1 / 12

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering. Introduction. You need to update software Software update systems are widely insecure [Bellissimo HotSec 06, Cappos CCS 08, Samuel CCS 10] You don’t want to think about security.

langer
Download Presentation

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TUF: Secure Software Updates Justin CapposNYU Poly Computer Science and Engineering

  2. Introduction You need to update software Software update systems are widely insecure [Bellissimo HotSec 06, Cappos CCS 08, Samuel CCS 10] You don’t want to think about security

  3. Is there a practical risk? Trivial to become an official mirror [Cappos 08] Often can even target specific nodes [Samuel login 09] Example attack that is fixed in modern package managers due to our work     Find existing exploit code for an old version of a package that isn't installed     Change the package metadata so the old version of the package is installed with any update     After the computer does an update, remotely exploit it A knowledgeable attacker can root any system on PlanetLab today!

  4. But security is simple, right? Just use HTTPS     Common errors in how certificates are handled     Online data becomes single point of weakness ... and add signatures to the software updates     Attackers can perform a replay attack ... and add version numbers to the software updates     Attackers can launch freeze attacks

  5. But security is simple, right? (cont.) ...... and add a quorum of keys signature system for the root of trust, add signing by different compartmentalized key types, use online keys only to provide freeze attack protection and bound their trust window, etc.    [Thandy software updater for Tor]     We still found 8 design or implementation flaws The median Windows machine has ~24 updaters [Secunia] GENI -> MITM Having each developer build their own "secure" software update system will fail

  6. Our approach for new systems

  7. Our approach for legacy systems Intercept traffic

  8. Project roadmap Build an artifact early, add security mechanisms gradually Portability of the client library is key Work with Raven, Tor, PrimoGENI, PlanetLab, nmap, etc.     Many pairs of eyes uncover bugs more easily Focus on supporting the developer / repository interface(s) used by GENI devels

  9. TUF Conclusion Software update systems are extremely vulnerable Building a secure software update system is very hard We have the solution! We will:     Securing legacy systems by exploiting their insecurity     Working with different communities to ensure quality

  10. Outline • Research Methodology • Seattle Testbed • CheckAPI • Shims • Lind • The Update Framework (TUF) UPPIR

  11. Decorated Page • Bullet point • Subpoint • More bullet points

  12. Subtle page Heading • Bullet points…

More Related