On 03/10/15 17:15, Vladimir Diaz wrote: > Hi, > > I am a developer in the Secure Systems Lab at NYU. Our lab has > collaborated with popular software update systems in the open-source > community, including APT, yum, and YaST, to address security problems. > More recently, we have been working on a flexible security framework > co-developed with the Tor project that can be easily added to software > updaters to transparently solve many of the known security flaws we have > uncovered in software updaters. We would like to work with The Portage > Development Project to better secure the Portage distribution system. > > TUF > <https://github.com/theupdateframework/tuf#a-framework-for-securing-software-update-systems> > (The Update Framework) is a library that can be added to an existing > software update system and is designed to update files in a more secure > manner. Many software updaters verify software updates with cryptographic > signatures and hash functions, but they typically fail to protect against > malicious attacks that target the metadata and update files presented to > clients. A rollback attack is one such example, where an attacker tricks a > client into installing older files than those the client has already seen > (these older files may be vulnerable versions that have since been fixed). > A full list of attacks and weaknesses the framework is designed to address > is provided here > <https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md#security> > . > > Our website <http://theupdateframework.com/index.html> includes more > information about TUF, including: papers > <https://github.com/theupdateframework/tuf/tree/develop/docs/papers> and a > specification > <https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt>. > If you want to see how an existing project integrates TUF, there is a > standards track proposal > <https://github.com/pypa/interoperability-peps/blob/master/pep-0458-tuf-online-keys.rst#abstract> > to the Python community that you can review. A more rigorous proposal that > requires more administrative work on the repository, but provides more > security protections, is also available > <https://www.python.org/dev/peps/pep-0480/>. > > We were thinking of submitting a pull request that shows how such an > integration would work. So there hopefully won't be much leg work on your > end apart from deciding how the system should be configured (key storage, > roles, etc.). > > Would a pull request be of interest? Is there anything you'd like us to > say more about?
I can't speak for the portage team, but I'm certainly interested to see what you have to show. Security should matter to everyone. -Zero. > > Thanks, > Vlad > > P.S. > There are Informational <http://wiki.gentoo.org/wiki/GLEP:57> and Standards > Track <http://wiki.gentoo.org/wiki/GLEP:58> GLEPs that reference our work > and the security issues that our project addresses, but there hasn't been > much recent activity on these proposals. > > > -- > [email protected] > PGP fingerprint = ACCF 9DCA 73B9 862F 93C5 6608 63F8 90AA 1D25 3935 > -- >
signature.asc
Description: OpenPGP digital signature
