Dynamics in Recommendations of Updates for Free Open-Source Software

Abstract

In Free and Open-Source Software (FOSS) world, newer is not always better. Automatically updating to the latest version of FOSS applications involves real risks. The newer version could be missing features that are essential to some users, but are dropped by the developers. Another possible scenario, with even more serious consequences, is a project taken over by malicious developers who target users’ sensitive data, or try to control their systems. In this work we identify a set of security risks associated with changes of reviewers in automatic Free and Open-Source software (FOSS) updates. Automatic updates can be a prime target for attackers. Attackers that can compromise this process get access to a large number of users’ machines. In addition to issues associated with regular software updates, automatic FOSS updates face more challenges ranging from developers dropping support for some features that are considered essential for some users, to malicious developers taking over a project, and providing versions of the software containing back-doors to sensitive users’ data. The lack of contracts between FOSS developers and the end users of their products allows for significant changes in quality and functionality of the produced software. Another issue that is unique to FOSS development is the possibility of having multiple competing branches of the same software being developed by different teams, as in the case of Linux distributions. Stacking the Deck Attack is an example of an attack on automatic FOSS updates, when malicious agents control the development of a project, and purposely remove features to disrupt important processes, such as voting. Existing solutions to address these challenges include utilizing meta-recommenders to rank the independent reviewers. These reviewers evaluate and recommend software updates and distributions. More diverse and stable recommenders boost the robustness against a take-over. We observe issues caused by reviewers churning (reviewers joining or leaving the system). We show that outdated recommendations from reviewers that are no longer active can continue to be maintained in the system and compete with active reviewers. We discuss here the implications of reviewer churning and we suggest and analyze solutions to mitigate these issues. In this research, we improve on the existing FOSS Updates Meta-Recommendations framework, which is shown (in [6, 7]) to increase resistance to certain attacks. We study how to handle more efficiently the situations where reviewers join and/or leave the P2P network, without a significant impact on the accuracy of recommendations or the performance of the system. Here, algorithms for countering Stacking-the-Deck Attacks in the context of reviewer churning are proposed based on distributed meta-recommenders, and are shown to help mitigate reasonable scenarios of attack & churning intensity, with limited casualty rates.