improving the securedrop system architecture
play

Improving the SecureDrop System Architecture heartsucker SecureDrop - PowerPoint PPT Presentation

Oct 24, 2022 •207 likes •642 views

Improving the SecureDrop System Architecture heartsucker SecureDrop Maintainer FOSDEM 2018 SecureDrop Release Signing Key Fingerprint: 2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77 SecureDrop is an open-source whistleblower submission

  1. Improving the SecureDrop System Architecture heartsucker SecureDrop Maintainer FOSDEM 2018 SecureDrop Release Signing Key Fingerprint: 2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77

  2. SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.

  3. picture of all the presidents men In the past, journalists could protect their sources by simply not revealing their identities when asked. Still from “All the Presidents Men”, a film adaptation of Carl Bernstein and Bob Woodward’s reporting on the Watergate break-in

  6. Threat Model GCHQ surveillance base in Bude, UK. Image credit: Trevor Paglen

  7. What are we trying to protect? Source Anonymity Document Confidentiality

  8. Who do we want to protect it from? EVERYONE Nation States Large Corporations Local Law Enforcement & Government

  9. What are their capabilities? EVERYTHING Intercept Network Traffic Hack Into the Servers Send Agents to Seize Submit Malware to Hardware Journalists via SecureDrop

  10. Image: Guram Mikaberidze

  11. Current State of SecureDrop

  12. Secure Viewing Station Journalist Source App Server Firewall Monitor Server

  13. Develop, Deliver, Deploy 1. Write a feature 2. Write tests NOTHING a. Unit tests b. Functional tests w/ Selenium c. Multi-stage tests with Molecule SPECIAL 3. Write docs 4. Mandatory code review for all developers 5. Automated testing with CircleCI HERE a. Linting b. Unit & functional tests c. Debian packaging, test deployment scripts 6. Manual testing of release candidates 7. Publish packages to apt repo

  15. Failures and Fixes

  17. What went wrong ● Root cause: Nautilus allowing .desktop files to execute arbitrary code ● SVS is not a true airgap ○ dirty USBs to Journalist Workstation ○ USBs to publishing/editing workstation ● Failure to adhere to principle of least privilege / imperfect isolation ○ GPG keys accessible by untrusted files

  19. Journalist Workstation Internet-connected VM Disposable VM not connected to the internet

  21. :(

  25. Localization ● Code changes ● Dependency changes ● Build update to support translations ● Weblate for external translators ● String freezes in preparation for a release

  31. Flask-SQLAlchemy Alembic Postgres Source App Refactor pytest Journalist App Refactor

  33. App Server

  34. App Server Source App Gateway Database Journalist App Workstation

  35. Open Questions & Research

  38. TODO SD is super boring to write and it’s bs grunt work but the end resutl is super important

  39. can prevent press freedom violations.

  40. Current SecureDrop Team prototyping next generation + contributors SecureDrop workstation Ford-Mozilla Open Web Fellow

  41. Come join us! • Please come and talk to one of us after if you are interested in helping out! • Translation: https://weblate.securedrop.club • Code and documentation: • https://github.com/freedomofpress/securedrop • https://github.com/freedomofpress/securedropworkstation • Chat with us: • https://forum.securedrop.club (forum) • https://gitter.im/freedomofpress/securedrop (team chat) • securedrop@freedom.press • Donate: https://securedrop.org/donate • Follow: @SecureDrop and @FreedomOfPress

  42. Contact heartsucker@freedom.press 0CEC 9368 88A6 0171 4611 74C5 C0A2 586F 09D7 7C82

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Baseline QA system Deliverable 2 C.J Hsu Ryan Bielby O utline System Architecture

Baseline QA system Deliverable 2 C.J Hsu Ryan Bielby O utline System Architecture

Baseline QA system Deliverable 2 C.J Hsu Ryan Bielby O utline System Architecture Frontend System (Answer generator) Backend System (IR Engine) Evaluations Discussions References System Architecture The frontend

394 views • 15 slides
Space: Space: System Architecture System Architecture vs Optimization vs Optimization

Space: Space: System Architecture System Architecture vs Optimization vs Optimization

Space: Space: System Architecture System Architecture vs Optimization vs Optimization Vladimir Grebenyuk Raytheon Canada Limited Space: The Space: The First Steps First Steps October 4,1957 April 12, 1961 July 20,

