From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeremiah@pdp10.guru Subject: Re: Trustworthiness of build farms (was Re: CDN performance) Date: Sun, 20 Jan 2019 12:24:15 +0000 Message-ID: <87pnsrzfdc.fsf@ITSx01.pdp10.guru> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([209.51.188.92]:35035) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1glC9E-00071P-MY for guix-devel@gnu.org; Sun, 20 Jan 2019 07:24:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1glC9D-0007so-Ag for guix-devel@gnu.org; Sun, 20 Jan 2019 07:24:20 -0500 Received: from itsx01.pdp10.guru ([74.207.247.251]:40386 helo=itsx01) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1glC9D-0007ra-3E for guix-devel@gnu.org; Sun, 20 Jan 2019 07:24:19 -0500 In-Reply-To: 87fttqutfi.fsf@roquette.mug.biscuolo.net List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: cmmarusich@gmail.com, g@xelera.eu Cc: guix-devel@gnu.org > > Do you know where one can obtain a copy of this report? I did an > > Internet search but couldn't find anything. > me too > Jeremiah: sorry if I insist (last time, promised!) but could you give us > some more info about that report? I am sorry for the delay, the Government shutdown really disabled access for me in regards to the archives in which it was found. As I am currently unable to link that resource, I'll do my best to provide the key points: It was a top secret report for the Department of Defense written in 1958 and declassified by the Clinton Administration. 1) Computers are being used to replace human thinking and as computers are growing faster and faster in complexity; there is going to be a point in the future where computers will be required to design computers. References back to a 1952 paper about lithography (that I couldn't find) and that it is likely that chips will replace single piece logic and thus provide the ultimate place for hiding of malicous functionality. 2) It is possible to infect the software used in the designing of Computers on elements common to all computers, which will alter the circuits to provide weaknesses we can exploit and/or functionality to leverage that the computer designer, builder and owner do not know about. 3) If done on a large enough machine, there is room to include infectors for tools such as assmblers, linkers, loaders and compilers on functionality that can not be removed. 4) It then details how they could backdoor the Strela computer and how it could be leveraged to compromise future Soviet computers to ensure a permanent weapon against the Soviet Union. 5) Then it has a huge section of blacked out text 6) Then a section of possible future hooks depending on how software evolves in the Soviet Union, thus allowing more pervasive hardware compromises and eliminating the possibility of trustworthy computing ever becoming possible on Soviet Computers. 7) Another big blacked out section. 8) Then the final section detailed a list of steps required for a lithography plant to be assembled by an Intelligence Agency to prevent their own infrastructure from being compromised by a similiar Soviet attack; with an estimated spinup time of almost a Decade. Examples included running traces close to the transistors to create a radio induced functionality such as The intensional leaking of crypto secrets upon recieving a very specific frequency. Allowing magic numbers in a set of memory addresses or registers to cause functionality to be engaged; such as disabling protections or giving a process priviledges that would normally be restricted for security reasons. I'm sorry as I am likely missing alot of the details and attacks. Once the Shutdown is done, I'll try again to find that paper for you. -Jeremiah