.cs.umd.edu/~hjs/slides/translation-validation-slides.pdf
https://github.com/kframework/c-semantics
A C2 Wiki page about «The reflections on Trusting Trust» by Ken Thompson.
This well-known hack is inserting code into compiler that recognizes the compiler itself and the login program, inserts a backdoor when compiling the login program and inserts itself when compiling the compiler from non-backdoored source.