On omitting commits and committing omissions: Preventing Git metadata tampering that (re)introduces software vulnerabilities

Santiago Torres-Arias, Anil Kumar Ammula, Reza Curtmola, Justin Cappos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Metadata manipulation attacks represent a new threat class directed against Version Control Systems, such as the popular Git. This type of attack provides inconsistent views of a repository state to different developers, and deceives them into performing unintended operations with often negative consequences. These include omitting security patches, merging untested code into a production branch, and even inadvertently installing software containing known vulnerabilities. To make matters worse, the attacks are subtle by nature and leave no trace after being executed. We propose a defense scheme that mitigates these attacks by maintaining a cryptographically-signed log of relevant developer actions. By documenting the state of the repository at a particular time when an action is taken, developers are given a shared history, so irregularities are easily detected. Our prototype implementation of the scheme can be deployed immediately as it is backwards compatible and preserves current workflows and use cases for Git users. An evaluation shows that the defense adds a modest overhead while offering significantly stronger security. We performed responsible disclosure of the attacks and are working with the Git community to fix these issues in an upcoming version of Git.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 25th USENIX Security Symposium
    PublisherUSENIX Association
    Pages379-395
    Number of pages17
    ISBN (Electronic)9781931971324
    StatePublished - Jan 1 2016
    Event25th USENIX Security Symposium - Austin, United States
    Duration: Aug 10 2016Aug 12 2016

    Publication series

    NameProceedings of the 25th USENIX Security Symposium

    Conference

    Conference25th USENIX Security Symposium
    CountryUnited States
    CityAustin
    Period8/10/168/12/16

    ASJC Scopus subject areas

    • Information Systems
    • Safety, Risk, Reliability and Quality
    • Computer Networks and Communications

    Fingerprint Dive into the research topics of 'On omitting commits and committing omissions: Preventing Git metadata tampering that (re)introduces software vulnerabilities'. Together they form a unique fingerprint.

    Cite this