exploiting insecurity to secure software update systems spiral 2 year end project review n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review PowerPoint Presentation
Download Presentation
Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review

Loading in 2 Seconds...

play fullscreen
1 / 7

Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review. University of Washington PI: Justin Cappos Staff: Geremy Condra Students: Monzur Muhammad 26 Aug 2010. Project Summary. Software updaters are insecure Vulnerable to malicious mirrors

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review' - kaida


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
exploiting insecurity to secure software update systems spiral 2 year end project review

Exploiting Insecurity to Secure Software Update SystemsSpiral 2 Year-end Project Review

University of Washington

PI: Justin Cappos

Staff: Geremy Condra

Students: Monzur Muhammad

26 Aug 2010

project summary
Project Summary
  • Software updaters are insecure
    • Vulnerable to malicious mirrors
    • Vulnerable to key compromises
    • Vulnerable to malicious ISPs
    • Etc.
  • Goal: Secure software update systems
    • Building a framework to solve these issues is very hard (year 1)
      • Need client, developer, and repository tools
    • Putting it in use will reveal new challenges (year 2)
      • Mirrors, Key compromises, delegation, DoS, etc
    • Gaining adoption precludes legacy code modification (year 3)
      • Interpose on software updater traffic

26 Aug 2010

accomplishments 1 advancing geni spiral 2 goals
Accomplishments 1: Advancing GENI Spiral 2 Goals
  • GENI Spiral 2 Goals are described in “GENI Spiral 2 Overview”, section 7. Project SoWs and milestones were crafted to support those goals. On this slide, summarize project accomplishments this year that contribute to the Spiral 2 goals.

Continuous Experimentation:

Our work is important for practical (non-malicious) use of GENI

Interoperability:

In Year 3, we expect our framework will interoperate with software update systems across all of GENI

Identity Management:

We intend to allow the use of GENI credentials for signing software updates

26 Aug 2010

accomplishments 2 other project accomplishments
Accomplishments 2:Other Project Accomplishments

Talk at PyCon (Python developers)

Potential collaboration partners identified within different groups

PyPy

Stork / Raven

Seattle

CCS paper on secure updates in the face of key compromises.

26 Aug 2010

issues
Issues
  • On this slide summarize any issues which cause you concern. The GPO is particularly interested in any issues which have or may affect your ability to complete the work described in your SoW/milestones. However, this is a chance to raise other issues as well.
  • GPO rewards for collaboration will facilitate more reuse
  • When will there be global identity management mechanisms?

26 Aug 2010

plans
Plans
  • What are you plans for the remainder of Spiral 2?
    • Sept 30, 2010 1h) Deliver a design document for client library selective trust delegation and key management.
    • Sept 30, 2010 1i) Deliver a design document for repository library selective trust delegation and key management.
    • Roll out live deployments
  • The GPO is starting to formulate goals for Spiral 3. What are your thoughts regarding potential Spiral 3 work?
    • Practical use is extremely helpful, thus continuous experimentation is important

(and should happen both externally and internally)

    • Identity management would be useful
    • New device and use types pose new challenges

26 Aug 2010