0

Risks of backdoors in software are evident ever since Ken Thompson's Turing Award Lecture "Reflections on Trusting Trust". Certainly this applies to hardware just as well.

Limiting ourselves here to software, what are the genuinely good solutions of protection against backdoors? Owing to certain recent reports in the media on global Internet surveillance by nation-states, the fear of potential backdoors in software that are destined to secure the IT-securitry once again surfaces, e.g. in http://www.golem.de/news/prism-skandal-furcht-vor-hintertueren-in-us-software-und-hardware-1306-100012.html (in German).

Long ago I learned that for standard conformity of programming language compilers there are test centres of the diverse national standard bodies that verify the software and issue certificates to those compiler producers that apply for certification. Could an analogous procedure eventually be a practically realizable solution or at least a good compromise?

Mok-Kong Shen
  • 1,199
  • 1
  • 10
  • 14
  • Analogous process for what? – Lucas Kauffman Jul 03 '13 at 06:42
  • Analogous test centres and tests as well as the application procedures for issuing certificates certifying that the software is correct (in particular free of bugs -- programming errors or intended malicious ones). – Mok-Kong Shen Jul 03 '13 at 06:48
  • This won't work, you can't test if a software is free of bugs. This would require to locate each bug. Which in turn allows you to fix them. Yay, no more bugs! – scai Jul 03 '13 at 08:45
  • 1
    Asking for opinions is not constructive, as everyone will have his/her own. – e-sushi Jul 03 '13 at 08:46
  • Formal methods can be used to dramatically reduce the probability of backdoors, but no adversarial solution can ever be NP complete. – MCW Jul 03 '13 at 16:54
  • Ok. If there is indeed no way at all to determine the potential presence or not of backdoors in a software, how could we nonetheless sensibly talk of the "security" of communication, in which that software plays an essential role? This is what I can't comprehend. (I don't like to blindly trust anyone.) – Mok-Kong Shen Jul 03 '13 at 21:04

1 Answers1

1

Tests, automated or not, cannot detect backdoors. Tests detect non-malicious errors. It is easy to hide a backdoor that no test wil ever detect.

If you want to be sure that there is no backdoor in your software, then there is only one solution: write it yourself. This extends to the software tools (define your own language, write the compiler), the operating system, and the hardware itself. Ultimately, you can assume that a bucket of sand is backdoor-free; and sand is silicium.

In practice, what you cannot do yourself, you have it done by people you trust. That's the rationale behind making background checks for developers.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475