Operation Aurora and Software Distributions as Single Points of Security Failure

Operation Aurora (Google’s compromise by China) highlights the possibility that software distributions may be targeted for code injection by malicious parties.  If Apple, Microsoft or a linux distributors are compromised, a large percentage of individuals, businesses and governments could be consequentially compromised when they install software updates.

One way to mitigate such a risk is to have multiple independent security auditors sign software distributions.  This is more likely to be successful in an open-source environment, where source is available and can easily be inspected.  I started such an initiative in late 2009 – Gitian.org.

4 Responses to Operation Aurora and Software Distributions as Single Points of Security Failure

  1. ken says:

    “One way to mitigate such a risk is to have multiple independent security auditors
    sign software distributions.”

    this would be trusted auditors, i assume? i could see the next level of threats
    coming from spoofed multiple auditors. called a sybel attack, right?
    -ken

    • miron says:

      It seems easier to protect an auditor than to protect a large software company. The auditor’s private key can be on an dedicated computer that does not allow incoming connections and is not used for any purpose other than to review code and sign it.

      Also, attacking multiple entities without detection seems exponentially harder.

      Lastly, different end-users can trust different sets of auditors, based on their security needs.

      (A Sybil attack is relevant to some peer-to-peer systems – subverting a reputation score by creation of a large number of entities. For sure you’d have to establish a chain of trust to the auditors and not just take a majority vote of all entities claiming to be auditors.)

  2. […] security initiative called Gitian. The motivation is to eliminate software distributors as a single point-of-failure for malicious code injection. Here is Miron’s blog post which summarizes the initiative: […]

  3. Eric says:

    I Imagine a worst case. Suppose a foreign country got control over the Microsoft security update system and immediately installed software on every microsoft product that has auto-updates and destroys drives a few weeks after the install (so people would be less likely to cut the carnage short). Imagine all the services that would be taken down.

    One way to mitigate this risk is to make Apple, Microsoft and Linux 33.3% market penetration. That way if any one update system is compramised, we still have 66% of the machines that are up.

    Another way is to automate backup systems that are stored on disks offline and kept powered off.

    What if we lost google? We need other search engines like Bing to take up the slack. We can’t have one single point of failure taking everything down.

Leave a Reply

Name and Email Address are required fields. Your email will not be published or shared with third parties.