Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security & Trusting Trust Swarun Kumar Based on slides courtesy: Jorge Simosa MIT 6.033 Spring 2013.

Published byDylan Kenneth Cameron Modified over 8 years ago

Similar presentations

Presentation on theme: "Security & Trusting Trust Swarun Kumar Based on slides courtesy: Jorge Simosa MIT 6.033 Spring 2013."— Presentation transcript:

1 Security & Trusting Trust Swarun Kumar Based on slides courtesy: Jorge Simosa MIT 6.033 Spring 2013

2 Reflections on Trusting Trust By Ken Thompson (UNIX paper, co-invented C and UNIX) Key Ideas: Difficult to know what the software you use actually does. So write all of software yourself!... but that’s overwhelmingly impractical! No choice but to trust software from certain sources.

3 What’s a compiler? Transforms a code written in one language to another … usually from higher-level language (e.g. C) into machine code New Compilers provide new features, new optimizations C.1 App.c (written in C.1) App.exe Input: Source Code Output: New Compiler Binary Program: A Compiler (e.g. gcc)

4 But where do compilers come from? To write a new compiler say for C.2 (C version 2.0) Write the program source for C.2 in the C.1 language Feed it into the C.1 compiler Resulting binary is a new compiler C.2 Chicken-and-egg: But where did the first compiler C.0 come from? C.1 C.2 (written in C.1) C.2 Input: Source Code Output: New Compiler Binary Program: Old Compiler

5 Example: C.2 has a new feature! C.2: Accepts vertical tab ‘\v’ as a special character, like ‘\n’ and ‘\t’ Source of C.2 (written in C.1): if(c[0] == ‘\\’ && c[1] == ‘n’) return ‘\n’; if(c[0] == ‘\\’ && c[1] == ‘v’) return 11; // Note we are using 11, since C.1 doesn’t recognize ‘\v’ Output: The new compiler (C.2) can compile programs with ‘\v’

6 Interestingly, C.2 can now compile itself! if(c[0] == ‘\\’ && c[1] == ‘n’) return ‘\n’; if(c[0] == ‘\\’ && c[1] == ‘v’) return 11; if(c[0] == ‘\\’ && c[1] == ‘n’) return ‘\n’; if(c[0] == ‘\\’ && c[1] == ‘v’) return ‘\v’; Input: Source of C.2 written in C.1 Input: Source of C.2 written in C.2! C.1 C.2 Program: Output:

7 So, can we discard old source of C.1/C.2? No! Because: C.2 may contain a hidden backdoor! e.g. a “master” password for all UNIX logins So what? … Why not patch that up in C.3? C.2 can infect C.3, C.4, etc… without leaving any evidence in their source code

8 How can C.2 infect other compilers? Source of C.2+Trojan: if(matches login code) return (login with master password); if(matches C compiler) return (C compiler with hidden backdoor); Input: Login Code => Output: Login with master password Input: C.3 compiler => Output: C.3 compiler backdoor Input: Regular C code => Output: Regular executable

9 How can we detect Trojans? C.2 C.3 C.2’ C.3 C.3’ Do we expect C.3 == C.3’ ? Output-1 Output-2 Not necessary C.2, C.2’ may differ in optimizations But must be functionally identical C.3 C.3’’ C.3’ C.3 C.3’’’ Output-1 Output-2 Do we expect C.3’’ == C.3’’’ ? Yes, absolutely! C.3, C.3’ give same output with same input If not, one of C.2, C.2’ has a Trojan/bug

10 Quiz 3 (2010) – Q8 Answer True/False based on the Trusting Trust paper: A. Thompson believes that self-reproducing programs shouldn’t be trusted. Answer: False. He doesn’t say anything about making them more or less trustworthy. Talks about programs in general.

11 Quiz 3 (2010) – Q8 Answer True/False based on the Trusting Trust paper: B. A Trojan horse like the one Thompson describes could not have been hidden in a compiler for a more modern language like Java. Answer: False. Backdoor is not language-specific.

12 Quiz 3 (2010) – Q8 Answer True/False based on the Trusting Trust paper: C. The Trojan horse Thompson embedded in the login program could have been found by looking at the machine instructions being executed by the CPU. Answer: True. Even though it might take a long time to figure out what the binary is doing.

13 Quiz 3 (2010) – Q8 Answer True/False based on the Trusting Trust paper: D. A programmer can prevent the type of attack Thompson describes by writing all of his or her programs in assembly code. Answer: False. Assembly code is still considered a “higher-language”, since it must be translated to machine code/instructions through an assembler.

