chainiac proactive software update transparency via
play

CHAINIAC: Proactive Software-Update Transparency via Collectively - PowerPoint PPT Presentation

Sep 02, 2022 •548 likes •1.16k views

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds 1 Kirill Nikitin , 1 Eleftherios Kokoris-Kogias, 1 Philipp Jovanovic, 1 Linus Gasser, 1 Nicolas Gailly, 2 Ismail Kho ffi , 3 Justin Cappos, 1

  1. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds 1 Kirill Nikitin , 1 Eleftherios Kokoris-Kogias, 1 Philipp Jovanovic, 1 Linus Gasser, 1 Nicolas Gailly, 2 Ismail Kho ffi , 3 Justin Cappos, 1 Bryan Ford 1 École polytechnique fédérale de Lausanne (EPFL) 2 University of Bonn 3 New York University

  2. Software Updates A program tape for the 1944 Harvard Mark I, Hilary Mason's Twitter one of the first digital computers. Wikipedia. 2

  3. Software Updates • Softwares updates are used to patch disclosed vulnerabilities, add new features, and improve security posture • If you do not update your system, things can go bad… Forbes The Verge The Sun 3

  4. Software Updates • But even if you do update your system regularly, things can go wrong too… • Software-update systems are a lucrative attack target due to their centralized design and potential impact on users How can we make software-update systems more secure and transparent? 4

  5. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Distribution center Developers </CODE> Users 5

  6. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Build server Distribution center Developers ⚙ ⚙ </CODE> Users 6

  7. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Build server Distribution center Developers ⚙ ⚙ </CODE> Users 7

  8. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Build server Distribution center Developers </CODE> Users 8

  9. Challenges 1. Make software-update process resilient to partial key compromise Build server Distribution center Developers </CODE> Users 9 9 9

  10. Challenges 1. Make software-update process resilient to partial key compromise Build server Distribution center Developers </CODE> Users 10 10 10

  11. Challenges 1. Make software-update process resilient to partial key compromise Build server Distribution center Developers </CODE> Users 11 11 11

  12. Challenges 1. Make software-update process resilient to partial key compromise Kaspersky Securelist Talos report on Mashable Petya/NotPetya attacks 12 12 12

  13. Challenges 2. Prevent malicious substitution of a release binary during building process Build server Distribution center Developers </CODE> Users 13 13 13

  14. Challenges 2. Prevent malicious substitution of a release binary during a build process Build server Distribution center Developers ⚙ ⚙ </CODE> Users 14 14 14

  15. Challenges 2. Prevent malicious substitution of a release binary during a build process Build server Distribution center Developers </CODE> Users 15 15 15

  16. Challenges 2. Prevent malicious substitution of a release binary during a build process Over 90% of the source packages included in Debian 9 will build bit- for-bit identical binary packages 16

  17. Challenges How many of you have reproducibly built software binaries for personal use? 17

  18. Challenges 2. Prevent malicious substitution of a release binary during a build process Closed-source software? Building the Tor Browser bundle takes 32 hours on a modern laptop 18

  19. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers Users 19 19 19

  20. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers Users 20 20 20

  21. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers ⚙ ⚙ </CODE> </CODE’> Users 21 21 21

  22. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers </CODE> </CODE’> Users 22 22 22

  23. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers </CODE> </CODE’> Users 23 23 23

  24. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 24 24 24 24

  25. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 25 25 25 25

  26. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 26 26 26 26

  27. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 27 27 27 27

  28. Design of CHAINIAC 28

  29. Roadmap to CHAINIAC Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 29

  30. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Developers User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 30

  31. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Developers User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 31

  32. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers ⚙ User Release Release <source code> <binary> Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 32

  33. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers ⚙ User Release Release <source code> <binary> Developers’ Policy signatures Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 33

  34. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers User Release <binary> Developers’ Policy signatures Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 34

  35. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers User Policy Release <binary> Developers’ signatures Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 35

