TY - GEN
T1 - Le-git-imate
T2 - 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
AU - Afzali, Hammad
AU - Torres-Arias, Santiago
AU - Curtmola, Reza
AU - Cappos, Justin
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/5/29
Y1 - 2018/5/29
N2 - Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature - the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended. In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate, a defense against these attacks which provides security guarantees comparable and compatible with Git's standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server's actions faithfully follow the user's requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git's standard commit signature mechanism. With our solution in place, users can take advantage of GitHub/GitLab's web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories.
AB - Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature - the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended. In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate, a defense against these attacks which provides security guarantees comparable and compatible with Git's standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server's actions faithfully follow the user's requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git's standard commit signature mechanism. With our solution in place, users can take advantage of GitHub/GitLab's web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories.
KW - Browser extension
KW - Commit signature
KW - GitHub
KW - Verification record
UR - http://www.scopus.com/inward/record.url?scp=85049201509&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049201509&partnerID=8YFLogxK
U2 - 10.1145/3196494.3196523
DO - 10.1145/3196494.3196523
M3 - Conference contribution
AN - SCOPUS:85049201509
T3 - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
SP - 469
EP - 482
BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 4 June 2018 through 8 June 2018
ER -