chainiac proactive software update transparency via
play

CHAINIAC: Proactive Software-Update Transparency via Collectively - PowerPoint PPT Presentation

Sep 02, 2022 •548 likes •1.16k views

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds 1 Kirill Nikitin , 1 Eleftherios Kokoris-Kogias, 1 Philipp Jovanovic, 1 Linus Gasser, 1 Nicolas Gailly, 2 Ismail Kho ffi , 3 Justin Cappos, 1

  1. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds 1 Kirill Nikitin , 1 Eleftherios Kokoris-Kogias, 1 Philipp Jovanovic, 1 Linus Gasser, 1 Nicolas Gailly, 2 Ismail Kho ffi , 3 Justin Cappos, 1 Bryan Ford 1 École polytechnique fédérale de Lausanne (EPFL) 2 University of Bonn 3 New York University

  2. Software Updates A program tape for the 1944 Harvard Mark I, Hilary Mason's Twitter one of the first digital computers. Wikipedia. 2

  3. Software Updates • Softwares updates are used to patch disclosed vulnerabilities, add new features, and improve security posture • If you do not update your system, things can go bad… Forbes The Verge The Sun 3

  4. Software Updates • But even if you do update your system regularly, things can go wrong too… • Software-update systems are a lucrative attack target due to their centralized design and potential impact on users How can we make software-update systems more secure and transparent? 4

  5. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Distribution center Developers </CODE> Users 5

  6. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Build server Distribution center Developers ⚙ ⚙ </CODE> Users 6

  7. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Build server Distribution center Developers ⚙ ⚙ </CODE> Users 7

  8. Software Release Pipeline Development/Review – Building release binaries – Sign-o ff – Release distribution Build server Distribution center Developers </CODE> Users 8

  9. Challenges 1. Make software-update process resilient to partial key compromise Build server Distribution center Developers </CODE> Users 9 9 9

  10. Challenges 1. Make software-update process resilient to partial key compromise Build server Distribution center Developers </CODE> Users 10 10 10

  11. Challenges 1. Make software-update process resilient to partial key compromise Build server Distribution center Developers </CODE> Users 11 11 11

  12. Challenges 1. Make software-update process resilient to partial key compromise Kaspersky Securelist Talos report on Mashable Petya/NotPetya attacks 12 12 12

  13. Challenges 2. Prevent malicious substitution of a release binary during building process Build server Distribution center Developers </CODE> Users 13 13 13

  14. Challenges 2. Prevent malicious substitution of a release binary during a build process Build server Distribution center Developers ⚙ ⚙ </CODE> Users 14 14 14

  15. Challenges 2. Prevent malicious substitution of a release binary during a build process Build server Distribution center Developers </CODE> Users 15 15 15

  16. Challenges 2. Prevent malicious substitution of a release binary during a build process Over 90% of the source packages included in Debian 9 will build bit- for-bit identical binary packages 16

  17. Challenges How many of you have reproducibly built software binaries for personal use? 17

  18. Challenges 2. Prevent malicious substitution of a release binary during a build process Closed-source software? Building the Tor Browser bundle takes 32 hours on a modern laptop 18

  19. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers Users 19 19 19

  20. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers Users 20 20 20

  21. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers ⚙ ⚙ </CODE> </CODE’> Users 21 21 21

  22. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers </CODE> </CODE’> Users 22 22 22

  23. Challenges 3. Protect users from targeted attacks by coerced or bribed developers Build server Distribution center Developers </CODE> </CODE’> Users 23 23 23

  24. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 24 24 24 24

  25. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 25 25 25 25

  26. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 26 26 26 26

  27. Challenges 4. Enable developers to securely rotate their signing keys in case of renewal or compromise Distribution Build center server Developers Users 27 27 27 27

  28. Design of CHAINIAC 28

  29. Roadmap to CHAINIAC Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 29

  30. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Developers User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 30

  31. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Developers User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 31

  32. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers ⚙ User Release Release <source code> <binary> Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 32

  33. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers ⚙ User Release Release <source code> <binary> Developers’ Policy signatures Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 33

  34. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers User Release <binary> Developers’ Policy signatures Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 34

  35. Decentralized Release-Approval 1. Make software-update process resilient to partial key compromise Distribution center Developers User Policy Release <binary> Developers’ signatures Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 35

  36. Background • Collective Authority (Cothority), Collective Signing (CoSi), and BFT-CoSi Authoritative statements: e.g. log records 1 record 2 record 3 record each statement collectively signed by both authority Authority and all or most witnesses Witness Cosigners References • Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Kho ffi , and Bryan Ford. Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning. In 37th IEEE Symposium on Security and Privacy , May 2016. • Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Kho ffi , Linus Gasser, and Bryan Ford. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In Proceedings of the 25th USENIX Conference on Security Symposium , 2016. 36

  37. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> <binaries> Developers’ signatures User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 37

  38. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> ⚙ ⚙ <binaries> Developers’ ⚙ signatures User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 38

  39. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> ⚙ ⚙ <binaries> Co-signature ⚙ User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 39

  40. Verified Builds 2. Prevent malicious substitution of a release binary during building process Distribution Developers center Cothority Release Tree <source code> <binaries> ⚙ ⚙ Co-signature ⚙ Download & Verify User Policy Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 40

  41. Verified Builds Release Policy File - List of individual developer public keys - Signing threshold - Cothority public key - Supported platforms for verified builds - … Decentralized Verified Builds Anti-equivocation Key Evolution Release Approval 41

Recommend

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
Searching Searching Architecture Architecture Models Models for for Proactive Software

Searching Searching Architecture Architecture Models Models for for Proactive Software

Searching Searching Architecture Architecture Models Models for for Proactive Software Diversification Proactive Software Diversification Benoit Baudry joint work with J. Bourcier, F. Fouquet, S. Allier, M. Monperrus 1 Early software

932 views • 57 slides
Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai Zhang Michael D. Ernst Google Research University of Washington Goal : helping developers improve software error diagnostic messages Input data

806 views • 38 slides
13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019

Brussels 21/11/2019 13 th Transparency Workshop Update on the TP activities BluePoint Meeting Centre 21 November 2019 Kathrine Nygaard Stannov, Subject Manager Transparency Rene Prins, Transparency Adviser Agenda &gt; New developments in 2019

648 views • 32 slides
Update on the Color Transparency Experiment e' p 16 July 2020 e e John Matter p p' e 1

Update on the Color Transparency Experiment e' p 16 July 2020 e e John Matter p p' e 1

Update on the Color Transparency Experiment e' p 16 July 2020 e e John Matter p p' e 1 Summary CT definition Complete transparency 1.0 Optics CT onset Target Boiling Glauber Proton Absorption PID e ffi ciency Q

321 views • 21 slides
Update on the Color Transparency Experiment 28 January 2019 John Matter HMS e' e - e Target e

Update on the Color Transparency Experiment 28 January 2019 John Matter HMS e' e - e Target e

Update on the Color Transparency Experiment 28 January 2019 John Matter HMS e' e - e Target e - beam p p' p SHMS 1 Summary e' e p p' CT Definition Why do we care? Complete transparency 1.0 A Brief History CT onset

481 views • 24 slides
Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer

Proactive Security in Linux Lukas Vrabec About me Lukas Vrabec Software Engineer Member of Security Technologies team at Red Hat Fedora Contributor (selinux-policy, xguest, udica, netlabel_tools) lvrabec@redhat.com

1.55k views • 122 slides
1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

Politics and Information: Discussion Notes 1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No democratic society worthy of the name can govern itself without transparency and information. Onthecommons.org

461 views • 5 slides
Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency &amp; Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency &amp; Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency &amp; Advisory Management Section Prescription Medicines Authorisation Branch Market Authorisation Division, TGA ARCS Scientific Congress Canberra 2016 Two transparency

652 views • 36 slides
Update on Shared Transparency Efforts in Energy Markets

Update on Shared Transparency Efforts in Energy Markets

Update on Shared Transparency Efforts in Energy Markets First G20 Energy Sustainability Working Group meeBng under the Turkish Presidency of the G20

448 views • 26 slides
ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici

ProActive Architecture of an Open Middleware for the Grid Romain Quilici www.objectweb.org/ProActive ObjectWeb Architecture meeting July 2nd 2003 1 ProActive A Java API + Tools for Parallel, Distributed Computing A uniform framework: An

921 views • 56 slides
NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020

NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020

NCONDEZI E ENERGY Company U Update Proactive I Investor E Evening 20 20 Fe February, 2020 2020 1 DI DISCLA LAIMER This document, which is personal to the recipient, has been issued by Ncondezi Energy Limited (the Company). This

571 views • 17 slides
Transparency Initiative Update and Introduction of Technical &amp; Interface Introduction of

Transparency Initiative Update and Introduction of Technical &amp; Interface Introduction of

Transparency Initiative Update and Introduction of Technical &amp; Interface Introduction of Technical &amp; Interface Community Industry Day Event December 9, 2014 Welcome! We look forward to a dialogue today. You will have the

417 views • 20 slides
www.transparencyindia.org Transparency International India Transparency International-India

www.transparencyindia.org Transparency International India Transparency International-India

www.transparencyindia.org Transparency International India Transparency International-India is the accredited Indian National Chapter of Transparency International. It was established in 1997. Transparency International India endeavors

603 views • 45 slides
Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement

Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement

Capacity-building Initiative for Transparency GEF Secretariat Background Paris Agreement, Transparency, and CBIT Paris Agreement Article 13: Transparency To build mutual trust and confidence and to promote effective implementation

643 views • 15 slides
Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized

Retain Your Users for Life Proactive We Live in an Age of Instant Gratification Personalized Omnichannel Users demand Proactive Information Users Expect Brands to Anticipate Their Needs Proactive 76% 63% o f u s e r s o f u s e r s

292 views • 27 slides
Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

Fiscal Transparency and Accountability Overview Importance of Institutional Transparency

September 28, 2017 Alex Hathaway Center for State and Local Finance Fiscal Transparency and Accountability Overview Importance of Institutional Transparency Review of the Literature Methodology Volcker Alliance questions

343 views • 16 slides
NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation

NUCLEAR TRANSPARENCY WATCH Prevent and anticipate through transparency and participation Activities of NTW Workshop on Environmental Mapping: Mobilising Trust in Measurements and Engaging Scientific Citizenry Nadja Zeleznik nzeleznik@rec.org

338 views • 30 slides
Breaking down data silos for improved insight a data transparency perspective Transparency

Breaking down data silos for improved insight a data transparency perspective Transparency

Breaking down data silos for improved insight a data transparency perspective Transparency an organisational view Transparency is all about the release of information by institutions or companies that is relevant for the evaluation of

883 views • 32 slides
Effectiveness of Proactive CSIRT Services Dr. Klaus-Peter Kossakowski Johannes Wiik, Ph.D.

Effectiveness of Proactive CSIRT Services Dr. Klaus-Peter Kossakowski Johannes Wiik, Ph.D.

Effectiveness of Proactive CSIRT Services Dr. Klaus-Peter Kossakowski Johannes Wiik, Ph.D. Fellow Carnegie Mellon University Prof. Jos J. Gonzalez Software Engineering Institute Agder University College Frankfurt, Germany Faculty of

596 views • 26 slides
Mining in Anticipation for Concept Change: Proactive-Reactive Prediction in Data Streams Ying

Mining in Anticipation for Concept Change: Proactive-Reactive Prediction in Data Streams Ying

Mining in Anticipation for Concept Change: Proactive-Reactive Prediction in Data Streams Ying Yang 1 , Xindong Wu 2 , and Xingquan Zhu 2 1 School of Computer Science and Software Engineering, Monash University, Melbourne, VIC 3800, Australia,

501 views • 33 slides
A Comparison of Linux Software Update Technologies Matt Porter, Konsulko Group Embedded Linux

A Comparison of Linux Software Update Technologies Matt Porter, Konsulko Group Embedded Linux

A Comparison of Linux Software Update Technologies Matt Porter, Konsulko Group Embedded Linux Conference Europe 2016 Overview Background of Linux software update Linux software update strategies Detailed look at each FOSS project

400 views • 26 slides
transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI

transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI

Driving change in fisheries trade through transparency: Opportunities of the Fisheries Transparency Initiative (FiTI) 16 Session COFI Sub-Committee on Fish trade / Busan, 6 September 2017 The necessity of transparency in fisheries International

346 views • 15 slides
Exploiting Insecurity to Secure Software Update Systems Justin Cappos Department of Computer

Exploiting Insecurity to Secure Software Update Systems Justin Cappos Department of Computer

Exploiting Insecurity to Secure Software Update Systems Justin Cappos Department of Computer Science and Engineering University of Washington Introduction software update system -- a piece of software that installs, updates, removes, or

431 views • 10 slides

More recommend