{"title":"实现针对强大攻击者的软件更新一致性","authors":"Lamya Abdullah, S. Hahn, F. Freiling","doi":"10.1145/3360664.3360670","DOIUrl":null,"url":null,"abstract":"Update systems regularly distribute updates for installed software to end users. Problems arise when the update system is misused and malicious updates are sent to a small set of users only. Such situations can occur if the software supplier has been successfully attacked or is coerced by government agencies to distribute handcrafted updates containing promiscuous functionality like backdoors. In this paper, we define a set of general security requirements for update systems that encompass protection against malicious updates. We then introduce the design of an update system that satisfies the requirements and present an implementation as an extension to the advanced package tool (APT) for the Debian OS. We evaluate the strengths and weaknesses of the system and discuss its large-scale applicability with respect to security and performance overhead.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Achieving Consistency of Software Updates against Strong Attackers\",\"authors\":\"Lamya Abdullah, S. Hahn, F. Freiling\",\"doi\":\"10.1145/3360664.3360670\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Update systems regularly distribute updates for installed software to end users. Problems arise when the update system is misused and malicious updates are sent to a small set of users only. Such situations can occur if the software supplier has been successfully attacked or is coerced by government agencies to distribute handcrafted updates containing promiscuous functionality like backdoors. In this paper, we define a set of general security requirements for update systems that encompass protection against malicious updates. We then introduce the design of an update system that satisfies the requirements and present an implementation as an extension to the advanced package tool (APT) for the Debian OS. We evaluate the strengths and weaknesses of the system and discuss its large-scale applicability with respect to security and performance overhead.\",\"PeriodicalId\":409365,\"journal\":{\"name\":\"Proceedings of the Third Central European Cybersecurity Conference\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Third Central European Cybersecurity Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3360664.3360670\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Third Central European Cybersecurity Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3360664.3360670","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Achieving Consistency of Software Updates against Strong Attackers
Update systems regularly distribute updates for installed software to end users. Problems arise when the update system is misused and malicious updates are sent to a small set of users only. Such situations can occur if the software supplier has been successfully attacked or is coerced by government agencies to distribute handcrafted updates containing promiscuous functionality like backdoors. In this paper, we define a set of general security requirements for update systems that encompass protection against malicious updates. We then introduce the design of an update system that satisfies the requirements and present an implementation as an extension to the advanced package tool (APT) for the Debian OS. We evaluate the strengths and weaknesses of the system and discuss its large-scale applicability with respect to security and performance overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
