wiki:SecureUpdates-March2012-status

Version 1 (modified by justinc@cs.washington.edu, 7 years ago) (diff)

--

Technical Status Report for secure software updates project post GEC13

PI: Justin Cappos

Major accomplishments

Integration with PrimoGENI

Demo integration with PlanetLab

Milestones achieved

N/A

Deliverables made

S4.c Demonstration and outreach at GEC13
 * Demonstration of TUF integrated into an updater used by at least one GENI project identified in Milestone 2.
 * Demonstrate private update retrieval feature of TUF.
 * Find other GENI projects that could benefit from TUF.

(Completed at GEC 13)

Description of work performed during last quarter

We completed integration of TUF with distutils. We have integrated with Seattle's updater and PrimoGENI. We have a proof-of-concept integration with PlanetLab's boot CD. We have addressed usability problems. We have implemented a solution to the problem of disclosing a security vulnerability when retrieving an update.

Project participants

Justin Cappos (PI) Geremy Condra (Programmer) Monzur Muhammad (Programmer)

Publications (individual and organizational)

None this quarter

Outreach activities

We gave presentations at several undergraduate research nights on TUF.

We presented a demo on TUF at GEC13. Students in an introductory

security class at NYU Poly experimented with TUF and upPIR.

Collaborations

We integrated with distutils. We have integrated into the Seattle software updater and will be added in the next production release.

We have integrated with PlanetLab's boot CD update mechanism and PrimoGENI. We have more work to do to get PlanetLab's integration into production. Our understanding is that TUF is used in production on PrimoGENI.

We have explored collaboration with the rack solutions provided by Rick McGeer and Ilia Baldine. As was requested by the GPO, we will make this a point of emphasis in the next 4 months.

Other Contributions

Justin gave talks that described TUF (and other topics) at multiple venues.