TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.

Slides:



Advertisements
Similar presentations
A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.
Advertisements

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.
TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
VM: Chapter 5 Guiding Principles for Software Security.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.
Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015.
Large-scale application security Charlie Eriksen.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Course 201 – Administration, Content Inspection and SSL VPN
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Entré NetMonitor Proactive IT monitoring, Management and support Think DIFFERENT about IT.
Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.
Lightweight Mobile Applications Certification: Prepared By: Rahul Biswas.
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
Information Systems Security Computer System Life Cycle Security.
PrimoGENI Tutorial Miguel Erazo, Neil Goldman, Nathanael Van Vorst, and Jason Liu Florida International University Other project participants: Julio Ibarra.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
A Scientific Approach to Software Security Dennis Fisher May 15, 2012 The Kaspersky Lab Security News Service.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Version 02U-1 Computer Security: Art and Science1 Penetration Testing by Brad Arkin Scott Stender and Gary McGraw.
An Introduction to Internet Explorer DLL Vulnerability and Damage Analysis Bo Sun, Dawei Su {sun,
Cryptography, Authentication and Digital Signatures
A DΙgital Library Infrastructure on Grid EΝabled Technology ETICS Usage in DILIGENT Pedro Andrade
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.
Adaptable Consistency Control for Distributed File Systems Simon Cuce Monash University Dept. of Computer Science and Software.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Wireless and Mobile Security
Sponsored by the National Science Foundation Raven Provisioning Service Spiral 2 Year-end Project Review Department of Computer Science University of Arizona.
What is GAC Repository containing all the assemblies of CLR Machine wide Assemblies shared by several applications Where CLR is installed C:\Windows\Microsoft.NET\assembly\GAC_MSIL.
D4Science and ETICS Building and Testing gCube and gCore Pedro Andrade CERN EGEE’08 Conference 25 September 2008 Istanbul (Turkey)
MyHealth Journal: a User-Customizable Diary Software for Health Soufiane Berouel, Undergraduate Student Supervised by Prof. Lily Liang Department of Computer.
Keeping Updated Ensuring hospital IT systems support ePortfolio.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Twesige Richard.  Advanced RISC Machines.  Set of instruction set architectures related to programing registers, CPU’s also I/O devices.  RISC acronym.
COMPUTER SECURITY Ashesi University College Benson Wachira Julateh Mulbah.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.
ClickOnce Deployment (One-click Deployment)
INTRODUCTION CHARLES MUIRURI
Presented by Edith Ngai MPhil Term 3 Presentation
Nessus Vulnerability Scan
Security of Digital Signatures
Penetration Testing: Concepts,Attacks and Defence Stratagies
Types for Programs and Proofs
Nessus Vulnerability Scanning
Providing Secure Storage on the Internet
ClickOnce Deployment (One-click Deployment)
Presentation transcript:

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering

Introduction You need to update software Software update systems are widely insecure [Bellissimo HotSec 06, Cappos CCS 08, Samuel CCS 10] You don’t want to think about security

Is there a practical risk? Trivial to become an official mirror [Cappos 08] Often can even target specific nodes [Samuel login 09] Example attack that is fixed in modern package managers due to our work Find existing exploit code for an old version of a package that isn't installed Change the package metadata so the old version of the package is installed with any update After the computer does an update, remotely exploit it A knowledgeable attacker can root any system on PlanetLab today!

But security is simple, right? Just use HTTPS Common errors in how certificates are handled Online data becomes single point of weakness... and add signatures to the software updates Attackers can perform a replay attack... and add version numbers to the software updates Attackers can launch freeze attacks

But security is simple, right? (cont.) and add a quorum of keys signature system for the root of trust, add signing by different compartmentalized key types, use online keys only to provide freeze attack protection and bound their trust window, etc. [Thandy software updater for Tor] We still found 8 design or implementation flaws The median Windows machine has ~24 updaters [Secunia] GENI -> MITM Having each developer build their own "secure" software update system will fail

Our approach for new systems

Our approach for legacy systems Intercept traffic

Project roadmap Build an artifact early, add security mechanisms gradually Portability of the client library is key Work with Raven, Tor, PrimoGENI, PlanetLab, nmap, etc. Many pairs of eyes uncover bugs more easily Focus on supporting the developer / repository interface(s) used by GENI devels

TUF Conclusion Software update systems are extremely vulnerable Building a secure software update system is very hard We have the solution! We will: Securing legacy systems by exploiting their insecurity Working with different communities to ensure quality

Research Methodology Seattle Testbed CheckAPI Shims Lind The Update Framework (TUF) UPPIR Outline

Bullet point Subpoint More bullet points Decorated Page

Subtle page Heading Bullet points…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.