Reflections on trusting trust

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Fri Aug 15 2003 - 14:43:10 CDT

"Douglas W. Jones" <jones@cs.uiowa.edu> wrote:
|If there's no dynamic linkage, no interpretation and no
|self-modification, you can examine the object code and know you've got
|the whole ball of wax. If there are any of those additional mechanisms,
|you've got to broaden your search, looking at every gateway into the
|system through which code subject to linkage or interpretation could be
|inserted.

True, but it is not enough merely to examine the object code for the EVM
application. You also need to examine the object code for everything
that can affect the runtime environment of the EVM application. This
includes the OS kernel, device drivers, and any daemon or other process
with sufficient permissions (or with hacks) to peak into the memory
space of the EVM object code. At the very least, such inspectibility
rules out proprietary software from the entire tool chain. Moreover,
EVM itself cannot perform such inspection because a malicious kernel can
expose identical API responses to the application.

In practice, an application using an interpreted language like Python
can be more secure than a compiled system, because checking the SHA/MD5
hash of the runtime system itself (against a known, audited version)
gets you the same level of security as you get by inspection of the
machine code of a compiled application. But inspecting machine code
directly requires a considerably larger amount of work. Obviously, you
then also have to audit the (interpreted) application, but you can do so
at a source code level, which is much easier (and the source can be
signed against tampering, etc).

|This is made less of a problem, though, by the presence of a paper
|trail!

I am 100% in agreement here!

This is such a fundamental, obvious, and important point, that is
jaw-dropping how many elections people have missed it hitherto.

Yours, David...

--
mertz@  | The specter of free information is haunting the `Net!  All the
gnosis  | powers of IP- and crypto-tyranny have entered into an unholy
.cx     | alliance...ideas have nothing to lose but their chains.  Unite
        | against "intellectual property" and anti-privacy regimes!
-------------------------------------------------------------------------
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Aug 31 23:17:09 2003

This archive was generated by hypermail 2.1.8 : Sun Aug 31 2003 - 23:17:17 CDT