Florida Tech Logo
    • Login
    View Item 
    •   Scholarship Repository at Florida Tech
    • College of Engineering and Science
    • Theses/Dissertations
    • View Item
    •   Scholarship Repository at Florida Tech
    • College of Engineering and Science
    • Theses/Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Dynamics in Recommendations of Updates for Free Open-Source Software

    Thumbnail
    View/Open
    Dissertation PDF (679.4Kb)
    Date
    2020-05
    Author
    Elmane, Shakre
    Metadata
    Show full item record
    Abstract
    In Free and Open-Source Software (FOSS) world, newer is not always better. Automatically updating to the latest version of FOSS applications involves real risks. The newer version could be missing features that are essential to some users, but are dropped by the developers. Another possible scenario, with even more serious consequences, is a project taken over by malicious developers who target users’ sensitive data, or try to control their systems. In this work we identify a set of security risks associated with changes of reviewers in automatic Free and Open-Source software (FOSS) updates. Automatic updates can be a prime target for attackers. Attackers that can compromise this process get access to a large number of users’ machines. In addition to issues associated with regular software updates, automatic FOSS updates face more challenges ranging from developers dropping support for some features that are considered essential for some users, to malicious developers taking over a project, and providing versions of the software containing back-doors to sensitive users’ data. The lack of contracts between FOSS developers and the end users of their products allows for significant changes in quality and functionality of the produced software. Another issue that is unique to FOSS development is the possibility of having multiple competing branches of the same software being developed by different teams, as in the case of Linux distributions. Stacking the Deck Attack is an example of an attack on automatic FOSS updates, when malicious agents control the development of a project, and purposely remove features to disrupt important processes, such as voting. Existing solutions to address these challenges include utilizing meta-recommenders to rank the independent reviewers. These reviewers evaluate and recommend software updates and distributions. More diverse and stable recommenders boost the robustness against a take-over. We observe issues caused by reviewers churning (reviewers joining or leaving the system). We show that outdated recommendations from reviewers that are no longer active can continue to be maintained in the system and compete with active reviewers. We discuss here the implications of reviewer churning and we suggest and analyze solutions to mitigate these issues. In this research, we improve on the existing FOSS Updates Meta-Recommendations framework, which is shown (in [6, 7]) to increase resistance to certain attacks. We study how to handle more efficiently the situations where reviewers join and/or leave the P2P network, without a significant impact on the accuracy of recommendations or the performance of the system. Here, algorithms for countering Stacking-the-Deck Attacks in the context of reviewer churning are proposed based on distributed meta-recommenders, and are shown to help mitigate reasonable scenarios of attack & churning intensity, with limited casualty rates.
    URI
    http://hdl.handle.net/11141/3185
    Collections
    • Theses/Dissertations

    DSpace software copyright © 2002-2015  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    @mire NV
     

     

    Browse

    All of Scholarship RepositoryCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister

    Statistics

    Most Read ItemsStatistics by CountryMost Read Authors

    DSpace software copyright © 2002-2015  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    @mire NV