David A. Wheeler's Blog

Fri, 15 May 2020

Initial Analysis of Underhanded Source Code

Announcing - a newly-available security paper I wrote! It’s titled “Initial Analysis of Underhanded Source Code” (by David A. Wheeler, IDA Document D-13166, April 2020). Here’s what it’s about, from its executive summary:

“It is possible to develop software source code that appears benign to human review but is actually malicious. In various competitions, such as the Obfuscated V Contest and Underhanded C Contest, software developers have demonstrated that it is possible to solve a data processing problem “with covert malicious behavior [in the] source code [that] easily passes visual inspection.” This is not merely an academic concern; in 2003, an attacker attempted to subvert the widely used Linux kernel by inserting underhanded software (this attack inserted code that used = instead of ==, an easily missed, one-character difference). This paper provides a brief initial look at underhanded source code, with the intent to eventually help develop countermeasures against it. …

This initial work suggests that countering underhanded code is not an impossible task; it appears that a relatively small set of simple countermeasures can significantly reduce the risk from underhanded code. I recommend examining more samples, identifying a recommended set of underhanded code countermeasures, and applying countermeasures in situations where countering underhanded code is important and the benefits exceed their costs.”

In my experience there are usually ways to reduce security risks, once you know about them. This is another case in point; once you know that this is a potential attack, there are a variety of ways to reduce their effectiveness. I don’t think this is the last word at all on this topic, but I hope it can be immediately applied and that others can build on it.

This was the last paper I wrote when I worked at IDA (I now work at the Linux Foundation). My thanks to IDA for releasing it! My special thanks go to Margaret Myers, Torrance Gloss, and Reginald N. Meeson, Jr., who all worked to make this paper possible.

So if you’re interested in the topic, you can view the Landing page for IDA Document D-13166 or go directly to the PDF for IDA DOcument D-13166, “Initial Analysis of Underhanded Source Code”. (If that doesn’t work, use this Perma.cc link to paper D-13166.) Enjoy!

path: /security | Current Weblog | permanent link to this entry