Re: Countering Trusting Trust through Diverse Double-Compiling

["David A. Wheeler" <dwheeler () ida org>]

Mike Lisanke wrote:
> David,
>
> I haven't read the original attack description recently, but; I seam
> to remember that the ability of the tampered compiler to inject
> malicious code could be stateful. Either a timing attack, or a attack
> after n-builds, so that malicious code is injected in an arbitrary,
> pseudo-random, less detectable way. Also, that this code would be
> injected based on compiler state conditions (like after keywords
> indicated that the code may be network based). I haven't read your
> paper, yet; but; I'd be interested know where you'd plan to discuss
> scenarios where your counter attack would fail. Thank you.

The attack can certainly be stateful, but that doesn't matter
for the purposes of DDC.  In DDC, you NEVER run the compromised
compiler binary during the actual DDC test.  Since the compromised
binary is never run, the binary cannot affect the results, whether or
not the attack is stateful.  QED.

Now it _IS_ true that the source code could define a compiler
that is stateful and only sometimes injects attacks.
But that's fine.  The DDC approach does NOT tell you if a compiler
is malicious -- it tells you if the source and binary CORRESPOND.
That's KEY.  We have LOTS of techniques (including eyeballs) for
reviewing source code, and lots of people do it; the problem is
that reviewing BINARIES is dreadful/painful/impractical in most cases.

The "Trusting Trust" attack depends on there being a hidden difference
between the source and binary. DDC makes that extremely difficult,
changing the nature of the problem from "review every binary"
(eek!) to "review all the source code" (not easy, but we have a
clue of how to do that).  Also:
* If the compiler varies in what it produces for ITSELF,
  then DDC detects any time that occurs (because it detects
  differences).  If compilation "sometimes" produces a malicious
  compiler, as long as I can see the attack while reviewing source
  code, that's fine... I've made the attack visible.
* A compiler that fails to attack itself will quickly become
  sterile -- it will lose the ability to attack this way.

There _IS_ a variation of this attack, though.
DDC only tests a PARTICULAR source against a PARTICULAR binary.
You could insert the attack in a later version of the source code,
let the victim compile it, then send another version of the source
code without the attack, and let the victim compile again.
Oops - a malicious binary, with no malicious source.
This means that someone has to do DDC with EACH version of a
compiler that you care about; you can't just do it once.

The paper has a section on limitations.  Like all techniques,
it has limits, but I think it's a step forward.

--- David A. Wheeler