Trusting Trust

Trusting Trust: Compiler Backdoor Attack

Theoretical attack on compilers proposing a hidden backdoor in source code, proposed by Ken Thompson in 1984

What is Trusting Trust?

Trusting Trust is a theoretical attack on compilers proposed by Ken Thompson in his 1984 Turing Award lecture. The idea is that a malicious programmer could hide a backdoor in the source code of a compiler. This backdoored compiler would then insert the same backdoor into any programs compiled with it.

When programmers compile and run the backdoored programs, they work as intended. But the backdoor allows the malicious programmer to access or modify the program later without the knowledge of the original programmers. So by inserting a vulnerability into a compiler, the malicious programmer has inserted vulnerabilities into all software compiled with that compiler, including operating systems.

Thompson demonstrated this by writing a backdoored version of the Unix compiler and using it to insert a login backdoor into the Unix login program. He then destroyed the evidence by recompiling the compiler from source, inserting the backdoor once again. This made it impossible to detect the backdoor through source analysis.

The Trusting Trust attack shows how unchecked compilers are a major security risk. It prompted the development of compiler verification tools to ensure compiler correctness. However, verifying an entire compiler is extremely difficult. The Trusting Trust attack remains theoretical, but highlights the need for software supply chain security.

Trusting Trust Features

Official Links