PhD Public Defense of Fully Countering Trusting Trust through Diverse Double-Compiling

Here is a video of my PhD public defense, November 23, 2009, 1-3pm. It is not a professional recording, but it’s the real thing. This public defense is an overview of my PhD dissertation, justifying this thesis:

“The trusting trust attack can be detected and effectively countered using the ‘Diverse Double-Compiling’ (DDC) technique, as demonstrated by:
  1. a formal proof that DDC can determine if source code and generated executable code correspond
  2. a demonstration of DDC with four compilers (a small C compiler, a small Lisp compiler, a small maliciously corrupted Lisp compiler, and a large industrial-strength C compiler, GCC), and
  3. a description of approaches for applying DDC in various real-world scenarios.”



You can also download the video in [webm] and [mp4] formats.

The outline of the presentation is:

1&2. Introduction & Background
3. Description of threat
4. Informal description of DDC
5. Formal proof
6. Methods to increase diversity
7. Demonstrations of DDC (Tinycc, Lisp, GCC)
8. Practical challenges
9. Conclusions and ramifications

The presentation material is separately available in PDF and OpenDocument (ODP) formats.

A few notes about the presention that day. The disembodied voice at the beginning of the video is Dr. Ravi Sandhu, one of my advisors, who simply asked me to repeat audience questions. On slide #23 the audio is hard to follow for a moment; there I warn that the details of section 5 (the formal mathematical proof) can be a little “forbidding”.

The 2009 dissertation itself is also available; you can see Fully Countering Trusting Trust through Diverse Double-Compiling in the PDF format, as well as in HTML or OpenDocument formats. If you read the dissertation you should also read the dissertation errata (which correct minor typos and such).

At the end of the public presentation I was asked when I went to GMU, and I made some unintentional mistakes in my answer. Basically, I incorrectly remembered ending years as starting years (for example, I first started at GMU in 1983, not 1987). Sorry about that. The correct answer is that my PhD took more than 14 years (from my start in the fall of 1995 through its award in January 2010), and my first appearance at GMU through completion of my PhD took more than 26 years (from the start of my BS degree in the fall of 1983 through January 2010). If you care, here is David A. Wheeler’s correct formal education timeline which gives more detail.

My page on the trusting trust attack (in general) may be of interest.