Software must be updated frequently to not only ensure improved operation, but also to patch security flaws. Unfortunately, the act of performing an update can itself be a way to attack a computer, if a malicious update is installed. TUF is a comprehensive, flexible framework to secure software updates even in situations where the software repository is compromised. Developers can integrate TUF into any software update system, or native programming language due to its concise, self-contained architecture and specification. It offers both developers and users protection from a host of potential attacks.
- Products: TUF is used in production by a variety of companies, including Microsoft, IBM, VMware, DigitalOcean, Cloudflare, and Docker. It has been standardized for Python as documented in PEPs 458 and 480. TUF, and Docker's popular implementation of TUF, are now Linux Foundation projects as part of the Cloud Native Computing Foundation. Buy our merch!
Cars today use a truly enormous amount of software, and, like any software, it contains bugs. Unfortunately, there is no secure way to update software in cars. Our Uptane project provides a mechanism to securely distribute updates to cars. Uptane can counter a comprehensive array of security attacks, and is resilient to partial compromises, while addressing automotive specific vulnerabilities and limitations. Uptane was recently named one of the Top Security Innovations of 2017 by Popular Science Magazine.
- Products: Uptane has already been adopted by multiple auto makers. Uptane has been integrated into multiple products including OTA Plus and ATS Garage, two over-the-air software update products from Advanced Telematic Systems. ATS also integrated aktualizr, a C++ implementation of Uptane, into Automotive Grade Linux. On January 25, 2018, Airbiquity announced receipt of a BIG Award for Business in the 2017 New Product Category for its OTAmatic program, in which Uptane is a key component of the security package. Our website contains high level information about the project, including the IEEE-ISTO 622.214.171.124 Uptane Standard for Design and Implementation, and a designated section for deployment considerations and best practices. We invite all security researchers and academics to perform a security review of Uptane by going to our web site. For those who want lower level details, we also provide a a readable Python reference implementation, compliance tests, and a runnable demo. A demo video is available.
Do you know who has handled your software prior to its installation on your machine? Even if developers are careful to secure each step in their products' supply chain, there is little assurance about what happens in-between these steps. The in-toto system holistically enforces the integrity of a software supply chain by gathering and signing information about each step in the process. As such, in-toto provides accountability about how software is written, packaged and distributed...and by who.
- Products: The in-toto software has already been integrated into several open source projects. Most recently, Datadog announced the use of TUF and in-toto on their agents integration downloader. Also, a constellation of rebuilders are generating in-toto metadata so you can check your Debian packages were built reproducibly when using apt. We welcome you to download the in-toto instructions, which includes a demo version of our software, or to clone our repository and follow the directions to integrate in-toto into your software project!
Within every confusing piece of software code are small patterns that can lead developers to outputs that radically differ from what was intended. In studying these “atoms of confusion” we look to build a firm empirical foundation for reducing code confusion in software development and, thus, also reduce the frequency of buggy and malfunctioning programs.
- Products: The project website provides background on our theory, studies, and analysis for this work. We make all of our study materials and anonymized data openly available so that other researchers can replicate, validate, and build on our findings. Our results have been used to fix bugs in a variety of software projects, including the linux kernel.
Delivery of large chunks of content, such as video, accounts for a substantial percentage of all Internet traffic. This content is usually served by provider networks that contract with Internet Service Providers. CacheCash provides a similar service in which interested users run caches, and are incentivized to participate by receiving a crypto-currency (Cachecoin) in exchange for serving content to other users. Both cryptographic and economic techniques demonstrate that CacheCash users are either forced or economically incentivized to honestly serve content. Our analysis shows that CacheCash scales to meet the workload of even the most popular services used today. By building CacheCash, we intend to change CDNs by more readily and pervasively including end-user served content.
- Products: We are in stealth mode! If you want to be contacted when we publicly release, please send an email to email@example.com.
Despite the best efforts of developers most operating system kernels contain flaws, and strategies to defend against triggering them have fallen short. Lind is a new virtual machine design that defends against these bugs by locking all system calls into popular access paths. The design is based on the idea that popular paths—ones used every day to access basic system requests—are much less likely to contain vulnerabilities. This limited kernel access reduces the possibility of interaction with flawed code.
- Products: We are in stealth mode! If you want to be contacted when we publicly release, please send an email to firstname.lastname@example.org.
CrashSimulator is a tool that replicates “real-world” testing for new and upgraded software without the complications of “real-world” deployment. The program enables software developers to identify vulnerabilities in product designs long before they are packaged and released.
- Products: We are in stealth mode! If you want to be contacted when we publicly release, please email email@example.com.
A password database disclosure can be devastating, costing companies billions of dollars in damages. PolyPasswordHasher offers a new approach to prevent attackers from finding out which passwords are being used. By interrelating stored password data, potential hackers are forced to crack passwords in sets. This increases the attackers’ level of difficulty, making a PolyPasswordHasher-enabled database very hard to breach, even for an adversary with millions of computers.
- Products: PPH is used in several projects, including the Seattle Clearinghouse and BioBank. PPH has implementations available in seven languages, including Java, Python, C, and Ruby. Easy to integrate PPH libraries, such as the Pluggable Authentication Module (PAM), are also available for a number of operating systems, including Linux and OS X.
This project seeks to identify situations where security issues are created by the misunderstanding of APIs by developers. In particular, we are looking for security-related blind spots in popular Java and Python APIs as a way to more holistically find and address bugs.
- Products: We are in stealth mode! If you want to be contacted when we publicly release, please email firstname.lastname@example.org.
Cloud computing can provide tremendous benefits due to its ability to offload computation on demand. However, cloud resources are often located far from users. The Seattle project enables users to securely share (and acquire) computing resources from their desktop, laptop, or smartphone in the same manner as with cloud computing. Seattle is used by educators, and for software development and research by thousands of people around the world.
- Products: Seattle is used by thousands of developers and has been installed on tens of thousands of devices. Our website contains information and links to educational modules, and a clearinghouse of available resources for those who wish to download and use the Seattle program, or to donate some computing power on their device for research purposes.
Given the close proximity of smartphones to users, researchers would benefit from accessing smartphone sensors. By giving the user control over what amount and type of data is gathered from these sensors, Sensibility ensures the privacy of user information. Sensibility also has additional security protections that ensure the safety of the device, while giving researchers access to unique information.
NetCheck is a tool that can determine the cause of a failure in a networked application, without any application or network-specific knowledge, and without any modification to the application or its infrastructure. By treating an application as a blackbox, a diagnosis can be made using just a set of system call (syscall) invocation traces from the relevant end-hosts. By simulating the syscalls against a network model, syscalls that deviate from expected network semantics can be identified. In return, these deviations can be mapped to a diagnosis by using a set of heuristics.
upPIR is a secure protocol that allows users to mask their information requests by privately retrieving information from a set of mirrors. By packaging the required information with other data that potentially could be requested, the user's preferences—and any assumptions that could be deduced from those preferences—remain hidden.
- Products: The prototype code for this project is available at its github repository.
Virtual Secure Network (VSN) is a network service that provides remote users the security benefits of a managed (corporate/cloud) network, without sacrificing the faster Internet performance more typical of an insecure direct connection. A VSN is analogous to a Virtual Private Network (VPN) in that it offers security protections, such as firewalls, multiple Antivirus scanners, IDSs, and IPSs. However, VSN can guarantee lower costs for management, and better performance for its end users.