In the lecture entitled “Reflection on Trusting Trust” [1], Ken Thompson raises the issue of trusting a software to be free of malicious code. He started by describing two simple programs, a self-reproducing program and a learning program. These two concepts were then used to build a UNIX login program that contains a Trojan horse. The program, which allows access to the system as any user, writes itself into the compiler (self-reproducing), then removes trace of the deliberate bug (learning). This untrusted code, demonstrated to be easy to produce, will be hard to detect, even becomes more difficult if written using lower level languages (demoRead More →