A classic paper by Ken Thompson. Today I think the most important paragraph is this: "I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect."<p>Keep the above in mind when thinking about the proprietary microcode and ME hardware/firmware components that are built-in to nearly all modern processors. A typical "supply chain" attack.
> <i>The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.”</i><p><a href="https://9to5mac.com/2015/03/10/cia-apple-encryption/" rel="nofollow">https://9to5mac.com/2015/03/10/cia-apple-encryption/</a><p><a href="https://en.wikipedia.org/wiki/XcodeGhost" rel="nofollow">https://en.wikipedia.org/wiki/XcodeGhost</a>
Existence of this problem is often used as a defeatist argument to do nothing about software security.<p>1. I don't want to run any software I don't trust, and I don't want to trust anyone.<p>2. But it's impossible to verify anything, because even my CPU could be lying to me.<p>The result is that any improvement in security gets shot down, because nothing short of digging sand for silicon with your bare hands is safe from Ken Thompson.
more than half the people I knew in Computer Science that took the road of security, turned out as concerted weasels, on <i>both</i> sides of that "bright line" of the law. Meanwhile lots of worthy people doing worthy things are effectively in the same camp as dolts and illiterates, having nothing to do with security at all.
seL4 is a system formally verified up to machine code.<p><a href="https://sel4.systems/About/home.pml" rel="nofollow">https://sel4.systems/About/home.pml</a><p>It won't protect you against unprotected apps doing what they want, nor against CPU backdoors, but it reduces your attack surface by a lot.
Shameless plug, but here's a short video covering the paper: <a href="https://youtu.be/Ow9yMxJ8ez4" rel="nofollow">https://youtu.be/Ow9yMxJ8ez4</a>