819 views • 52 slides
CPU Architecture system clock Memory 64-bit adder Every CPU architecture is implemented using

CPU Architecture system clock Memory 64-bit adder Every CPU architecture is implemented using

CPU Architecture system clock Memory 64-bit adder Every CPU architecture is implemented using digital logic. In each cycle of the system clock, logic is executed and results are saved. System designers attempt to implement logic so that

508 views • 14 slides
1 Where does architecture come from? What order? Use an architecture youve seen before

1 Where does architecture come from? What order? Use an architecture youve seen before

Architecture 2 1 Announcements What is Architecture? Final project hand-in and documentation Big picture Structure or structures that support the system Early design decisions Architecture is the design decisions you

275 views • 5 slides
Architecture Caches Main memory Interconnect system System/Memory bus I/O

Architecture Caches Main memory Interconnect system System/Memory bus I/O

Calcolatori Elettronici e Sistemi Operativi System architecture CPU(s) Memory hierarchy Architecture Caches Main memory Interconnect system System/Memory bus I/O busses ata, eisa, i2c, ide, pci, pcmcia, scsi, spi,

653 views • 21 slides
IS ARCHITECTURE OVERVIEW 2110684 Information System Architecture Natawut Nupairoj, Ph.D. Course

IS ARCHITECTURE OVERVIEW 2110684 Information System Architecture Natawut Nupairoj, Ph.D. Course

2110684 - IS Architecture Overview IS ARCHITECTURE OVERVIEW 2110684 Information System Architecture Natawut Nupairoj, Ph.D. Course Plan Overview and Background Concepts Core Infrastructure System Management / Security / Tuning

751 views • 41 slides
Input-output Basic (simplified) I/O architecture I/O is very much architecture/system

Input-output Basic (simplified) I/O architecture I/O is very much architecture/system

Input-output Basic (simplified) I/O architecture I/O is very much architecture/system dependent CPU I/O requires cooperation between processor that issues I/O command (read, write etc.) Cache buses that provide the

250 views • 5 slides
Improving Customer Service with Deep Learning Techniques in a Multi-Touchpoint System Rajesh

Improving Customer Service with Deep Learning Techniques in a Multi-Touchpoint System Rajesh

Improving Customer Service with Deep Learning Techniques in a Multi-Touchpoint System Rajesh Munavalli PayPal Inc Outline PayPal Customer Service Architecture Evolution of NLP Help Center and Email Routing Projects Why

403 views • 36 slides
Database System Interactions Thomas Schwarz, SJ Three Tier Web Server Architecture Standard

Database System Interactions Thomas Schwarz, SJ Three Tier Web Server Architecture Standard

Database System Interactions Thomas Schwarz, SJ Three Tier Web Server Architecture Standard architecture for e-commerce sites Tiered / layered architecture around since the THE operating system 1965 Presentation Layer: Web Services

520 views • 15 slides
Above 2 GHz Common Communication System Architecture Presented by: Eric Johnson Raytheon

Above 2 GHz Common Communication System Architecture Presented by: Eric Johnson Raytheon

Above 2 GHz Common Communication System Architecture Presented by: Eric Johnson Raytheon Company 11/1/2004 Page 1 Presentation Overview Network Architecture and Mission Overview Challenges for above 2GHz System Architecture

357 views • 15 slides
Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System

Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System

Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System Administration 3. GUI Tricks 4. Command line tricks 5. Docs & Resources Architecture - 1 - Directory Layout / /Applications and

648 views • 38 slides
CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p

CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p

CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p proposed architecture for SLHC front end amplifier design in 130nm system architecture ideas system architecture ideas triggering possibilities

369 views • 24 slides
Americas Retirement Architecture: Americas Retirement Architecture: Strains in the System

Americas Retirement Architecture: Americas Retirement Architecture: Strains in the System

Americas Retirement Architecture: Americas Retirement Architecture: Strains in the System Strains in the System Sujit M. CanagaRetna The Council of State Governments Southern Office, the Southern Legislative Conference (SLC) Testimony

466 views • 7 slides
achieve the Health system goals _all agents system has a role and responsibility in improving and

achieve the Health system goals _all agents system has a role and responsibility in improving and

Value-based procurement to achieve the Health system goals _all agents system has a role and responsibility in improving and maintaining the quality _towards a person centred system, where the focus will be on the needs of population _a

418 views • 7 slides
APOGEE Wireless System Architecture APOGEE Wireless System Architecture Room Temperature Sensor

APOGEE Wireless System Architecture APOGEE Wireless System Architecture Room Temperature Sensor

APOGEE Wireless System Architecture APOGEE Wireless System Architecture Room Temperature Sensor Management 802.15.4 Radio Battery-powered sensor nodes Sensing Only Sensing and Display Sensing, Override, Setpoint, and

397 views • 3 slides
Outline 1. Introduction 1. Motivation 2. Portuguese Sign Language 3. Goals 2. Architecture 1.

Outline 1. Introduction 1. Motivation 2. Portuguese Sign Language 3. Goals 2. Architecture 1.

Outline 1. Introduction 1. Motivation 2. Portuguese Sign Language 3. Goals 2. Architecture 1. Gloss Translate 2. Lookup 3. Animate 3. Implementation 4. Evaluation 5. Conclusions 6. Demo Motivation the system would be helpful in improving

645 views • 40 slides
GPU Acceleration for Machine Learning John Canny*^ * Computer Science Division University of

GPU Acceleration for Machine Learning John Canny*^ * Computer Science Division University of

GPU Acceleration for Machine Learning John Canny*^ * Computer Science Division University of California, Berkeley ^ Google Research, 2016 Outline BIDMach on single machines BIDMach on clusters DNNs for Power-Law data MCMC for massive

554 views • 43 slides
Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU Eindhoven Nicolas Sendrier Linear Codes for Telecommunication linear expansion data codeword k n > k noisy channel noisy

783 views • 52 slides
Value of Exercise-based Oncology Rehabilitation for Cancer Survivors Northern New England

Value of Exercise-based Oncology Rehabilitation for Cancer Survivors Northern New England

The heart and science of medicine. UVMHealth.org/MedCenter Value of Exercise-based Oncology Rehabilitation for Cancer Survivors Northern New England Clinical Oncology Society Kim Dittus, MD PhD 10/20/19 UVMHealth.org/MedCenter No Financial

585 views • 29 slides
You Only Lend Twice: Corporate Borrowing and Land Values in Real Estate Cycles Cameron LaPoint

You Only Lend Twice: Corporate Borrowing and Land Values in Real Estate Cycles Cameron LaPoint

You Only Lend Twice: Corporate Borrowing and Land Values in Real Estate Cycles Cameron LaPoint Yale SOM AREUEA National Conference 2020 Cameron LaPoint (Yale SOM) You Only Lend Twice AREUEA 2020 1 Motivation What are the e ff ects of a

1.05k views • 71 slides
Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security

Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security

Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security Recent advance in security issues of self-driving cars and smart traffic light --- one of the most disruptive tech today, impacting the safety

518 views • 29 slides
C OMMUNITY C ONGRESS M EETING November 13, 2014 Washington, DC 1 Agenda I.

C OMMUNITY C ONGRESS M EETING November 13, 2014 Washington, DC 1 Agenda I.

I NAUGURAL C OMMUNITY C ONGRESS M EETING November 13, 2014 Washington, DC 1 Agenda I. Introductions II. 15 Year Delay in Treatment Development & Approval Steve Smith, MPS IV Parent Advocate III. Challenges in Treatment

291 views • 26 slides
Challenges for Future Cryogenic Electronics Challenges for Future Cryogenic Electronics Shaorui Li,

Challenges for Future Cryogenic Electronics Challenges for Future Cryogenic Electronics Shaorui Li,

Challenges for Future Cryogenic Electronics Challenges for Future Cryogenic Electronics Shaorui Li, Gianluigi De Geronimo, Jie Ma, Hucheng Chen, Jack Fried, Alessio DAndragora, and Veljko Radeka Brookhaven National Laboratory, NY, USA Outline:

490 views • 22 slides
How to Evaluate Controlled Natural Languages T obias Kuhn Workshop on Controlled Natural

How to Evaluate Controlled Natural Languages T obias Kuhn Workshop on Controlled Natural

How to Evaluate Controlled Natural Languages T obias Kuhn Workshop on Controlled Natural Language (CNL 2009), Marettimo, Italy 8 June 2009 Of T opic: AceWiki 2 T obias Kuhn, CNL 2009, Marettimo, Italy, 8 June 2009 Of T opic: ACE Editor

456 views • 29 slides

More recommend