The post discusses the Trusting Trust attack and presents a countermeasure named Diverse Double-Compiling (DDC). DDC can detect and effectively counter the Trusting Trust attack by compiling source code twice using different compilers.
Table of contents
David A. Wheeler’s Page on Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers2009 PhD dissertation2005 ACSAC paperCiting my work (it’s David A. Wheeler, please)Detailed data to duplicate the experimentsCountering misconceptionsWhat about applying this to hardware?Software patents and application programmer interface (API) copyrightsOther thoughts on the dissertationCredit where credit is dueWho’s talking about it?Isn’t this dissertation unusual?Real-world application of DDCSome related materialHow to get key previous papersHints on using OpenOffice.org/LibreOffice and OpenDocumentMiscellaneousMicro-taintingSort: