Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Trojan Source - Bad Characters Are Coming for Your Code

Devoxx via YouTube

Overview

Explore a critical cybersecurity threat in this conference talk that unveils a technique for creating invisible vulnerabilities in source code. Discover how adversaries can manipulate text encoding to craft code that displays different logic to compilers than to human reviewers, posing a significant risk for supply chain attacks. Learn about the wide-ranging implications of these "evil encodings" across various subfields of computer science, including their potential to compromise production systems for toxic content identification and machine translation. Delve into a series of practical defenses that developers can implement to mitigate their exposure to this threat vector. Gain insights into the research process, coordinated disclosure efforts, and the resulting press coverage and developer tool updates. Examine the connections between this attack and adversarial examples in machine learning, and understand the broader implications for trusting source code. Access additional resources and explore future directions in this critical area of cybersecurity research.

Syllabus

Introduction
Invisible Attacks
Encoding
Unicode
Bidirectional Algorithm Tour
Directionality Control Characters
Source Code
Dr Evil
Recap
Explanation
Example
Copy Paste
Jerry
Trojan Source
Machine Learning
Adversarial Example
Text vs Images
Reverse Encoding
Summary
Release directly into the wild
Coordinated disclosures
Vulnerability disclosures
Coordinated disclosure
Press coverage
Developer Tools
Rust
Defenses
Machine Learning Defenses
Takeaways
Additional Information
Whats Next
Dont Write Comments

Taught by

Devoxx

Reviews

Start your review of Trojan Source - Bad Characters Are Coming for Your Code

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.