  36. Background • Collective Authority (Cothority), Collective Signing (CoSi), and BFT-CoSi Authoritative statements: e.g. log records 1 record 2 record 3 record each statement collectively signed by both authority Authority and all or most witnesses Witness Cosigners References • Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Kho ffi , and Bryan Ford. Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning. In 37th IEEE Symposium on Security and Privacy , May 2016. • Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Kho ffi , Linus Gasser, and Bryan Ford. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In Proceedings of the 25th USENIX Conference on Security Symposium , 2016. 36

  37. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> <binaries> Developers’ signatures User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 37

  38. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> ⚙ ⚙ <binaries> Developers’ ⚙ signatures User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 38

  39. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> ⚙ ⚙ <binaries> Co-signature ⚙ User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 39

  40. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> <binaries> ⚙ ⚙ Co-signature ⚙ Download & Verify User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 40

  41. Verified Builds Release Policy File - List of individual developer public keys - Signing threshold - Cothority public key - Supported platforms for verified builds - … Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
Searching Searching Architecture Architecture Models Models for for Proactive Software

Searching Searching Architecture Architecture Models Models for for Proactive Software

Searching Searching Architecture Architecture Models Models for for Proactive Software Diversification Proactive Software Diversification Benoit Baudry joint work with J. Bourcier, F. Fouquet, S. Allier, M. Monperrus 1 Early software

932 views • 57 slides
Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai Zhang Michael D. Ernst Google Research University of Washington Goal : helping developers improve software error diagnostic messages Input data

806 views • 38 slides
13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

Brussels 21/11/2019 13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019 Kathrine Nygaard Stannov, Subject Manager Transparency Rene Prins, Transparency Adviser Agenda &gt; New developments in 2019

648 views • 32 slides
Update on the Color Transparency Experiment e' p 16 July 2020 e e John Matter p p' e 1

Update on the Color Transparency Experiment e' p 16 July 2020 e e John Matter p p' e 1

Update on the Color Transparency Experiment e' p 16 July 2020 e e John Matter p p' e 1 Summary CT definition Complete transparency 1.0 Optics CT onset Target Boiling Glauber Proton Absorption PID e ffi ciency Q

321 views • 21 slides
Update on the Color Transparency Experiment 28 January 2019 John Matter HMS e' e - e Target e

Update on the Color Transparency Experiment 28 January 2019 John Matter HMS e' e - e Target e

Update on the Color Transparency Experiment 28 January 2019 John Matter HMS e' e - e Target e - beam p p' p SHMS 1 Summary e' e p p' CT Definition Why do we care? Complete transparency 1.0 A Brief History CT onset

481 views • 24 slides
Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer Member of Security Technologies team at Red Hat Fedora Contributor (selinux-policy, xguest, udica, netlabel_tools) lvrabec@redhat.com

1.55k views • 122 slides
1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

Politics and Information: Discussion Notes 1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No democratic society worthy of the name can govern itself without transparency and information. Onthecommons.org

461 views • 5 slides
Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency &amp; Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency &amp; Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency &amp; Advisory Management Section Prescription Medicines Authorisation Branch Market Authorisation Division, TGA ARCS Scientific Congress Canberra 2016 Two transparency

652 views • 36 slides
Update on Shared Transparency Efforts in Energy Markets

Update on Shared Transparency Efforts in Energy Markets

Update on Shared Transparency Efforts in Energy Markets First G20 Energy Sustainability Working Group meeBng under the Turkish Presidency of the G20

448 views • 26 slides
ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici www.objectweb.org/ProActive ObjectWeb Architecture meeting July 2nd 2003 1 ProActive A Java API + Tools for Parallel, Distributed Computing A uniform framework: An

921 views • 56 slides
NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020

NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020

NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020 2020 1 DI DISCLA LAIMER This document, which is personal to the recipient, has been issued by Ncondezi Energy Limited (the Company). This

571 views • 17 slides
Transparency Initiative Update and Introduction of Technical &amp; Interface Introduction of