14 Quiz 3 (2012) – Q13 Ben has Ken’s compiler (B) and its “supposed” source (S). He wants to know if it still has the login Trojan. His friend Alyssa has a clean compiler binary (A). The source code for the UNIX login program is L. Give an example of two compilation chains that can be compared to detect a possible Trojan? Notation: X -> Y is the result of using binary X to compile source Y B -> S = A -> S NO, they might make different optimizations, i.e. not the same output

15 Quiz 3 (2012) – Q13 Ben has Ken’s compiler (B) and its “supposed” source (S). He wants to know if it still has the login Trojan. His friend Alyssa has a clean compiler binary (A). The source code for the UNIX login program is L. Give an example of two compilation chains that can be compared to detect a possible Trojan? Notation: X -> Y is the result of using binary X to compile source Y B -> S -> S = A -> S -> S YES, if A and B have no Trojans, the intermediate output (new binary) should produce the same output when using the same input (S)

16 Quiz 3 (2012) – Q13 Ben has Ken’s compiler (B) and its “supposed” source (S). He wants to know if it still has the login Trojan. His friend Alyssa has a clean compiler binary (A). The source code for the UNIX login program is L. Give an example of two compilation chains that can be compared to detect a possible Trojan? Notation: X -> Y is the result of using binary X to compile source Y B -> S = A -> S -> S YES, since B should already be a compiled version of S, we can skip the step of B -> S

17 Quiz 3 (2012) – Q13 Ben has Ken’s compiler (B) and its “supposed” source (S). He wants to know if it still has the login Trojan. His friend Alyssa has a clean compiler binary (A). The source code for the UNIX login program is L. Give an example of two compilation chains that can be compared to detect a possible Trojan? Notation: X -> Y is the result of using binary X to compile source Y B -> S -> L = A -> S -> L YES, similar to second answer, we can instead feed just the login source

18 Quiz 3 (2012) – Q13 Ben has Ken’s compiler (B) and its “supposed” source (S). He wants to know if it still has the login Trojan. His friend Alyssa has a clean compiler binary (A). The source code for the UNIX login program is L. Give an example of two compilation chains that can be compared to detect a possible Trojan? Notation: X -> Y is the result of using binary X to compile source Y B -> L = A -> S -> L YES, similar to fourth answer, but we can skip the step of B -> S

19 More Past Quizzes (Trusting Trust) Visit http://web.mit.edu/6.033/www/assignments/quiz-3.shtml 2012 Q3 - #13 (Section 6) 2010 Q3 - #8 2010 Q3 - #13-15 (Section 3) 2008 Q3 - #5 (Section 3) 2006 Q3 - #2 *There may be more that I have accidentally overlooked.

20 Security (Part 2)

21 Secure Channels Alice wants to authenticate message m sent to Bob First cut for security: Let k be a shared key Then Alice, besides m, sends y = H(“m|k”) where | is a delimiter Bob verifies if y == H(“m|k”), since he also has k How can Alice and Bob securely exchange the key k?

22 Diffie-Hellman key exchange Both Alice and Bob have the same key k, without sending it on the network Alice Bob random a random b k = (g a ) b = g ab mod p k = (g b ) a = g ba mod p g a mod p g b mod p

23 Taking it a step further… Use Public/Secret Keys (… like many of you in DP2) Can use a PK/SK to authenticate the shared key exchange Can use PK/SK based signatures Many more attacks possible (DOS, TCP SYN flooding, Botnets) Security is an arms-race… So, Fewer assumptions in threat model => stronger security

24 GOOD LUCK ON QUIZ 2!

Download ppt "Security & Trusting Trust Swarun Kumar Based on slides courtesy: Jorge Simosa MIT 6.033 Spring 2013."

Similar presentations

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Countering Trusting Trust with Diverse Double-Compiling (by David A Wheeler) Dan Frohlich.

Countering Trusting Trust with Diverse Double-Compiling (by David A Wheeler) Dan Frohlich.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing.

Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp Copyright 1984, Association for Computing.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. slide 1 CS 125 Introduction to Computers and Object- Oriented Programming.

©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. slide 1 CS 125 Introduction to Computers and Object- Oriented Programming.
Analysis of Algorithms. Time and space To analyze an algorithm means: –developing a formula for predicting how fast an algorithm is, based on the size.

Analysis of Algorithms. Time and space To analyze an algorithm means: –developing a formula for predicting how fast an algorithm is, based on the size.
©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. slide 1 CS 125 Introduction to Computers and Object- Oriented Programming.

©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. slide 1 CS 125 Introduction to Computers and Object- Oriented Programming.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

Similar presentations

Ads by Google