{"title":"通过以太坊实现二进制文件完整性保护的实际权衡","authors":"O. Stengele, Jan Droll, H. Hartenstein","doi":"10.1145/3429358.3429374","DOIUrl":null,"url":null,"abstract":"Ensuring the integrity of executable binaries is of vital importance to systems that run and depend on them. Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions. Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems. Stengele et al. [4] presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations. In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes. We show the client's ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client. We also examine the trust relations and trade-offs through our use case. Since the user client fully relies on an Ethereum client as a gateway, the latter's resilience against malicious actors is crucial to consider in a practical deployment.","PeriodicalId":117044,"journal":{"name":"Proceedings of the 21st International Middleware Conference Demos and Posters","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Practical Trade-Offs in Integrity Protection for Binaries via Ethereum\",\"authors\":\"O. Stengele, Jan Droll, H. Hartenstein\",\"doi\":\"10.1145/3429358.3429374\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ensuring the integrity of executable binaries is of vital importance to systems that run and depend on them. Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions. Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems. Stengele et al. [4] presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations. In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes. We show the client's ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client. We also examine the trust relations and trade-offs through our use case. Since the user client fully relies on an Ethereum client as a gateway, the latter's resilience against malicious actors is crucial to consider in a practical deployment.\",\"PeriodicalId\":117044,\"journal\":{\"name\":\"Proceedings of the 21st International Middleware Conference Demos and Posters\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 21st International Middleware Conference Demos and Posters\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3429358.3429374\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 21st International Middleware Conference Demos and Posters","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3429358.3429374","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Practical Trade-Offs in Integrity Protection for Binaries via Ethereum
Ensuring the integrity of executable binaries is of vital importance to systems that run and depend on them. Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions. Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems. Stengele et al. [4] presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations. In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes. We show the client's ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client. We also examine the trust relations and trade-offs through our use case. Since the user client fully relies on an Ethereum client as a gateway, the latter's resilience against malicious actors is crucial to consider in a practical deployment.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
