Secure Dependency Enforcement in Package Management Systems

被引:7
作者
Catuogno, Luigi [1 ]
Galdi, Clemente [2 ]
Persiano, Giuseppe [3 ]
机构
[1] Univ Salerno, Dipartimento Informat, I-84084 Salerno, Italy
[2] Univ Napoli Federico II, Dipartimento Ingn Elettr & Tecnol Informaz, I-80138 Naples, Italy
[3] Univ Salerno, Dipartimento Sci Aziendali Management & Innovat S, I-84084 Salerno, Italy
关键词
Protocols; Cryptography; Software packages; Servers; Package management systems; secure software update; dependency enforcement;
D O I
10.1109/TDSC.2017.2777991
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Package management systems play an essential role in pursuing systems dependability by ensuring that software is correctly installed and kept up-to-date according to vendor-defined installation policies. Circumventing such policies could make the system unhealthy and insecure and can constitute a serious security threat. In many application scenarios, e.g., distribution of commercial software, the confidentiality of the software must be guaranteed against non-authorized players. In some cases, the installation policy itself is considered a sensitive information, e.g., when it reveals required hardware in military contexts. In this paper we address the problem of strongly enforcing software dependencies in package management systems, to prevent that a malicious user forces the system to install any package despite its requirements are not completely fulfilled. The enforcement is strong in the sense that the encrypted software package cannot be even decrypted if the dependencies are not satisfied. Once a new package is decrypted and installed, our protocol non-interactively updates the key material on the target device. This key update will allow the decryption of further packages that depend on the newly installed one. We further present "policy-hiding" variants of our protocol. Finally we provide an experimental evaluation of the system performance.
引用
收藏
页码:377 / 390
页数:14
相关论文
共 34 条
[1]  
Ambrosin M, 2014, LECT NOTES COMPUT SC, V8712, P76, DOI 10.1007/978-3-319-11203-9_5
[2]  
[Anonymous], [No title captured]
[3]  
[Anonymous], [No title captured]
[4]  
[Anonymous], [No title captured]
[5]  
[Anonymous], [No title captured]
[6]  
[Anonymous], [No title captured]
[7]  
[Anonymous], [No title captured]
[8]  
[Anonymous], [No title captured]
[9]  
[Anonymous], INFORM SECURITY TECH
[10]  
[Anonymous], [No title captured]