TY - GEN
T1 - Artemis
T2 - 39th Annual Computer Security Applications Conference, ACSAC 2023
AU - Moore, Marina
AU - Kuppusamy, Trishank Karthik
AU - Cappos, Justin
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/12/4
Y1 - 2023/12/4
N2 - Modern software installation tools often use packages from more than one repository, presenting a unique set of security challenges. Such a configuration increases the risk of repository compromise and introduces attacks like dependency confusion and repository fallback. In this paper, we offer the first exploration of attacks that specifically target multiple repository update systems, and propose a unique defensive strategy we call articulated trust. Articulated trust is a principle that allows software installation tools to specify trusted developers and repositories for each package. To implement articulated trust, we built Artemis, a framework that introduces several new security techniques, such as per-package prioritization of repositories, multi-role delegations, multiple-repository consensus, and key pinning. These techniques allow for a greater diversity of trust relationships while eliminating the security risk of single points of failure. To evaluate Artemis, we examine attacks on software update systems from the Cloud Native Computing Foundation's Catalog of Supply Chain Compromises, and find that the most secure configuration of Artemis can prevent all of them, compared to 14-59% for the best existing system. We also cite real-world deployments of Artemis that highlight its practicality. These include the JDF/Linux Foundation Uptane Standard that secures over-the-air updates for millions of automobiles, and TUF, which is used by many companies for secure software distribution.
AB - Modern software installation tools often use packages from more than one repository, presenting a unique set of security challenges. Such a configuration increases the risk of repository compromise and introduces attacks like dependency confusion and repository fallback. In this paper, we offer the first exploration of attacks that specifically target multiple repository update systems, and propose a unique defensive strategy we call articulated trust. Articulated trust is a principle that allows software installation tools to specify trusted developers and repositories for each package. To implement articulated trust, we built Artemis, a framework that introduces several new security techniques, such as per-package prioritization of repositories, multi-role delegations, multiple-repository consensus, and key pinning. These techniques allow for a greater diversity of trust relationships while eliminating the security risk of single points of failure. To evaluate Artemis, we examine attacks on software update systems from the Cloud Native Computing Foundation's Catalog of Supply Chain Compromises, and find that the most secure configuration of Artemis can prevent all of them, compared to 14-59% for the best existing system. We also cite real-world deployments of Artemis that highlight its practicality. These include the JDF/Linux Foundation Uptane Standard that secures over-the-air updates for millions of automobiles, and TUF, which is used by many companies for secure software distribution.
UR - http://www.scopus.com/inward/record.url?scp=85180152841&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85180152841&partnerID=8YFLogxK
U2 - 10.1145/3627106.3627129
DO - 10.1145/3627106.3627129
M3 - Conference contribution
AN - SCOPUS:85180152841
T3 - ACM International Conference Proceeding Series
SP - 83
EP - 97
BT - Proceedings - 39th Annual Computer Security Applications Conference, ACSAC 2023
PB - Association for Computing Machinery
Y2 - 4 December 2023 through 8 December 2023
ER -