Question

In: Computer Science

Research Question: In a recent lecture we focused on how the OS handles creation of load...

Research Question: In a recent lecture we focused on how the OS handles creation of load modules and loading them into memory for execution. We started by looking at where programs come from, and the translation process source code goes through to turn into a load module. In an era where security is a growing concern (rightly so), and hackersfind waysto exploit weaknessesin code or its implementation, it is timely to visit the role compilers might play in the intentional creation of ‘back doors’ that could be exploited in future. Read the article “Reflections on Trusting Trust” by Ken Thompson (one of the three creators of UNIX) and answer the following questions:

(a) What two ‘hacks’ did he introduce? Why did he need them both?

(b) Has the Ken Thompson Hack (KTH) been eradicated, or have there been more recent cases of it?

(c) What impact does the KTH have if it turns out to be widespread (i.e., not the specific program that he used, but applying the hack to other programs)?

Solutions

Expert Solution

(a) Two Hacks Introduced by Ken Thompson.

The first one :

He hacked /bin/login to introduce a backdoor. He did this by hacking the compiler to introduce the backdoor into a binary whenever it detected that it was compiling the login source code.

The Second one :

He also hacked the compiler to introduce the backdoor-producing code into the compilerwhenever it detected it was compiling that.

(b) The Ken Thompson hack

Ken describes how he injected a virus into a compiler. Not only did his compiler know it was compiling the login function and inject a backdoor, but it also knew when it was compiling itself and injected the backdoor generator into the compiler it was creating. The source code for the compiler thereafter contains no evidence of either virus.

Has this been eradicated ?

I don't think so. There was recent attacks using the kent hack.The most recent was 2009.In August 2009 a virus utilizing the Ken Thompson hack was seen in the wild. It infected Delphi 4 through 7 and applications genereated with it.Nowadays, hardware is much more compatible and compilers therefore have a much smaller role in the day-to-day operation of a system. A compromised compiler is not the most scary scenario anymore - rootkits and a compromised BIOS are even harder to detect and get rid of.

(c) Impact of KTH when it is widespread?

The impact of the KTH will be higher till now.There is risk in every Compiler.If we want a risk free compiler means we have to build that compiler by ourself.That is not at all possible.

Ofcourse , if the hack is in other programs also the impact will be same.There will not be any lesser.Since the hack mainly focus on the Compailer.Now a days the compiler task is very less due to the maximum usage of the hardware.


Related Solutions

In recent weeks we have focused intently on the impact that investor confidence and reliance upon...
In recent weeks we have focused intently on the impact that investor confidence and reliance upon established financial models can have on decision making. Explain whether you believe that investors are motivated to engage in behaviors to diversify with regard to their investment strategies.
this question is related to cloud computing. Describe how S3 handles consistency of objects and how...
this question is related to cloud computing. Describe how S3 handles consistency of objects and how this approach affects the state of objects when they are read using a GET.
In MatLab ( this question is after a lecture about GUI ) % How do you...
In MatLab ( this question is after a lecture about GUI ) % How do you read a property from a control (i.e. the % 'string' property from an edit box)?
Based on what we learned in the lecture on spatial structure and on competition, how important...
Based on what we learned in the lecture on spatial structure and on competition, how important is it to vary spatial structure when characterizing competitive interactions? Use specific empirical examples to support your opinion. To what extent could you predict the competitive outcomes in the natural world if you only studied well-mixed environments? What is the paradox of the plankton? describe a solution to it. Given what you know about microorganisms, their traits, and where and how they live, do...
Research and explain in more detail than given in the lecture pages how a Molecular switch...
Research and explain in more detail than given in the lecture pages how a Molecular switch works and what the prospects are for building a molecular computer that makes use of these switches.
1. Based on what we covered in lecture, how can art be a form of activism?
1. Based on what we covered in lecture, how can art be a form of activism?
Describe how the “kidney” works in amphixous using the anatomical terms we discussed in lecture and...
Describe how the “kidney” works in amphixous using the anatomical terms we discussed in lecture and then a possible mechanism of how it may move materials from the blood
In Lecture 5, we discussed how to solve the Tower of Hanoi problem (Exercise 5.36 in...
In Lecture 5, we discussed how to solve the Tower of Hanoi problem (Exercise 5.36 in the textbook). Consider the following problem variant in which one extra constraint has been added: There are three pegs and n disks of different sizes. Initially, all disks are on the leftmost peg and arranged in order of decreasing size, with the smallest disk on top. The task is to move all the disks to the rightmost peg, under the constraints that: • Only...
How do you think two crucial research events—the creation of the Nuremberg Code and the U.S....
How do you think two crucial research events—the creation of the Nuremberg Code and the U.S. Public Health Service Syphilis study at Tuskegee—influenced the role of Institutional Review Boards (IRBs) in the study design process? how you think the Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research also influences IRBs. Your textbook may be used as a reference.  Jacobsen, K. H. (2017). Introduction to health research methods (2nd ed.). Burlington, MA: Jones &...
For Question 1-4, We will load 1000_Companies.csv dataset that contains data belongs to 1000 companies such...
For Question 1-4, We will load 1000_Companies.csv dataset that contains data belongs to 1000 companies such as R&D, administration and marketing spendings and location. We will use this data to build a machine learning based decision suppport system model to predict companies' profit. Question 1: 10 Points (Load Data) (A) Load the "1000_Companies.csv" dataset - 5 points (B) Display the first and last 5 rows of this dataset - 5 points In [ ]: ​ Question 2: 15 Points (Manipulate...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT