38 years ago Ken Thompson presented a well-known, binary-only backdoor based on two capabilities of self-hosted compilers: self-replication and their ability to learn.

Other-than-compilers system components are self-hosted, like OpenBSD's make: in order to build a new make binary from source, you need an existing make executable and this one may have been educated to misbehave!

This talk covers the technical implementation of such backdoor and tries to evaluate trust-improving techniques for self-hosted components.

Samuel AUBERTIN is a PhD student in the Systems & Software Security at EURECOM² and cybersecurity consultant for IBM in France.