Reflections on Thompsons Reflections

 
 
By Peter Coffee  |  Posted 2004-02-05 Email Print this article Print
 
 
 
 
 
 
 

From the Cold War to the MyDoom blitz, old security lessons still need to be taught.

Every few years, I find it worth my time to re-read Ken Thompsons August 1984 article, "Reflections on Trusting Trust," based on his 1983 Turing Award lecture that described what he called "the cutest program I ever wrote." The lecture does not merely describe the anatomy of a clever hack: it demonstrates the need for important IT systems to be treated as fundamentally untrustworthy, and to be guarded by independent technical and procedural limits on what they are able to do. Thompsons lecture is still being cited, for example, in discussions of computer-based voting systems in elections. His warnings also come to mind after reading William Safires column for the New York Times, released this morning, about the Wests deliberate sabotage of the former Soviet Unions campaign of Cold War technology theft--specifically, the Trojan Horse that was implanted in stolen pipeline-control software to create "the most monumental non-nuclear explosion and fire ever seen from space" (as described by Thomas Reed in his forthcoming book, "At the Abyss: An Insiders History of the Cold War.") If you dont want to wait for next months publication of Reeds book, you can find additional background on Safires column in an article by Gus Weiss, whom Safire calls the "mild-mannered economist" who "engineered" the sabotage effort. Thompsons device for concealing a "back door" superuser account was discoverable only by someone with access to the entire chain of system software, including the compiler that was used to compile the compiler. It was not a theoretical exercise, but a convenient method that he devised for ensuring access to the early Unix systems that he was often asked to help fix.
And Thompsons lecture was followed, ten years later, by my April 1994 article, "Distributed Objects Form Info Highway Hazards": although no longer online, so far as I can determine, that article was cited by another writer later that year in a still-accessible Defcon II conference paper on the nature of cyber-crime. My key point was that compound documents, with their invisible invocations of the applications that create their embedded objects, are constantly re-linking the users chain of trust through unknown participants: the expected results, I argued, were both local breaches of security and global surges of network activity.
Five years later, in April 1999, I suggested (in the wake of the all-too-predictable Melissa worm) that ease-of-use features in the then-forthcoming Office 2000 would further fuel the firestorm, with deadly combinations of features such as the Outlook preview pane and the incorporation of active content into HTML-formatted e-mail. Harried SCO Web site staff can only wish that Id been more successful in persuading people that our network-intensive applications need anti-lock brakes, so to speak, as well as automatic transmissions. That ends this mornings history lesson, and I hope youll pardon the retrospective tone. Its hardly original to point out that most successful IT attacks involve long-known vulnerabilities, but this mornings headlines seemed to call for this review of both old demonstrations and newly disclosed examples. I welcome your own war stories, cold or hot, at peter_coffee@ziffdavis.com.
 
 
 
 
Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel