kth.sePublications KTH
Operational message
There are currently operational disruptions. Troubleshooting is in progress.
EnglishSvenskaNorsk
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
DDC4j: Diverse Double-Compiling for Java
KTH, School of Electrical Engineering and Computer Science (EECS).
KTH, School of Electrical Engineering and Computer Science (EECS).
2025 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Diverse Double-Compiling (DDC) is a countermeasure to the covert compiler malware known as the trusting trust attack, which can hide itself inside self-hosting compilers. This thesis aims to explore and implement DDC for the Java compiler javac, and lays the groundwork for the defense against this class of attacks in the Java ecosystem. Diverse Double-Compilation is designed and implemented for Java, and detailed investigations are made to ensure the design is correct. Additionally, the issue of a diverse set of grandparent compilers, necessary for accurate DDC results, is explored, and a bootstrapped Java compiler is employed to increase said diversity. The function of DDC for Java is tested and verified with a proof-of-concept trusting trust attack; DDC is also used to verify the nonexistence of an attack in Temurin 21.0.5, an industry distribution of the Java Development Kit (JDK). This thesis finds that the DDC process designed in this thesis can be used to feasibly and effectively detect trusting trust attacks, even in a production-grade build pipeline; it also finds that the checked Temurin release is not very likely to be hiding a trusting trust attack.
Abstract [sv]

Diversifierad dubbelkompilering (DDC) är ett sätt att upptäcka och förhindra självreproducerande datorvirus som gömmer sig i kompilatorer. Detta kandidatarbete ämnar att utforska och implementera DDC för Javas kompilator javac och lägger grunden för försvar mot denna sorts attacker i Javas ekosystem. Diversifierad dubbelkompilering designas och implementeras för Java och en noggrann undersökning av Javas byggsystem görs för att säkerställa korrekt design. Utöver detta undersöks mångfalden bland tillgängliga kompilatorer för Java och då denna finnes vara undermålig skapas och undersöks en från grunden kompilerad kompilator som tillför mångfald och används i implementationen av DDC. Vidare testas implementationen med en prototyp av ett gömt självreproducerande datorvirus. Slutligen genomförs DDC på den populära distributionen av Java vid namn Temurin, version 21.0.5. Arbetet finner att den skapade DDC-processen är effektiv för att detektera självreproducerande gömda virus, även i produktionsklara datormiljöer, samt att Temurin sannolikt inte gömmer några självreproducerande virus.
Place, publisher, year, edition, pages
2025. , p. 583-606
Series
TRITA-EECS-EX ; 2025:159
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-376181OAI: oai:DiVA.org:kth-376181DiVA, id: diva2:2034641
Supervisors
Examiners
Projects
Kandidatexamensarbete i Elektroteknik 2025, EECS, KTHAvailable from: 2026-02-02 Created: 2026-02-02

Open Access in DiVA

fulltext(80627 kB)23 downloads
File information
File name FULLTEXT01.pdfFile size 80627 kBChecksum SHA-512
35ce0a386dafe4649eb99cbe0efdfed651a3c9044e3339612422234d17a7e8ec21d4fd4aa201500c3c7a8f57194994b78b3e0cfbd5319ecd49f18a5d8a7ff775
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 4024 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access