1 / 7

Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review

Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review. University of Washington PI: Justin Cappos Staff: Geremy Condra Students: Monzur Muhammad 26 Aug 2010. Project Summary. Software updaters are insecure Vulnerable to malicious mirrors

kaida
Download Presentation

Exploiting Insecurity to Secure Software Update Systems Spiral 2 Year-end Project Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exploiting Insecurity to Secure Software Update SystemsSpiral 2 Year-end Project Review University of Washington PI: Justin Cappos Staff: Geremy Condra Students: Monzur Muhammad 26 Aug 2010

  2. Project Summary • Software updaters are insecure • Vulnerable to malicious mirrors • Vulnerable to key compromises • Vulnerable to malicious ISPs • Etc. • Goal: Secure software update systems • Building a framework to solve these issues is very hard (year 1) • Need client, developer, and repository tools • Putting it in use will reveal new challenges (year 2) • Mirrors, Key compromises, delegation, DoS, etc • Gaining adoption precludes legacy code modification (year 3) • Interpose on software updater traffic 26 Aug 2010

  3. Milestone & QSR Status 26 Aug 2010

  4. Accomplishments 1: Advancing GENI Spiral 2 Goals • GENI Spiral 2 Goals are described in “GENI Spiral 2 Overview”, section 7. Project SoWs and milestones were crafted to support those goals. On this slide, summarize project accomplishments this year that contribute to the Spiral 2 goals. Continuous Experimentation: Our work is important for practical (non-malicious) use of GENI Interoperability: In Year 3, we expect our framework will interoperate with software update systems across all of GENI Identity Management: We intend to allow the use of GENI credentials for signing software updates 26 Aug 2010

  5. Accomplishments 2:Other Project Accomplishments Talk at PyCon (Python developers) Potential collaboration partners identified within different groups PyPy Stork / Raven Seattle CCS paper on secure updates in the face of key compromises. 26 Aug 2010

  6. Issues • On this slide summarize any issues which cause you concern. The GPO is particularly interested in any issues which have or may affect your ability to complete the work described in your SoW/milestones. However, this is a chance to raise other issues as well. • GPO rewards for collaboration will facilitate more reuse • When will there be global identity management mechanisms? 26 Aug 2010

  7. Plans • What are you plans for the remainder of Spiral 2? • Sept 30, 2010 1h) Deliver a design document for client library selective trust delegation and key management. • Sept 30, 2010 1i) Deliver a design document for repository library selective trust delegation and key management. • Roll out live deployments • The GPO is starting to formulate goals for Spiral 3. What are your thoughts regarding potential Spiral 3 work? • Practical use is extremely helpful, thus continuous experimentation is important (and should happen both externally and internally) • Identity management would be useful • New device and use types pose new challenges 26 Aug 2010

More Related