David A. Wheeler's Blog

Fri, 20 Nov 2009

Fully Countering Trusting Trust through Diverse Double-Compiling

A last-minute reminder — my public defense of Fully Countering Trusting Trust through Diverse Double-Compiling is coming up on November 23, 1-3pm. This is my 2009 PhD dissertation that expands on how to counter the “trusting trust” attack by using the “Diverse Double-Compiling” (DDC) technique.

It will be at George Mason University, Fairfax, Virginia, Innovation Hall, room 105. [campus location] [Google map] Anyone is welcome!

I’ve made a few small tweaks over the last few weeks. I modified proof #2 to reduce its requirements even further (making it even easier to do); I had mentioned in text that this was possible, but now the formal proof shows it. I also used mace4 to show that the assumptions of each proof are consistent. Formal proofs aren’t easy to create, or trivial to read, but the reason I went to that trouble is to show that it’s not just my opinion that I’ve countered the trusting trust attack… I want to show, conclusively, that the trusting trust attack has been countered. I know of no stronger method to show that than a formal proof.

The “trusting trust” attack has historically been considered the “uncounterable” attack. Nuts to that. Now the attack can be effectively detected — and thus countered.

path: /security | Current Weblog | permanent link to this entry