Skip to main content

Exploiting Trust in Deterministic Builds

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9922))

Included in the following conference series:

Abstract

Deterministic builds, where the compile and build processes are reproducible, can be used to achieve increased trust in distributed binaries. As the trust can be distributed across a set of builders, where all provide their own signature of a byte-to-byte identical binary, all have to cooperate in order to introduce unwanted code in the binary. On the other hand, if an attacker manages to incorporate malicious code in the source, and make this remain undetected during code reviews, the deterministic build provides additional opportunities to introduce e.g., a backdoor. The impact of such a successful attack would be serious since the actual trust model is exploited. In this paper, the problem of crafting such hidden code that is difficult to detect, both during code reviews of the source code as well as static analysis of the binary executable is addressed. It is shown that the displacement and immediate fields of an instruction can be used the embed hidden code directly from the C programming language.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Edge, J.: A backdoor in UnrealIRCd (2010). https://lwn.net/Articles/392201/

  2. Posted by corbet. An attempt to backdoor the kernel (2003). https://lwn.net/Articles/57135/

  3. Evans, C.: Alert: vsftpd download backdoored (2011). http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html

  4. SecurityFocus.com. ProFTPD Backdoor Unauthorized Access Vulnerability (2010). http://www.securityfocus.com/bid/45150

  5. welivesecurity.com. Linux/SSHDoor.A Backdoored SSH daemon that steals passwords (2013). http://www.welivesecurity.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords/

  6. Coverity: Software Testing and Static Analysis Tools. http://www.coverity.com/

  7. Flawfinder. http://www.dwheeler.com/flawfinder/

  8. Splint. http://www.splint.org/

  9. Howard, M.A.: A process for performing security code reviews. IEEE Secur. Priv. 4(4), 74–79 (2006)

    Article  Google Scholar 

  10. Asundi, J., Jayant, R.: Patch review processes in open source software development communities: a comparative case study. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, HICSS 2007, p. 166c. IEEE Computer Society, Washington, DC (2007)

    Google Scholar 

  11. Rigby, P.C., Storey, M.-A.: Understanding broadcast based peer review on open source software projects. In: Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 541–550. ACM, New York (2011)

    Google Scholar 

  12. Bosu, A., Carver, J.C.: Impact of developer reputation on code review outcomes in OSS projects: an empirical investigation. In: Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2014, pp. 33:1–33:10. ACM, New York (2014)

    Google Scholar 

  13. Bosu, A., Carver, J.C.: Peer code review to prevent security vulnerabilities: an empirical evaluation. In: 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), pp. 229–230, June 2013

    Google Scholar 

  14. Wang, Z., Ming, J., Jia, C., Gao, D.: Linear obfuscation to combat symbolic execution. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 210–226. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS) (2008)

    Google Scholar 

  16. Schuster, F., Holz, T.: Towards reducing the attack surface of software backdoors. In: Proceedings of the ACM SIGSAC Conference on Computer Communications Security, CCS 2013, pp. 851–862. ACM, New York (2013)

    Google Scholar 

  17. Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41–50. Springer, Heidelberg (2014)

    Google Scholar 

  18. Gitian. https://gitian.org/

  19. Debian: Reproducible builds. https://wiki.debian.org/ReproducibleBuilds

  20. Tor: Deterministic builds. https://blog.torproject.org/category/tags/deterministic-builds

  21. Intel 64 and IA-32 Architectures Software Developer’s Manual. https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf

  22. Bitcoin core. https://bitcoincore.org

  23. Lagarias, J.C., Rains, E., Vanderbei, R.J.: The Kruskal Count (2001). http://arxiv.org/abs/math/0110143

  24. Jamthagen, C., Lantz, P., Hell, M.: A new instruction overlapping technique for anti-disassembly and obfuscation of x86 binaries. In: 2013 Workshop on Anti-malware Testing Research (WATeR), pp. 1–9, October 2013

    Google Scholar 

  25. Hiding code in deterministically built binaries - Proof-of-Concept - Linux/x86. https://github.com/cjamthagen/backdoor_deterministic_code

  26. shell_bind_tcp.asm. https://github.com/geyslan/SLAE/blob/master/1st.assignment/shell_bind_tcp.asm

  27. Wang, T., Lu, K., Lu, L., Chung, S., Lee, W.: Jekyll on iOS: when benign apps become evil. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 559–572. USENIX Association, Berkeley (2013)

    Google Scholar 

  28. Jamthagen, C., Karlsson, L., Stankovski, P., Hell, M.: eavesROP: listening for ROP Payloads in data streams. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 413–424. Springer International Publishing, Heidelberg (2014)

    Google Scholar 

  29. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 552–561. ACM, New York (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Christopher Jämthagen or Patrik Lantz .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Jämthagen, C., Lantz, P., Hell, M. (2016). Exploiting Trust in Deterministic Builds. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45477-1_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45476-4

  • Online ISBN: 978-3-319-45477-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics