BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Trojan Source: Invisible Vulnerabilities - Nicholas Boucher\, Univ
 ersity of Cambridge
DTSTART:20220208T140000Z
DTEND:20220208T150000Z
UID:TALK170144@talks.cam.ac.uk
CONTACT:Kieron Ivy Turk
DESCRIPTION:We present a new type of attack in which source code is malici
 ously encoded so that it appears different to a compiler and to the human 
 eye. This attack exploits subtleties in text-encoding standards such as Un
 icode to produce source code whose tokens are logically encoded in a diffe
 rent order from the one in which they are displayed\, leading to vulnerabi
 lities that cannot be perceived directly by human code reviewers. ‘Troja
 n Source’ attacks\, as we call them\, pose an immediate threat both to f
 irst-party software and of supply-chain compromise across the industry. We
  present working examples of Trojan-Source attacks in C\, C++\, C#\, JavaS
 cript\, Java\, Rust\, Go\, and Python. We propose definitive compiler-leve
 l defenses\, and describe other mitigating controls that can be deployed i
 n editors\, repositories\, and build pipelines while compilers are upgrade
 d to block this attack.
LOCATION:Webinar &amp\; LT2\, Computer Laboratory\, William Gates Building
 .
END:VEVENT
END:VCALENDAR