TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington.

Slides:

Advertisements

Similar presentations

Introduction to SharePoint for .NET Developer

Advertisements

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)

PCT303 – Content Publishing in SharePoint Eugene Rosenfeld Black Blade Associates

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

RPKI Standards Activity Geoff Huston APNIC February 2010.

A PPARC funded project Single Sign-On Proposal Guy Rixon IVOA Interoperability Meeting Cambridge MA, May 2004.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ClassGrab Software Development Plan

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities Vasant Tendulkar NC State University William.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

The OWASP Foundation Risks of Insecure Communication High likelihood of attack Open wifi, munipical wifi, malicious ISP Easy to exploit.

VM: Chapter 5 Guiding Principles for Software Security.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Part 1: Introducing User Interface Design Chapter 1: Introduction –Why the User Interface Matters –Computers are Ubiquitous –The Importance of Good User.

Plug-in and Automatic update security Presented by Maxamed Hilowle.

Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

Measuring DANE TLSA Deployment Liang Zhu 1, Duane Wessels 2, Allison Mankin 2, John Heidemann 1 1. USC ISI 2. Verisign Labs 1.

Course 201 – Administration, Content Inspection and SSL VPN

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Linux Operations and Administration

Web Based Applications

Lightweight Mobile Applications Certification: Prepared By: Rahul Biswas.

Deploying Experiments with Raven Scott Baker SB-Software John H. Hartman University of Arizona.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Digitally Signed Transcripts Department of Computer Science, University of Wisconsin – Eau Claire Student Researcher: Kevin M. Spinar

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

Project Overview Graduate Selection Process Project Goal Automate the Selection Process.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

KATHOLIEKE UNIVERSITEIT LEUVEN 1.NET Curriculum Workshop Teaching Software Security: Case Studies on the.NET Framework Frank Piessens and Wouter Joosen.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Attack Tool Repository and Player for ISEAGE May06-11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.

Sponsored by the National Science Foundation Raven Provisioning Service Spiral 2 Year-end Project Review Department of Computer Science University of Arizona.

1 Update on the Vulnerability Assessment Effort Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona.

Dos and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster Presented: Jesus F. Morales.

Keeping Updated Ensuring hospital IT systems support ePortfolio.

By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.

COMPUTER SECURITY Ashesi University College Benson Wachira Julateh Mulbah.

Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.

Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,

TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.

ClickOnce Deployment (One-click Deployment)

CS457 Introduction to Information Security Systems

CompTIA Server+ Certification (Exam SK0-004)

Secure Software Confidentiality Integrity Data Security Authentication

Introduction to .NET Core

Software Engineering Mujahid Rafiq.

Nessus Vulnerability Scanning

ClickOnce Deployment (One-click Deployment)

Presentation transcript:

TUF: Securing Software Update Systems on GENI Justin Cappos Department of Computer Science and Engineering University of Washington

Introduction software update systems are ubiquitous [Secunia 09] Package managers (YUM, APT, YaST) Application updaters (Firefox, Skype, Tor) Language library managers (easy-install, Ruby GEMS, etc.) Software update systems obtain updates from a repository We want to fix this. software update systems are widely insecure [Bellissimo HotSec 06, Cappos CCS 08]

Is there a practical risk? (slide content omitted)

But security is simple, right? Just use HTTPS Common errors in how certificates are handled Do you trust all CAs? Online data becomes single point of weakness... and add signatures to the software updates Attackers can perform a replay attack... and add version numbers to the software updates Attackers can launch freeze attacks

But security is simple, right? (cont.) and add a quorum of keys signature system for the root of trust, add signing by different compartmentalized key types, use online keys only to provide freeze attack protection and bound their trust window, etc. [Thandy software updater for Tor] We still found 8 design / implementation flaws Having each developer build their own "secure" software update system will fail

Our approach for new systems Build a client library that provides security for software update systems Build a repository library that correctly signs developer updates

Year 1: Planning and Prototyping Overview write-up (complete) Client lib design document (complete) Repository lib design document (complete) Client & repository library prototypes (03/28/10) Developer push & example software updater (05/30/10) Trust delegation design (09/30/10)

Year 2: Live Deployments Improve security mechanisms Ensure the client library is portable Work with live deployments Raven / Stork -- John Hartman and Scott Baker ?Tor / Thandy? -- Roger Dingledine and Nick Mathewson ??? Focus on supporting the developer / repository interface(s) used on GENI

Year 3: Legacy Systems Must retain functionality of existing system Intercept traffic from insecure software update systems to transparently force it through the client library Provide feedback to the user / system administrator

Conclusion Software update systems are extremely vulnerable Building a secure software update system is very hard We propose to: Build a library for securing software update systems Use live deployments to ensure quality Secure legacy systems by exploiting their insecurity

Why focus on this threat? Existing implementations are insecure [Bellissimo 06, Cappos 08] Software update systems run as root Traditional defenses don't protect against attacks Ubiquitous An attack often appears benign Attack code can be easily reused [EvilGrade] Trends show server attacks are on the rise [CERT]