> The claim of the PhD and the 2005 paper is that you can verify the integrity of a compiler using another compiler that you do trust, all the way back in history.
Right. I'm wondering how this was sufficiently non-obvious to warrant a PhD dissertation.
The idea is that a compiler is, loosely, a self-reproducing program and is therefore in a position to propagate malware in a very subtle way - by modifying the binary version of future versions of itself.
From a security perspective, this is different from a compromised (say) Debian mirror because it's not a question of, "does this binary match the source I downloaded from?" but, rather, "does this binary do the right thing when I use it to compile my system?"
Think of it this way: you and a friend both compile GCC. But the native code which results is not necessarily the same - it depends on details of your machine and your existing compiler tools. So there is no way to say what "the binary for GCC 4.4.x on i686" should look like, so you cannot tell if your friend modified his compiler's source code just before compiling it. This is (sort of) the problem the paper is solving.
Right. I'm wondering how this was sufficiently non-obvious to warrant a PhD dissertation.