Wednesday, June 16, 2010

Trust a program?

In the lecture entitled "Reflection on Trusting Trust" [1], Ken Thompson raises the issue of trusting a software to be free of malicious code. He started by describing two simple programs, a self-reproducing program and a learning program. These two concepts were then used to build a UNIX login program that contains a Trojan horse. The program, which allows access to the system as any user, writes itself into the compiler (self-reproducing), then removes trace of the deliberate bug (learning). This untrusted code, demonstrated to be easy to produce, will be hard to detect, even becomes more difficult if written using lower level languages (demo source code was in C).

The paper makes me think about the large software systems that we currently use. How can we be sure that these systems are not violating our privacy? In a bigger picture, the government and major private entities are also using computer systems in managing critical resources to the mass. These systems are operated using softwares that could not be said to be perfectly secure.

Relating the paper to my research interest, this problem is in the spotlight when considering e-voting systems. When adopting an e-voting system, a democratic state has to convince its people that the system is trustworthy. Citizens want to be assured that the machines acts correctly. To address this issue, one of the security measure is to perform a source code review. We can find a detailed example of a source code review for e-voting machines in [2]. Vulnerability as described in the paper is one of the many reasons for this procedure. The difficulty of performing a thorough source code review should not stop us from trying. While source code review is usually done by a selected group of experts, another concept that could help detect such vulnerabilities is developing an open-source software. This has been practised in Australia, reported in [3]. By posting the source code of the software, the public could review and gain more trust in it. We should not rely on security by obfuscation. The more scrutiny, the higher the possibility to detect and fix existing vulnerabilities.

There are too many advantages of employing a computer system with its set of softwares. Although we cannot be completely sure that a system is safe, we can implement procedures that can increase trust.


REFERENCES:
1. K. Thompson: Reflections on Trusting Trust (August 1984).
2. California Secretary of State: Top-to-Bottom Review [http://www.sos.ca.gov/voting-systems/oversight/top-to-bottom-review.htm] (Last accessed 16 June 2010).
3. WIRED: Aussies Do It Right: E-voting [http://www.wired.com/techbiz/media/news/2003/11/61045] (Last accessed 16 June 2010).

No comments:

Post a Comment