>I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode.
Prescient.
If I was a 3-letter surveillance agency with an unlimited budget, lots of gifted engineers, and significant legal leverage over the two largest players of the PC processor market via such instruments as National Security Letters, x86 microcode is exactly where I would hide backdoors.
Please have a look at David A. Wheeler’s page on Trusting trust [1], including his 2009 PhD dissertation [2], where he clearly demonstrates that it is possible to have trusted (not in the MS sense...) computers (I think).
You may also be interested in 'Countering "Trusting Trust"' on Schneier's website [3], which discusses a 2006 paper, also by Wheeler.
David Wheelers work is very interesting, but it does not solve all the fundamental trust issues in computing.
It allows us to check if our compilers, linkers etc are maliciously modifying the programs being handled in a way not represented by their source code. It does not help us to determine if the firmware or CPU microcode, for example, have backdoors.
9 comments
[ 3.2 ms ] story [ 41.4 ms ] threadPrescient.
If I was a 3-letter surveillance agency with an unlimited budget, lots of gifted engineers, and significant legal leverage over the two largest players of the PC processor market via such instruments as National Security Letters, x86 microcode is exactly where I would hide backdoors.
(Ask someone who uses Go today, for example ;)
Please have a look at David A. Wheeler’s page on Trusting trust [1], including his 2009 PhD dissertation [2], where he clearly demonstrates that it is possible to have trusted (not in the MS sense...) computers (I think).
You may also be interested in 'Countering "Trusting Trust"' on Schneier's website [3], which discusses a 2006 paper, also by Wheeler.
[1] http://www.dwheeler.com/trusting-trust/
[2] http://www.dwheeler.com/trusting-trust/dissertation/html/whe....
[3] https://www.schneier.com/blog/archives/2006/01/countering_tr....
[2] http://www.dwheeler.com/trusting-trust/dissertation/html/whe...
[3] https://www.schneier.com/blog/archives/2006/01/countering_tr...
It allows us to check if our compilers, linkers etc are maliciously modifying the programs being handled in a way not represented by their source code. It does not help us to determine if the firmware or CPU microcode, for example, have backdoors.
Leaked NSA discussion 'Strawhorse: Attacking the MacOS and iOS Software Development Kit': https://freesnowden.is/2015/03/10/strawhorse-attacking-the-m...
Article: https://firstlook.org/theintercept/2015/03/10/ispy-cia-campa...