TU Darmstadt / ULB / TUbiblio

Scalable Trust Establishment with Software Reputation

Bugiel, Sven ; Davi, Lucas ; Schulz, Steffen
Hrsg.: Sadeghi, Ahmad-Reza ; Zhang, Xinwen (2011)
Scalable Trust Establishment with Software Reputation.
Chicago, Illinois, USA
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Users and administrators are often faced with the choice between different software solutions, sometimes even have to assess the security of complete software systems. With sufficient time and resources, such decisions can be based on extensive testing and review. However, in practice this is often too expensive and time consuming: When a user decides between two alternative software solutions or a veri- fier should assess the security of a complete software system during remote attestation, such assessments should happen almost in realtime. In this paper, we present a pragmatic, but highly scalable approach for the trustworthiness assessment of software pro- grams based on their security history. The approach can be used to, e.g. automatically sort programs in an App store by their security record or on top of remote attestation schemes that aim to access the trustworthiness of complex software configurations. We implement our approach for the popu- lar Debian GNU/Linux system, using publicly available in- formation from open-source repositories and vulnerability databases. Our evaluation shows reasonable prediction ac- curacy for the more vulnerable packets and good accuracy when considering entire system installations.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Herausgeber: Sadeghi, Ahmad-Reza ; Zhang, Xinwen
Autor(en): Bugiel, Sven ; Davi, Lucas ; Schulz, Steffen
Art des Eintrags: Bibliographie
Titel: Scalable Trust Establishment with Software Reputation
Sprache: Deutsch
Publikationsjahr: Oktober 2011
Verlag: ACM Press
Buchtitel: Workshop on Scalable Trusted Computing (STC)
Veranstaltungsort: Chicago, Illinois, USA
Zugehörige Links:
Kurzbeschreibung (Abstract):

Users and administrators are often faced with the choice between different software solutions, sometimes even have to assess the security of complete software systems. With sufficient time and resources, such decisions can be based on extensive testing and review. However, in practice this is often too expensive and time consuming: When a user decides between two alternative software solutions or a veri- fier should assess the security of a complete software system during remote attestation, such assessments should happen almost in realtime. In this paper, we present a pragmatic, but highly scalable approach for the trustworthiness assessment of software pro- grams based on their security history. The approach can be used to, e.g. automatically sort programs in an App store by their security record or on top of remote attestation schemes that aim to access the trustworthiness of complex software configurations. We implement our approach for the popu- lar Debian GNU/Linux system, using publicly available in- formation from open-source repositories and vulnerability databases. Our evaluation shows reasonable prediction ac- curacy for the more vulnerable packets and good accuracy when considering entire system installations.

Freie Schlagworte: Secure Things
ID-Nummer: TUD-CS-2011-0216
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 04 Aug 2016 10:13
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen