DEV Community

Cover image for REFLECTIONS ON TRUSTING TRUST
Chinmaya Tripathi
Chinmaya Tripathi

Posted on

REFLECTIONS ON TRUSTING TRUST

KEN THOMPSON’S
REFLECTIONS ON TRUSTING TRUST
(Summary by CHINMAYA TRIPATHI)

INTRODUCTION (Problem statement):
Ken Thompson’s reflections on trusting trust is one the most crucial papers in the history of computer science, which unearths one of the most important problems one could ever encounter in software vulnerability. It emphasizes over a fact that how important it is to trust a code written by any other programmer. Ken starts his statement with the following lines -

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

About the author: Kenneth Lane Thompson is an American pioneer of computer science. Thompson worked at Bell Labs for most of his career where he designed and implemented the original Unix operating system.

RESEARCH STORY (Approach and methodology):
Getting started with his research paper, Ken unearths the trust factor when it comes to using someone else’s code. The beginning of his research starts with Ken talking about one of his programming exercises he got started with, where he later discovered how easy it is to introduce Trojan horses in software and later emphasizes on how important it is to emerge the need for new laws and new social rules for these kinds of weaknesses, in the computer system.

The way he articulates his research covering each point at a time and later combining all of them to conclude his finding is exemplary, he describes an attack on computer systems at the level of the C compiler. He breaks down the attack into three critical stages:

Step 1: This step tells about the programming exercise where he was supposed to create the shortest self-producing program i.e to write a source program that, when compiled and executed, will produce an exact copy of the source as its output. Which means that the output of the execution, of the compiled code, is equal to the source code.

Step 2: Here he points out, since the compiler to compile this code is also written in C language, this could lead to some problems like character escaping, which means it could print some characters which aren't supposed to get printed in the output. He gives an example of
“ Hello World \n”, where \n represents a new line. This is pointed out as an ideal C compiler which interprets the character escape sequence.

The point he tries to emphasize here is that if a C program contains a trojan horse, all the compilers built on the top of the program will result in defective one and could be used in an evil way to satisfy a hidden (evil) purpose.

Step 3: In this step, we tweak the code to deliberately miscompile the program when a particular pattern is matched calling it a trojan horse. The bug planted in the compiler would match to the login mechanism of a UNIX system, which would recognize every password valid for every other account in the system. This could result in a security breach since we are able to login into any system which uses the login command compiled by our compiler.

Although, the abstract idea of stage 3 is understandable, yet using an example of logging in into the system by showing the exploit (evil code) or its working would have put some great detail on what Ken wants to conclude.

FINDINGS:
Now, if we combine all the three steps, we could create a powerful attack because since our C compiler would produce the same malicious features to the source code before compilation, because of the fact that it recompiles itself, this could be undetectable. This could turn into a trojan horse.

It’s really surprising to find that such subtle frictions (which are the building blocks) of any software could be vulnerable. It’s something which is neglected by all the developers as well as research scientists in the name of truthfulness (that the code has been written by someone professional and genuine who works at a multinational corporation) but this is the fact that Ken wants to magnify and how overstated this is.

MORAL (Conclusion):
At first, his methodology may seem a little confusing, it’s a little difficult to grasp his motive with respect to the title and the articulation of the paper, but in the end, when connect the dots and get the whole idea in the conclusion, where he finally, he concludes his research on moral grounds emphasizing that you cannot trust the code written by any other programmer unless you write the code yourself. He also phrases this line - Perhaps it is more important to trust the people who wrote the software, which somewhere or the other proves his earlier discovery of a vulnerability. He also criticized the role of media and movies encouraging the young ones to practice hacking, thinking it as a ‘cool’ and ‘genius’ thing. He adds, “​​The press must learn that misguided use of a computer is no more amazing than drunk driving of an automobile”. He also tells how big tech giants enforce strict hacking policy because the bigger the company, the easier it is to get the access.

REFERENCES:
https://en.wikipedia.org/wiki/Ken_Thompson

Top comments (0)