Reflections on Trusting Trust
Summary Ken Thompson’s legendary 1984 Turing Award lecture demonstrating how a compiler could be backdoored to insert vulnerabilities into code it compiles - including into future versions of itself - leaving no trace in the source code. The Attack Thompson describes a three-stage attack: Modify the compiler to recognize when it’s compiling login and insert a backdoor Modify the compiler to recognize when it’s compiling itself and insert the backdoor insertion code Remove all evidence from the source code The result: A compiler whose source appears clean but produces compromised binaries forever.
Read more →