Transparency Initiative Update and Introduction of Technical &amp; Interface Introduction of

Transparency Initiative Update and Introduction of Technical &amp; Interface Introduction of Technical &amp; Interface Community Industry Day Event December 9, 2014 Welcome! We look forward to a dialogue today. You will have the

417 views • 20 slides
www.transparencyindia.org Transparency International India Transparency International-India

www.transparencyindia.org Transparency International India Transparency International-India

www.transparencyindia.org Transparency International India Transparency International-India is the accredited Indian National Chapter of Transparency International. It was established in 1997. Transparency International India endeavors

603 views • 45 slides
Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement

Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement

Capacity-building Initiative for Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement Article 13: Transparency To build mutual trust and confidence and to promote effective implementation

643 views • 15 slides
Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized Omnichannel Users demand Proactive Information Users Expect Brands to Anticipate Their Needs Proactive 76% 63% o f u s e r s o f u s e r s

292 views • 27 slides
Cryptographic Protocols Bank executes (valid) transactions. What is a Valid Transaction

Cryptographic Protocols Bank executes (valid) transactions. What is a Valid Transaction

Repetition: A Virtual Bank (1/4) 2 Alice $7535 Specification Bob $73227 Clara $8317 Bank keeps track of all balances. . . . Users send transactions to bank. transfer(Alice,Clara,$200) Cryptographic Protocols Bank

278 views • 5 slides
Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The

Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The

Analysis and Design of Blockchains Rafael Pass Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The Permissioned Model Consistency Liveness Paxos/PBFT Traditional distributed systems: The

757 views • 53 slides
Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

8/27/2013 Dependability and Security with Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN WORKSHOP ON DEPENDABILITY AND

657 views • 26 slides
Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware

Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware

Dependability aspects of Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware Seminar topics 2016 Driver verification Exhaustive verification has become feasible for small software systems, such as

494 views • 7 slides
Attack-Resilient Multitree Data Distribution Topologies Sascha Grau 1 Technische Universit at

Attack-Resilient Multitree Data Distribution Topologies Sascha Grau 1 Technische Universit at

Attack-Resilient Multitree Data Distribution Topologies Sascha Grau 1 Technische Universit at Ilmenau December 19th, 2012 1 This work was supported by the Deutsche Forschungsgemeinschaft under grant number KU 658/10-2. Sascha Grau (TU Ilmenau)

1.1k views • 51 slides
HH in gluon-gluon fusion Biggest cross section Only loop induced channel Exact NLO

HH in gluon-gluon fusion Biggest cross section Only loop induced channel Exact NLO

HH production: NLO+PS and top-quark mass effects in gluon fusion Eleni Vryonidou Universit catholique de Louvain In collaboration with: F. Maltoni and M. Zaro Phys.Lett. B732 (2014) 142-149 and JHEP 1411 (2014) 079 HPPC2015 Mainz 29/4/15

294 views • 12 slides
Probabilistic models for primes and large gaps William Banks Kevin Ford Terence Tao July, 2019

Probabilistic models for primes and large gaps William Banks Kevin Ford Terence Tao July, 2019

Probabilistic models for primes and large gaps William Banks Kevin Ford Terence Tao July, 2019 Banks, Ford, Tao Probabilistic models for primes 1 / 28 July, 2019 1 / 28 Large gaps between primes p n x ( p n p n 1 ) , p n is the

662 views • 35 slides
Outline Overview Byzantine-Altruistic-Rational (BAR) model System Architecture

Outline Overview Byzantine-Altruistic-Rational (BAR) model System Architecture

4/13/2008 Amitanand S. Aiyer, Lorenzo Alvisi, Allen Clement, Mike Dahlin, Jean-Philippe Martin, Carl Porth Award Paper in the 20 th ACM Symposium on Operating Systems Principles (SOSP 2005) . Presented to: Dr. Ayman Abdel-Hamid By: Shaimaa

566 views • 15 slides

More recommend