Show simple item record

dc.contributor.advisorSilaghi, Marius
dc.contributor.authorAlhamed, Khalid
dc.creatorAlhamed, khalid
dc.date.accessioned2015-05-12T20:35:07Z
dc.date.available2015-05-12T20:35:07Z
dc.date.issued2015-05
dc.identifier.urihttp://hdl.handle.net/11141/654
dc.descriptionThesis (Ph.D.) – Florida Institute of Technology, 2015en_US
dc.description.abstractCurrently many users trust open-source binaries downloaded from repositories such as sourceforge.net,github.com, and gitorious.org. As with any system connected to the Internet, such repositories can be subject to attacks tampering with the distributed binaries (inserting malicious code, changing behavior). Developers can change their vision and abandon features that are essential for certain users. Moreover, well-funded attackers can effectively take control of a project by orchestrating the transfer of the leadership of the developers to people whom they control. We propose a framework to reduce the level of trust that users are required to have into updates for open-source software that is maintained by volunteers. This framework integrates evaluations from independent testers into the mechanism for automatic updates of binaries for free and open-source software. Each user can select a set of testers he or she trusts and can limit automatic updates to the case where a certain quality is evaluated by these testers with a minimum declared depth of test, when aggregated with a configurable function. In fact, with the proposed method, it is sufficient for the user to trust that his flexibly-specified constellation of independent testers is safe to each given attack, even as all may be subject to different attacks. Our solution is adapted to the peer-to-peer (P2P) environment, without centralized control, to enhance the independence of the testers. In such environments, each peer is equipped with a distributed recommender agent to propagate recommendations about the peer’s trusted testers. The proposed distributed recommender model enforces the independence of the testers by: 1) Automatic amortization of the recommendations when the trust is not manually strengthened, and 2) Blocking propagation at any user that does not employ the reviews. In turn, this independence of the testers is used to enhance the security of the automatic updating system. A new integrated framework of open-source development, testing, distribution, and updating is defined, implemented, and made available.en_US
dc.format.mimetypeapplication/pdf
dc.language.isoen_USen_US
dc.rightsCopyright held by authoren_US
dc.titleFramework for Open-Source Software Update Mechanism: Resistance to Stacking the Deck Attacken_US
dc.typeDissertationen_US
dc.date.updated2015-04-20T18:47:23Z
thesis.degree.nameDoctor of Philosophy in Computer Scienceen_US
thesis.degree.levelDoctoralen_US
thesis.degree.disciplineComputer Scienceen_US
thesis.degree.departmentComputer Sciencesen_US
thesis.degree.grantorFlorida Institute of Technologyen_US
dc.type.materialtext


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record