Ways to combat bookmarks in compilers
In my last article , The Black Swan Theory and the Fundamental Vulnerability of Automated Systems, I described the software tabs added to open source software for the binary version of the compiler, while new versions of the compiler compiled by this compiler will also be created with bookmarks.
In this article, I proposed a reference solution and several recommendations to reduce the likelihood of this threat.
Instead of introducing
Reference solution
The solution is quite obvious and is to create a reference compiler. And even not so much in the creation of a compiler, but in the creation of open specifications and methods for developing a reference version of this compiler, which can be performed in several independent implementations. Only in this case, if any application program is compiled separately by several implementations of the “trusted” compiler, if binary modules are identical, then it will be possible to talk about the absence of virus code in the resulting “reference” compilers and, accordingly, about the absence of bookmarks in the resulting program.
Undoubtedly, we should not forget about the implementation of attacks through the hardware of the computer; to increase the degree of trust, it is necessary to use hardware developed in accordance with the principles of Open Hardware.
')
Recommendations for reducing the likelihood of threats
Creating a reference compiler takes time and effort from the development team, but the problem is already now and there is no trusted compiler yet. So it is necessary to take measures to reduce the likelihood of these threats.
Speaking about compiler creation, we are talking not only about the generation phase of object files, but also about such components as the preprocessor, linker, etc. A separate implementation of the preprocessor and linker can take into account all other recommendations (including their implementation in other languages). affect the realization of the threat.
Assumptions to reduce the likelihood of implementing software bookmarks, assumptions are based on the threat model.
* NDV- undocumented features.
Reduction of NDV manifestations in compiled programs is possible when combining the presented methods together with dynamic software testing.
Afterword
The very threat of “Bookmarks in compilers” is reminiscent of conspiracy theory and paranoid, but theoretically feasible. In the comments objective criticism and recommendations are welcome.
In this article, I proposed a reference solution and several recommendations to reduce the likelihood of this threat.
Instead of introducing
Enter through the narrow gate, for the gate is wide and the path is wide, leading to the fiery hell. (Gospel of Matthew).
Reference solution
The solution is quite obvious and is to create a reference compiler. And even not so much in the creation of a compiler, but in the creation of open specifications and methods for developing a reference version of this compiler, which can be performed in several independent implementations. Only in this case, if any application program is compiled separately by several implementations of the “trusted” compiler, if binary modules are identical, then it will be possible to talk about the absence of virus code in the resulting “reference” compilers and, accordingly, about the absence of bookmarks in the resulting program.
Undoubtedly, we should not forget about the implementation of attacks through the hardware of the computer; to increase the degree of trust, it is necessary to use hardware developed in accordance with the principles of Open Hardware.
')
Recommendations for reducing the likelihood of threats
Creating a reference compiler takes time and effort from the development team, but the problem is already now and there is no trusted compiler yet. So it is necessary to take measures to reduce the likelihood of these threats.
Speaking about compiler creation, we are talking not only about the generation phase of object files, but also about such components as the preprocessor, linker, etc. A separate implementation of the preprocessor and linker can take into account all other recommendations (including their implementation in other languages). affect the realization of the threat.
Assumptions to reduce the likelihood of implementing software bookmarks, assumptions are based on the threat model.
| Threat | Decision |
| The NDV compiler recognizes the source code of the target program and adds the virus code. | Obfuscation of the source code of a compiled program without loss of functionality. |
| In new binary versions of compilers with NDV added new bookmarks. | Using the earliest binary versions of compilers, then part of the NDV may be irrelevant. |
| The compiler with NDV adds virus code for the platform on which it was compiled. (Arm, x86) | Cross compilation. Compiling programs for x86 on Arm and vice versa. |
| The compiler with NDV uses third-party libraries and software to implement part of the bookmarks. | Compilation on an isolated system with the minimum required set of programs and utilities. |
| The compiler with NDV provides for attacks on isolated from external system data and activates NDV for any events (memory overflow, unknown errors, connection of specialized devices, occurrence of a certain time, etc.) | Simulation of events and the launch of the checked software in these conditions (including during compilation). |
Reduction of NDV manifestations in compiled programs is possible when combining the presented methods together with dynamic software testing.
Afterword
The very threat of “Bookmarks in compilers” is reminiscent of conspiracy theory and paranoid, but theoretically feasible. In the comments objective criticism and recommendations are welcome.
Source: https://habr.com/ru/post/201782/
All Articles