Fully Countering Trusting Trust through Diverse Double-Compiling

[dwheeler at ida.org (Wheeler, David A)]

All -

As you know, in the "trusting trust" attack, compilers can be subverted to insert malicious Trojan horses into critical 
software... including themselves.  This turns out to be a nasty attack that's not easy to counter.

I've just released my draft PhD dissertation, "Fully Countering Trusting Trust through Diverse Double-Compiling" (DDC), 
that describes how to counter the "trusting trust" attack. More details, including the dissertation, are here:
 http://www.dwheeler.com/trusting-trust

On November 23, 2009, 1-3pm, I will be giving a public defense of this dissertation.  If you're interested, please 
come!  It will be at George Mason University, Fairfax, Virginia, Innovation Hall, room 105. 

This 2009 dissertation significantly extends my previous 2005 ACSAC paper. For example, I now have a formal proof that 
DDC is effective (the ACSAC paper only had an informal justification). I also have additional demonstrations, including 
one with GCC (to show that it scales up) and one with a maliciously corrupted compiler (to show that it really does 
detect them in the real world). The dissertation is also more general; the ACSAC paper only considered the special case 
of a "self-parenting" compiler, while the dissertation eliminates that assumption.

--- David A. Wheeler