civodul pushed a commit to branch master
in repository maintenance.
commit de546ac7220c62b12870b2ed20da39e7fd552b82
Author: Ludovic Courtès <[email protected]>
AuthorDate: Mon May 3 13:49:35 2021 +0200
ccs-2021: Complete introductions.
---
doc/ccs-2021/supply-chain.skb | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/doc/ccs-2021/supply-chain.skb b/doc/ccs-2021/supply-chain.skb
index d1c0b53..7e7174b 100644
--- a/doc/ccs-2021/supply-chain.skb
+++ b/doc/ccs-2021/supply-chain.skb
@@ -207,7 +207,18 @@ of its design.])
(p [This paper describes the design and implementation of Guix’s
secure update mechanism. ,(numref :text [Section] :ident "background")
gives background information necessary to understand the overall
-deployment model of Guix. FIXME: complete]))
+deployment model of Guix. ,(numref :text [Section] :ident "rationale")
+presents our goals and threat model for the design of secure updates.
+,(numref :text [Section] :ident "authenticating") describes our design
+of a Git checkout authentication mechanism and ,(numref :text [Section]
+:ident "bootstrapping") discusses trust establishment. ,(numref :text
+[Section] :ident "downgrade") shows how we address downgrade attacks
+while ,(numref :text [Section] :ident "mirrors") focuses on the related
+risk of distributing stale revisions. In ,(numref :text [Section]
+:ident "implementation") we provide key elements of the implementation
+and report on our early experience. Last, ,(numref :text [Section]
+:ident "related") compares to related work and ,(numref :text [Section]
+:ident "conclusion") concludes.]))
(chapter :title [Background] :ident "background"
@@ -659,6 +670,7 @@ satisfy the graph theorist or the Git geek in you, but if
you are up for
a quick tour of the implementation, the next section is for you!]))
(chapter :title [Implementation]
+ :ident "implementation"
(p [Channel authentication as described above is now used in
production. This section documents the reasoning behind some of the
