On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities
نویسندگان
چکیده
Metadata manipulation attacks represent a new threat class directed against Version Control Systems, such as the popular Git. This type of attack provides inconsistent views of a repository state to different developers, and deceives them into performing unintended operations with often negative consequences. These include omitting security patches, merging untested code into a production branch, and even inadvertently installing software containing known vulnerabilities. To make matters worse, the attacks are subtle by nature and leave no trace after being executed. We propose a defense scheme that mitigates these attacks by maintaining a cryptographically-signed log of relevant developer actions. By documenting the state of the repository at a particular time when an action is taken, developers are given a shared history, so irregularities are easily detected. Our prototype implementation of the scheme can be deployed immediately as it is backwards compatible and preserves current workflows and use cases for Git users. An evaluation shows that the defense adds a modest overhead while offering significantly stronger security. We performed responsible disclosure of the attacks and are working with the Git community to fix these issues in an upcoming version of Git.
منابع مشابه
Trusted Detection of Unauthorized Filesystem Modifications to Combat Insider Tampering †
An insider-robust approach to file integrity verification is developed using interacting strata of mobile agents. Previous approaches relied upon monolithic architectures, or more recently, agent frameworks using a centralized control mechanism or common reporting repository. However, any such distinct tamperingpoint introduces vulnerabilities, especially from knowledgeable insiders capable of ...
متن کاملبررسی مسؤولیت کیفری مبتلایان به اختلالات روانی
Criminal responsibility has always been a subject of debate in the field of criminal law since committing an offence ,on condition that ,is regarded valid to be assigned to the committer ,will lead to the establishment of criminal responsibility and specific penalty as well unless ,the convict is not unruly behavior that most of these deviant treatments are based on mental dis...
متن کاملFinding Regressions in Projects under Version Control Systems
Version Control Systems (VCS) are frequently used to support development of large-scale software projects. A typical VCS repository of a large project can contain various intertwined branches consisting of a large number of commits. If some kind of unwanted behaviour (e.g. a bug in the code) is found in the project, it is desirable to find the commit that introduced it. Such commit is called a ...
متن کاملMitigation of Insider Risks using Distributed Agent Detection, Filtering, and Signaling
An insider-robust approach to file integrity verification is developed using interacting strata of mobile agents. Previous approaches relied upon monolithic architectures, or more recently, agent frameworks using a centralized control mechanism or common reporting repository. However, any such distinct tampering-point introduces vulnerabilities, especially from knowledgeable insiders capable of...
متن کاملSummarizing Git Commits and GitHub Pull Requests Using Sequence to Sequence Neural Attention Models
Every day millions of developers and programmers push commits to GitHub to ensure their projects are version controlled, reproducible, and remotely accessible. There are nearly 20 million public repositories (collections of source code in the form of projects) on GitHub today, and over 16 million unique users. Users are able to commit additions or changes to their own repositories, as well as t...
متن کامل