the "Reflections on Trusting Trust" lecture and paper

E162094

"Reflections on Trusting Trust" is Ken Thompson’s influential 1984 Turing Award lecture and paper that exposed how a compiler could be maliciously modified to invisibly insert security vulnerabilities, fundamentally shaping thinking about software trust and supply-chain security.

All labels observed (2)

How this entity was disambiguated

Statements (45)

Predicate Object
instanceOf academic paper
lecture
author Ken Thompson
Ken Thompson
surface form: Kenneth Thompson
awardAssociatedWith Turing Award
surface form: ACM A.M. Turing Award
conclusion it is difficult to establish absolute trust in software systems
describes how a compiler can be modified to insert malicious code
how a compiler can propagate a hidden backdoor without source code changes
trusting trust problem
exampleUsed compiler that inserts its own Trojan when recompiled
modified C compiler inserting a login backdoor
fieldOfWork computer science
systems security
hasKeyIdea malicious behavior can be hidden in compilers rather than application source code
malicious modifications can self-propagate across compiler recompilations
source code review alone cannot guarantee absence of backdoors
trust must extend to compilers and build tools
historicalSignificance early articulation of software supply-chain attacks
foundational work in understanding software trust chains
illustrates Trojan horse in the C compiler
Trojan horse in the Unix login program
influencedConcept diverse double-compiling
reproducible builds
software provenance
toolchain integrity verification
trusted computing base
influencedField computer security
formal methods for compiler verification
secure compilation
software engineering
software supply-chain security
languageOfWork English
mainTopic compiler backdoors
self-replicating malware in toolchains
software supply-chain security
software trust
trust in computing systems
notableFor demonstrating undetectable compiler backdoors
shaping discourse on software trust and verification
presentedAs Turing Award
surface form: Turing Award lecture
proposesConcept invisible vulnerabilities in compiled binaries
trusting the entire toolchain
publicationType Turing Award lecture paper
publicationYear 1984
publishedIn Communications of the ACM

How these facts were elicited

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

Ken Thompson knownFor the "Reflections on Trusting Trust" lecture and paper
Ken Thompson notableWork the "Reflections on Trusting Trust" lecture and paper
this entity surface form: Reflections on Trusting Trust