Skip to content

PWL #13: Survivable Key Compromise in Software Update Systems

Photo of David Murray
Hosted By
David M. and Ryan C.
PWL #13: Survivable Key Compromise in Software Update Systems

Details

Ryan Cox will cover "Survivable Key Compromise in Software Update Systems". What happens when your signing keys are compromised or checked into GitHub? He will demo Notary, Docker's implementation of TheUpdateFramework; described in the paper. TUF is a system that grew out of Tor and is capable of surviving key compromises as well as several other issues in current update managers.

Paper: https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf

Samuel, Justin, et al. "Survivable key compromise in software update systems." Proceedings of the 17th ACM conference on Computer and communications security. ACM, 2010.

Photo of Papers We Love @ Seattle group
Papers We Love @ Seattle
See more events
Whitepages
1301 5th Avenue #1600 · Seattle, WA