Projects
Software must be updated frequently to not only ensure improved operation, but also to patch security flaws. Unfortunately, the act of performing an update can itself be a way to attack a computer, if a malicious update is installed. TUF is a comprehensive, flexible framework to secure software updates even in situations where the software repository is compromised. Developers can integrate TUF into any software update system, or native programming language due to its concise, self-contained architecture and specification. It offers both developers and users protection from a host of potential attacks.
- Products: TUF is used in production by a variety of companies, including Microsoft, IBM, VMware, DigitalOcean, Cloudflare, and Docker. It has been standardized for Python as documented in PEPs 458 and 480. TUF, and Docker's popular implementation of TUF, are now Linux Foundation projects as part of the Cloud Native Computing Foundation. In 2019, TUF became both the first security project and the first project led by an academic researcher to achieve graduate status within the CNCF. Buy our merch!
Cars today use a truly enormous amount of software, and, like any software, it contains bugs. Uptane provides a mechanism to securely distribute software updates to cars. The framework can counter a comprehensive array of security attacks, and is resilient to partial compromises, while addressing automotive specific vulnerabilities and limitations. It was named one of the Top Security Innovations of 2017 by Popular Science Magazine. Uptane is a Joint Development Foundation project of the Linux Foundation, operating under the formal title of Joint Development Foundation Projects, LLC, Uptane Series.
- Products: Uptane has already been adopted by multiple auto makers. Uptane has been integrated into multiple products including OTA Plus and ATS Garage, two over-the-air software update products from Advanced Telematic Systems. ATS also integrated aktualizr, a C++ implementation of Uptane, into Automotive Grade Linux. On January 25, 2018, Airbiquity announced receipt of a BIG Award for Business in the 2017 New Product Category for its OTAmatic program, in which Uptane is a key component of the security package. Our website contains high level information about the project, including the Uptane Standard for Design and Implementation v.2.0.0 and Uptane Deployment Best Practices. We invite all security researchers and academics to perform a security review of Uptane.
Do you know who has handled your software prior to its installation on your machine? Even if developers are careful to secure each step in their products' supply chain, there is little assurance about what happens in-between these steps. The in-toto system holistically enforces the integrity of a software supply chain by gathering and signing information about each step in the process. As such, in-toto provides accountability about how software is written, packaged and distributed...and by who.
- Products: The in-toto software has already been integrated into several open source projects. In 2019, Datadog announced the use of TUF and in-toto on their agents integration downloader. In November 23 of 2020, the framework released Version 1.0.0, and on March 10, CNCF announced the project had graduated to the incubator. Also, a constellation of rebuilders are generating in-toto metadata so you can check your Debian packages were built reproducibly when using apt. We welcome you to download the in-toto instructions, which includes a demo version of our software, or to clone our repository and follow the directions to integrate in-toto into your software project!
- People: Santiago Torres-Arias, Lukas Pühringer, Aditya Sirish, Yuanrui Chen, Reza Curtmola (NJIT), Hammad Afzali Nanize (NJIT), Sangat Vaidya (NJIT), and Justin Cappos
gittuf provides a security layer for Git using some concepts introduced by The Update Framework (TUF). Among other features, gittuf handles key management for all developers on the repository, allows you to set permissions for repository branches, tags, files, etc., lets you use new cryptographic algorithms (SHA256, etc.), protects against other attacks Git is vulnerable to, and more — all while being backwards compatible with GitHub, GitLab, etc.
- Products: gittuf is an Open Source Security Foundation (OpenSSF) sandbox project as part of the Supply Chain Integrity Working Group.
The 2020 SolarWinds attack highlighted severe supply chain risks in software development. The attackers compromised SolarWinds’ Orion software update process, leading to widespread and complex cyberattacks on numerous federal institutions and companies, including Microsoft. This incident underscores the urgent need for secure and isolated operational environments. The “Just One Turtle” plan aims to enhance software resilience by leveraging the Lind sandbox and Intel SGX to create highly secure computing environments for critical operations.
- Products:
Built on top of The Update Framework (TUF), TAF leverages TUF's security capabilities to protect Git repositories and provide archival authentication. Primarily applied in the legal field, it aims to enable government institutions to secure their entire legal supply chain and meet the standards for authentication and preservation set forth in The Uniform Electronic Legal Materials Act. Additionally, a key objective of TAF is to ensure that documents stored in Git repositories remain accessible and verifiable, not just in the immediate future, but for decades and even centuries to come.
- Products: TAF is already being used by several governments, including the District of Columbia, to secure their laws, and by two libraries, including the University of Wisconsin Law Library. The D.C. law library, secured with TAF, is publically accessible on GitHub.
Despite the best efforts of developers most operating system kernels contain flaws, and strategies to defend against triggering them have fallen short. Lind is a new virtual machine design that defends against these bugs by locking all system calls into popular access paths. The design is based on the idea that popular paths—ones used every day to access basic system requests—are much less likely to contain vulnerabilities. This limited kernel access reduces the possibility of interaction with flawed code.
- Products: We are in stealth mode! If you want to be contacted when we publicly release, please send an email to lind-dev@googlegroups.com.
Within every confusing piece of software code are small patterns that can lead developers to outputs that radically differ from what was intended. In studying these “atoms of confusion” we look to build a firm empirical foundation for reducing code confusion in software development and, thus, also reduce the frequency of buggy and malfunctioning programs.
- Products: The project website provides background on our theory, studies, and analysis for this work. We make all of our study materials and anonymized data openly available so that other researchers can replicate, validate, and build on our findings. Our results have been used to fix bugs in a variety of software projects, including the linux kernel.
- People: Dan Gopstein, Lois Anne DeLong, Phyllis Frankl, April Yu Yan (UCSD), Martin Yeh (PSU), Renata Vaderna, Yanyan Zhuang, and Justin Cappos
During its tenure, the Secure Systems Laboratory has developed, nurtured, and deployed a number of technologies, which have been sunsetted. These projects addressed password protection, secure experimental testbeds, the factors that influence developer perceptions, as well as a vehicle to securely share (and acquire) donated computing resources from desktops, laptops, or smartphones that in some ways anticipated the growth of cloud computing. Though these technologies are no longer being actively developed, the resources generated by these projects can still largely be accessed. You can learn more about these retired technologies by clicking here.