Trusting Trust

Trusting Trust is a theoretical attack on compilers proposed by Ken Thompson in 1984. It suggests that a malicious programmer could hide a backdoor in the source code of a compiler, which would then insert the same backdoor into programs compiled with it.

Security & Privacy Malware Protection

compiler backdoor security vulnerability

Trusting Trust alternatives ➤

Trusting Trust: Compiler Backdoor Attack

Theoretical attack on compilers proposing a hidden backdoor in source code, proposed by Ken Thompson in 1984

What is Trusting Trust?

Trusting Trust is a theoretical attack on compilers proposed by Ken Thompson in his 1984 Turing Award lecture. The idea is that a malicious programmer could hide a backdoor in the source code of a compiler. This backdoored compiler would then insert the same backdoor into any programs compiled with it.

When programmers compile and run the backdoored programs, they work as intended. But the backdoor allows the malicious programmer to access or modify the program later without the knowledge of the original programmers. So by inserting a vulnerability into a compiler, the malicious programmer has inserted vulnerabilities into all software compiled with that compiler, including operating systems.

Thompson demonstrated this by writing a backdoored version of the Unix compiler and using it to insert a login backdoor into the Unix login program. He then destroyed the evidence by recompiling the compiler from source, inserting the backdoor once again. This made it impossible to detect the backdoor through source analysis.

The Trusting Trust attack shows how unchecked compilers are a major security risk. It prompted the development of compiler verification tools to ensure compiler correctness. However, verifying an entire compiler is extremely difficult. The Trusting Trust attack remains theoretical, but highlights the need for software supply chain security.

Trusting Trust Features

Features

Demonstrates a theoretical attack on compilers
Highlights the potential for backdoors to be inserted into compiled programs
Emphasizes the importance of trust in the software development process

Pricing

Open Source

Pros

Raises awareness about the risks of trusting the software supply chain

Encourages developers to be more vigilant about the code they use and produce

Provides a thought-provoking example of a complex security issue

Cons

The attack is theoretical and may not be practical in real-world scenarios

The concept can be difficult to understand for non-technical audiences

The attack may not be applicable to modern software development practices

Official Links

Official Website
https://cryptogame.ml

The Best Trusting Trust Alternatives

Top Security & Privacy and Malware Protection and other similar apps like Trusting Trust

Here are some alternatives to Trusting Trust:

CryptoKitties

Neko Atsume

Everdragons

Suggest an alternative ❐

CryptoKitties

CryptoKitties is a blockchain-based virtual game built on the Ethereum network that allows players to adopt, raise, and trade virtual cats. These digital cats are called CryptoKitties and each one is unique with different attributes and genomes that distinguish them.CryptoKitties makes use of Ethereum's support for non-fungible tokens (NFTs) to...

Compare CryptoKitties and Trusting Trust

Neko Atsume

Neko Atsume is a free-to-play mobile game developed and published by the Japanese company Hit-Point. It was first released for iOS and Android devices in Japan in 2014 and became a breakout hit. An English version was later released in 2015.In Neko Atsume, the player's goal is to collect various...

Compare Neko Atsume and Trusting Trust

Everdragons

Everdragons is a worldbuilding and interactive storytelling software designed specifically for fantasy writers and roleplaying game creators. Its robust toolset allows users to visualize and organize the key elements of their fictional realms.At the core of Everdragons is an interactive map on which locations, characters, and story events can be...

Compare Everdragons and Trusting Trust