Introduction

Ken Thompson was the 1984 recipient of the Turing Award, the equivalent of the Nobel Prize in Computer Science. His recognized contributions include the design, while at Bell Labs, of the UNIX operating system, that later led to the free software flagship Linux, and today Android, which has the largest share of the smartphone market. Yet, in his acceptance address, Thompson did not choose to talk about operating system design, but instead about computer security, and specifically “trust.” His thoughts were later collected in an essay entitled “Reflections on Trusting Trust” (Thompson, 1984), which has become a classic in the computer security literature. In this work, Thompson examines to what extent one can trust – in an intuitive sense, but as we will see, also a technical sense – a computer system. He recounts how computer systems are built on layers of hardware, but also by layers of software – computer code that provide instructions for how they should perform high-level operations, such as writing a document or loading a Web page. How could anyone foresee what these devices could do under different circumstances? First, they would have to examine what the hardware would do under all conditions. Although this is expensive, it is possible, as hardware is composed of fixed arrangements of wires, silicon, and plastic. Naively, one could assume that software could also be examined in a similar fashion: by reading the source code of the software to understand how it would behave.