Review: Reflections on Trusting Trust
High Level Summary
In this lecture, Ken Thompson talks about how he implanted a bug in the C compiler binary that is impossible to detect, famously known as the Ken Thompson Hack. The modified C compiler can inject arbitrary code into any program that it compiles. Thompson uses this example to show that we can't trust code not written by ourselves. He emphasizes that this technique could make anyone vulnerable to malicious code, and warns that hacking computer systems is also a crime.
The most valuable thing that I learned from this paper is how susceptible we actually are in terms of computer security. I did think that any open source code can be trusted because it is open for inspection to the community, and this paper shows that this is not necessarily true. I think this paper (talk) is strong in that it shows an extremely powerful attack succinctly within 3 pages. Also, I really like how Thompson starts with something really casual (the quine and modified C compiler) in stage 1 and 2, and showed a horrifying attack that must have shocked the entire audience. This is definitely an awesome and dramatic way to give a talk.
Since this is technically a talk, not a paper, I don't think normal criteria for academic papers will apply to this paper, though I would really appreciate some more explanation of Stage III.