Presentation is loading. Please wait.

Presentation is loading. Please wait.

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.

Published byMelinda Hood Modified over 7 years ago

Similar presentations

Presentation on theme: "TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering."— Presentation transcript:

1 TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering

2 Introduction You need to update software Software update systems are widely insecure [Bellissimo HotSec 06, Cappos CCS 08, Samuel CCS 10] You don’t want to think about security

3 Is there a practical risk? Trivial to become an official mirror [Cappos 08] Often can even target specific nodes [Samuel login 09] Example attack that is fixed in modern package managers due to our work Find existing exploit code for an old version of a package that isn't installed Change the package metadata so the old version of the package is installed with any update After the computer does an update, remotely exploit it A knowledgeable attacker can root any system on PlanetLab today!

4 But security is simple, right? Just use HTTPS Common errors in how certificates are handled Online data becomes single point of weakness... and add signatures to the software updates Attackers can perform a replay attack... and add version numbers to the software updates Attackers can launch freeze attacks

5 But security is simple, right? (cont.)...... and add a quorum of keys signature system for the root of trust, add signing by different compartmentalized key types, use online keys only to provide freeze attack protection and bound their trust window, etc. [Thandy software updater for Tor] We still found 8 design or implementation flaws The median Windows machine has ~24 updaters [Secunia] GENI -> MITM Having each developer build their own "secure" software update system will fail

6 Our approach for new systems

7 Our approach for legacy systems Intercept traffic

8 Project roadmap Build an artifact early, add security mechanisms gradually Portability of the client library is key Work with Raven, Tor, PrimoGENI, PlanetLab, nmap, etc. Many pairs of eyes uncover bugs more easily Focus on supporting the developer / repository interface(s) used by GENI devels

9 TUF Conclusion Software update systems are extremely vulnerable Building a secure software update system is very hard We have the solution! We will: Securing legacy systems by exploiting their insecurity Working with different communities to ensure quality

10 Research Methodology Seattle Testbed CheckAPI Shims Lind The Update Framework (TUF) UPPIR Outline

11 Bullet point Subpoint More bullet points Decorated Page

12 Subtle page Heading Bullet points…

Download ppt "TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering."

Similar presentations

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.
A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.
TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.

TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
March 24, 2003Upadhyaya – IWIA 20031 A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.

March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.

Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.
Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015.

Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015.
Large-scale application security Charlie Eriksen.

Large-scale application security Charlie Eriksen.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

Similar presentations

Ads by Google