Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. There are well established algorithms (e.g., SHA) that can take a file and pr

ID: 3720997 • Letter: 1

Question

1. There are well established algorithms (e.g., SHA) that can take a file and produce a unique numeric value (a checksum or hash digest).The sha sum for a file will be different if even one byte of that file changes. A bad guy might attempt to modify a system configuration file (i.e., one that does not often change) in a way that goes undetected. If the attempt to modify the file goes undetected (e.g., an inside job might not be seen as a violation), how can a system operator check on the integrity of files? There are commercial products and services that can be used to help you monitor the integrity of your files: name one.

2. Read the article “Reflections on Trusting Trust” by Ken Thompson (one of the creators of UNIX) and answer:

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

(b) Has the ‘Ken Thompson Hack’ (KTH) been eradicated, or have there been more recent cases of it?

(c) What impact does the KTH have if it turns out to be widespread (i.e., not the specific program that he used, but applying the hack to other programs)?

Explanation / Answer

Ans 1) A system operator can check on the integrity of files with help of File Integrity Monitoring(FIM).One way to monitor would be to do periodic fsck runs. This is already often done every N reboots on Linux when it’s convenient to do so vs. doing something like a live fsck, which is generally far more difficult to implement (correctly). Another way is to use FIM tool, such tools use Baseline comparison, wherein one or more file attributes will be captured or calculated and stored as a baseline that can be compared against at some future time. This can be as simple as the time and date of the file, however, since this data can be easily spoofed, a more trustworthy approach is typically used. This may include periodically assessing the cryptographic checksum for a monitored file, (e.g. using the MD5 or SHA-2 hashing algorithm) and then comparing the result to the previously calculated checksum.

With help of such tools, the system operator can check on the integrity of files.PerfView is one such tool created by Microsoft.

Ans 2)

a)

The first hack he introduced is hacking the compiler to introduce the backdoor into a binary whenever it detected that it was compiling the login source code.

The second hack is hacking the compiler to introduce the backdoor-producing code into the compiler whenever it detected it was compiling that.

He needed both of them first to implement backdoor-producing code and second to introduce this code into compiler whenever it detected it was compiling that.

b) The 'Ken Thompson Hack' (KTH) has been pretty much eradicated with use of multiple compilers.

There's a theoretical chance for this to happen. There is, however, a way of checking if a specific compiler (with available source code) has been compromised Diverse double-compiling.

Basically, use both the suspected compiler and another independently developed compiler to compile the source of the suspect compiler. This gives you SCsc and SCT. Now, compile the suspect source using both of these binaries. If the resulting binaries are identical (with exception of a variety of things that may well legitimately vary, like assorted timestamps), the suspect compiler was not actually abusing trust.

No there have not been recent cases of 'Ken Thompson Hack'.

c)

The impact is that you must inspect and control every single piece of the puzzle of the entire system if you want to be secure. Unless you design, implement, and create your own CPU, your own firmware, your own bootloader, your own peripheral devices (and their CPUs and firmwares), your own OS, your own drivers, your own protocols, your own libraries, your own assembler, your own compiler, your own linker, your own frameworks, your own applications, you cannot ever be safe.So it is not possible to be secure if it turns out to be widespread which is not likely.

Related Questions

1. There are 20 primary amino acids specified by the genetic code. Which step in
Question #66215
1. There are 3 parts to this question please answer fully For each of the follow
Question #1094013
1. There are 3 people pulling on a 10kg sled that is moving in the positive x-di
Question #2168687
1. There are 30 coins in a cash drawer. The coins are nickels and dimes, There i
Question #2971459
1. There are 4 caches with the organization and block size as indicated below. A
Question #3778651
1. There are 50 people in a party. Each person knows at least oneother person. A
Question #3617479
1. There are 500 client records in the first sheet of the file Toy-Info which ha
Question #3370085
1. There are 6 different cards. Sort the cards into two groups. Each card should
Question #219439

Navigate

Previous
1. There are viruses, called bacteriophage, that infect bacterial cells. Followi
Next
1. There aren’t many Organic reactions that produce color changes, but the reage

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.