Framework for Open-Source Software Update Mechanism: Resistance to Stacking the Deck Attack
MetadataShow full item record
Currently many users trust open-source binaries downloaded from repositories such as sourceforge.net,github.com, and gitorious.org. As with any system connected to the Internet, such repositories can be subject to attacks tampering with the distributed binaries (inserting malicious code, changing behavior). Developers can change their vision and abandon features that are essential for certain users. Moreover, well-funded attackers can effectively take control of a project by orchestrating the transfer of the leadership of the developers to people whom they control. We propose a framework to reduce the level of trust that users are required to have into updates for open-source software that is maintained by volunteers. This framework integrates evaluations from independent testers into the mechanism for automatic updates of binaries for free and open-source software. Each user can select a set of testers he or she trusts and can limit automatic updates to the case where a certain quality is evaluated by these testers with a minimum declared depth of test, when aggregated with a configurable function. In fact, with the proposed method, it is sufficient for the user to trust that his flexibly-specified constellation of independent testers is safe to each given attack, even as all may be subject to different attacks. Our solution is adapted to the peer-to-peer (P2P) environment, without centralized control, to enhance the independence of the testers. In such environments, each peer is equipped with a distributed recommender agent to propagate recommendations about the peer’s trusted testers. The proposed distributed recommender model enforces the independence of the testers by: 1) Automatic amortization of the recommendations when the trust is not manually strengthened, and 2) Blocking propagation at any user that does not employ the reviews. In turn, this independence of the testers is used to enhance the security of the automatic updating system. A new integrated framework of open-source development, testing, distribution, and updating is defined, implemented, and made available.