Re: getting around Ken Thompson's compiler Trojan
From: stanislav shalunov (shalunov@internet2.edu)
Date: 01/23/03
- Next message: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
- Previous message: Alun Jones: "Re: getting around Ken Thompson's compiler Trojan"
- In reply to: Chris Marshall: "getting around Ken Thompson's compiler Trojan"
- Next in thread: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: stanislav shalunov <shalunov@internet2.edu> Date: 22 Jan 2003 18:23:16 -0500
christopherlmarshall@yahoo.com (Chris Marshall) writes:
> First, write a program to obfuscate the source code of any other
> program by randomizing the variable and function names, as well as
> the names of the source code files.
The obfuscation program will have to do a lot more than that unloess
the detection algorithm is really simplistic. The detection algorithm
must be smart enough to detect at least minor modifications of the
compiler, so it would probably be designed to be rather robust.
> My sense is that obfuscation is easier than detection, although I
> don't know how you would prove such a thing.
You don't need to. Rice already did. The compiler's check will be
provably inaccurate for some inputs. Further, one can write a program
that, given the (real, not clean) code of the check and code of the
compiler, obfuscate the compiler's code so that the check would come
out negative. On the other hand, the check modification based on
obfuscation method cannot be automated. So, obfuscation *is* easier
than detection.
However, this doesn't help you to prove anything about your scheme.
Since you have no idea about the way detection works, you won't be
able to provably fool it...
-- Stanislav Shalunov http://www.internet2.edu/~shalunov/ "The power of accurate observation is commonly called cynicism by those who have not got it." -- G. B. Shaw
- Next message: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
- Previous message: Alun Jones: "Re: getting around Ken Thompson's compiler Trojan"
- In reply to: Chris Marshall: "getting around Ken Thompson's compiler Trojan"
- Next in thread: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
