| | 1 | [[PageOutline]] |
| | 2 | |
| | 3 | == Project Number == |
| | 4 | |
| | 5 | 1696 |
| | 6 | |
| | 7 | == Project Title == |
| | 8 | |
| | 9 | Exploiting Insecurity to Secure Software Update Systems[[BR]] |
| | 10 | (a.k.a. SECUREUPDATES) |
| | 11 | |
| | 12 | === Technical Contacts === |
| | 13 | |
| | 14 | Justin Cappos <justinc@cs.washington.edu> |
| | 15 | |
| | 16 | === Participating Organizations === |
| | 17 | |
| | 18 | [http://www.cs.washington.edu Computer Science and Engineering][[BR]] |
| | 19 | University of Washington[[BR]] |
| | 20 | Box 352350 |
| | 21 | Seattle, WA 98195-2350 |
| | 22 | |
| | 23 | === GPO Liason System Engineer === |
| | 24 | |
| | 25 | Christopher Small <chris@geni.net> |
| | 26 | |
| | 27 | == Scope == |
| | 28 | |
| | 29 | This proposed effort will create a framework that secures the software |
| | 30 | update systems that operate on GENI. The work will define and |
| | 31 | implement a security layer that can operate over many different |
| | 32 | application-specific installation environments, thus providing secure |
| | 33 | update functions for diverse GENI nodes and clients. The proposal |
| | 34 | plans to leverage the VM and the redirection proxy from the Million |
| | 35 | Node GENI project to support multiple platforms. The effort provides |
| | 36 | secure key management support for software update system developers, |
| | 37 | allowing software updates to be signed, validated, and distributed |
| | 38 | securely. |
| | 39 | |
| | 40 | === Current Capabilities === |
| | 41 | |
| | 42 | === Milestones === |
| | 43 | |
| | 44 | Nov 15, 2009 |
| | 45 | Deliver short white paper or architecture document that explains the problem this project is attacking and outlines your solution, discussing how the work fits into GENI, what it will be used for, and how it will be used. |
| | 46 | Dec 30, 2009 |
| | 47 | Deliver a design document for client library protection against replay and freeze attacks. |
| | 48 | Deliver a design document for the repository library protection against replay and freeze attacks. |
| | 49 | Mar 28, 2010 |
| | 50 | Demonstrate client library implementation that protects against replay and freeze attacks for Linux. |
| | 51 | Demonstrate repository library implementation that protects against replay and freeze attacks. |
| | 52 | May 30, 2010 |
| | 53 | Demonstrate push mechanism that provides security metadata to the repository library. |
| | 54 | Make available the code for example client software update system implementation using the client library. |
| | 55 | Sept 30, 2010 |
| | 56 | Deliver a design document for client library selective trust delegation and key management. |
| | 57 | Deliver a design document for repository library selective trust delegation and key management. |
| | 58 | |
| | 59 | [[MilestoneDate(CMU Lab: S2.a)]] Short Milestone Description[[BR]] |
| | 60 | |
| | 61 | == Project Technical Documents == |
| | 62 | |
| | 63 | === Quarterly Status Reports === |
| | 64 | |
| | 65 | due 31Dec09: [wiki:ProjTemp-4Q09-status 4Q09 Status Report] |
| | 66 | |
| | 67 | === Spiral 2 Connectivity === |
| | 68 | |
| | 69 | === Related Projects === |
| | 70 | |
| | 71 | [wiki:"ProvisioningService" Provisioning Service (Raven)][[BR]] |
