weixin_39972019
weixin_39972019
2020-12-05 23:11

Deterministic compilation

Does intend to implement deterministic compilation for binaries?

It's important for to produce accurate and consistent output and I feel it'll benefit to begin implementing deterministic compilation. It'll strengthen independent authentication of and alongside independent authentication of its source code in doing so.

has established methodologies to critique tools such as alongside a plethora of procedures and criteria in its Computer Forensics Tool Testing Program (CFTT) but deterministic compilation isn't included amongst its criteria. None of the tool sets has catalogued implements deterministic compilation so I feel it could benefit to implement it as a unique aspect and as an articulable demonstration of the benefits of deterministic compilation.

has a build tool set for build automation and I'd encourage consideration of deterministic compilation and implementing it alongside #3515.

该提问来源于开源项目:sleuthkit/autopsy

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39605004 weixin_39605004 5月前

    If you're thinking about this in the context of the requirements for accreditation to the ISO 17025 standard, you need to bear in mind that that is all about validation of individual methods, NOT verification of tools. Even if a tool can be verified, it isn't sufficient evidence of validity of the method, competence of the operator or proficiency of the organisation.

    点赞 评论 复制链接分享
  • weixin_39972019 weixin_39972019 5月前

    I realise that deterministic compilation doesn't affirm the methods or corroborate the competence of practitioners or organisations but nonetheless I feel that deterministic compilation should be something should consider and so too should others creating digital forensic science tool sets.

    It might not be an aspect of processes but deterministic compilation has demonstrable benefits from a technical or scientific standpoint. I'd still encourage implementing #3515 regardless of using deterministic compilation or not.

    点赞 评论 复制链接分享
  • weixin_39933484 weixin_39933484 5月前

    This is a new concept to me. What does it mean that we have to do differently?

    点赞 评论 复制链接分享
  • weixin_39605004 weixin_39605004 5月前

    Far too much, IMHO. Even with the static binaries that you'd have to generate there are too many external factors for it to be reasonable to use the method.

    If you take it to its logical extreme conclusion it requires a bundling a complete O/S and deterministic JVM in order to achieve the stated goal.

    点赞 评论 复制链接分享

相关推荐