sk4nz/eurobsdcon22
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

final slides ?

Browse Source
This commit is contained in:
sk4nz 2022-09-18 15:07:57 +02:00
parent c20e9ddd6c
commit f3aaa79015
2 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
slides/trusting-make.pdf
View File

Binary file not shown.

34
slides/trusting-make.tex
View File

@ -152,8 +152,8 @@ Compilers carry knowledge obtained from their source across hereditary binaries.
\pause \pause
\begin{enumerate} \begin{enumerate}
\item If you compile yourself, self-reproduce. \item If you compile yourself, self-reproduce. \pause
\item If you compile login(1), backdoor it. \item If you compile \texttt{login(1)}, make it misbehave.
\end{enumerate} \end{enumerate}
\end{center} \end{center}
\end{frame} \end{frame}
@ -165,11 +165,11 @@ Compiler Source \textit{CS} $\longrightarrow$ \textit{X} $\longrightarrow$ Compi
Backdoored Compiler Source $\longrightarrow$ \textit{C} $\longrightarrow$ \textcolor{orange}{Backdoored Compiler \textit{BC}} \pause Backdoored Compiler Source $\longrightarrow$ \textit{C} $\longrightarrow$ \textcolor{orange}{Backdoored Compiler \textit{BC}} \pause
\textit{CS} $\longrightarrow$ \textcolor{orange}{\textit{BC}} $\longrightarrow$ \textcolor{red}{Self-Replicating Backdoored Compiler \textit{KBC'}} \pause \textit{CS} $\longrightarrow$ \textcolor{orange}{\textit{BC}} $\longrightarrow$ \textcolor{red}{Self-Replicating Backdoored Compiler \textit{SRBC'}} \pause
\textit{CS} $\longrightarrow$ \textcolor{red}{\textit{KBC'}} $\longrightarrow$ \textcolor{red}{\textit{KBC''}} \pause \textit{CS} $\longrightarrow$ \textcolor{red}{\textit{SRBC'}} $\longrightarrow$ \textcolor{red}{\textit{SRBC''}} \pause
Program Source \textit{S} $\longrightarrow$ \textcolor{red}{\textit{KBC}} $\longrightarrow$ \textcolor{red}{\textbf{Backdoored Program}} Program Source \textit{S} $\longrightarrow$ \textcolor{red}{\textit{SRBC}} $\longrightarrow$ \textcolor{red}{\textbf{Backdoored Program}}
\end{center} \end{center}
\end{frame} \end{frame}
@ -209,6 +209,9 @@ Demonstration
\begin{center} \begin{center}
\texttt{/usr/src/usr.bin/make/engine.c} \texttt{/usr/src/usr.bin/make/engine.c}
\pause
\begin{itemize} \begin{itemize}
\item \mintinline{c}{bool do_run_command(Job *job, const char *pre)} \item \mintinline{c}{bool do_run_command(Job *job, const char *pre)}
\item \mintinline{c}{job->node->name} \item \mintinline{c}{job->node->name}
@ -316,10 +319,10 @@ Detection
\begin{center} \begin{center}
\pause \pause
\begin{itemize} \begin{itemize}
\item btrace \item btrace \pause
\item ktrace \item ktrace \pause
\item gdb \item gdb \pause
\item radare2 \item radare2 \pause
\end{itemize} \end{itemize}
\end{center} \end{center}
\end{frame} \end{frame}
@ -329,6 +332,8 @@ Detection
David A. Wheeler PhD dissertation\footnote{\url{https://dwheeler.com/trusting-trust/}} David A. Wheeler PhD dissertation\footnote{\url{https://dwheeler.com/trusting-trust/}}
\pause
Compiler Source Code \textcolor{ProcessBlue}{\textit{CS}} $\longrightarrow$ \textcolor{orange}{\textit{X}} $\longrightarrow$ Compiler \textcolor{orange}{\textit{X1}} \pause Compiler Source Code \textcolor{ProcessBlue}{\textit{CS}} $\longrightarrow$ \textcolor{orange}{\textit{X}} $\longrightarrow$ Compiler \textcolor{orange}{\textit{X1}} \pause
\textcolor{ProcessBlue}{\textit{CS}} $\longrightarrow$ \textcolor{purple}{\extit{Y}} $\longrightarrow$ Compiler \textcolor{purple}{\extit{Y1}} \pause \textcolor{ProcessBlue}{\textit{CS}} $\longrightarrow$ \textcolor{purple}{\extit{Y}} $\longrightarrow$ Compiler \textcolor{purple}{\extit{Y1}} \pause
@ -351,6 +356,17 @@ Are \textcolor{orange}{\textit{X2}} and \textcolor{purple}{\textit{Y2}} binary e
\end{center} \end{center}
\end{frame} \end{frame}
\begin{frame}[fragile,c]{Conclusion}
\begin{center}
\begin{itemize}
Thompson's backdoor is still powerful and cheap to implement, 48 years after the Multics security audit.
\end{itemize}
\end{center}
\end{frame}
\begin{frame}[standout] \begin{frame}[standout]
Let's discuss! Let's discuss!