Presentation is loading. Please wait.

Presentation is loading. Please wait.

TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.

Published byCharles Nichols Modified over 10 years ago

Similar presentations

Presentation on theme: "TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington."— Presentation transcript:

1 TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington

2 Introduction software update systems are ubiquitous [Secunia 09] Package managers (YUM, APT, YaST) Application updaters (Firefox, Skype, Tor) Language library managers (easy-install, Ruby GEMS, etc.) Software update systems obtain updates from a repository We want to fix this. software update systems are widely insecure [Bellissimo HotSec 06, Cappos CCS 08]

3 Is there a practical risk? (slide content omitted)

4 But security is simple, right? Just use HTTPS Common errors in how certificates are handled Do you trust all CAs? Online data becomes single point of weakness... and add signatures to the software updates Attackers can perform a replay attack... and add version numbers to the software updates Attackers can launch freeze attacks

5 But security is simple, right? (cont.)...... and add a quorum of keys signature system for the root of trust, add signing by different compartmentalized key types, use online keys only to provide freeze attack protection and bound their trust window, etc. [Thandy software updater for Tor] We still found 8 design / implementation flaws Having each developer build their own "secure" software update system will fail

6 Our approach for new systems Build a client library that provides security for software update systems Build a repository library that correctly signs developer updates

7 Year 1: Planning and Prototyping Overview write-up (complete) Client lib design document (complete) Repository lib design document (complete) Client & repository library prototypes (03/28/10) Developer push & example software updater (05/30/10) Trust delegation design (09/30/10)

8 Year 2: Live Deployments Improve security mechanisms Ensure the client library is portable Work with live deployments Raven / Stork -- John Hartman and Scott Baker ?Tor / Thandy? -- Roger Dingledine and Nick Mathewson ??? Focus on supporting the developer / repository interface(s) used on GENI

9 Year 3: Legacy Systems Must retain functionality of existing system Intercept traffic from insecure software update systems to transparently force it through the client library Provide feedback to the user / system administrator

10 Conclusion Software update systems are extremely vulnerable Building a secure software update system is very hard We propose to: Build a library for securing software update systems Use live deployments to ensure quality Secure legacy systems by exploiting their insecurity http://www.updateframework.com http://groups.geni.net/geni/wiki/SecureUpdates

11 Why focus on this threat? Existing implementations are insecure [Bellissimo 06, Cappos 08] Software update systems run as root Traditional defenses don't protect against attacks Ubiquitous An attack often appears benign Attack code can be easily reused [EvilGrade] Trends show server attacks are on the rise [CERT]

Download ppt "TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington."

Similar presentations

Introduction to SharePoint for .NET Developer

Introduction to SharePoint for .NET Developer
InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)
PCT303 – Content Publishing in SharePoint Eugene Rosenfeld Black Blade Associates

PCT303 – Content Publishing in SharePoint Eugene Rosenfeld Black Blade Associates
A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
A PPARC funded project Single Sign-On Proposal Guy Rixon IVOA Interoperability Meeting Cambridge MA, May 2004.

A PPARC funded project Single Sign-On Proposal Guy Rixon IVOA Interoperability Meeting Cambridge MA, May 2004.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.

Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
ClassGrab Software Development Plan

ClassGrab Software Development Plan
An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities Vasant Tendulkar NC State University William.

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities Vasant Tendulkar NC State University William.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York 14853.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
The OWASP Foundation Risks of Insecure Communication High likelihood of attack Open wifi, munipical wifi, malicious ISP Easy to exploit.

The OWASP Foundation Risks of Insecure Communication High likelihood of attack Open wifi, munipical wifi, malicious ISP Easy to exploit.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Part 1: Introducing User Interface Design Chapter 1: Introduction –Why the User Interface Matters –Computers are Ubiquitous –The Importance of Good User.

Part 1: Introducing User Interface Design Chapter 1: Introduction –Why the User Interface Matters –Computers are Ubiquitous –The Importance of Good User.

Similar presentations

Ads by Google