"Stacking the Deck" Attack on Software Updates: Solution by Distributed Recommendation of Testers

The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change their vision and abandon features that are essential for certain users. Moreover, well funded attackers can effectively take control...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2013 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT) Ročník 2; s. 293 - 300
Hlavní autoři: Alhamed, Khalid, Silaghi, Marius C., Hussien, Ihsan, Stansifer, Ryan, Yi Yang
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.11.2013
Témata:
agent
Mirrors
recommendation
Security
Social network services
Software
Stacking
tester
Testing
update
Vectors
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change their vision and abandon features that are essential for certain users. Moreover, well funded attackers can effectively take control of a project by orchestrating the transfer of the leadership of the developers to people that they control. We propose a mechanism to reduce the level of trust that users are required to have in the maintainers of free and open-source agent software. In fact, with the proposed method, it is sufficient for the user to trust that his constellation of independent testers are safe from attack, even as all testers may be subject to different attacks. Our solution inserts independent intermediaries (testers) between the developers and the end-users. To encourage independence of the testers, essential for the desired security, a distributed recommendation mechanism is employed, suggesting testers for end-users based on preferences of immediate connections, and on the frequency of usage of these testers in her neighborhood. Metrics of success and experiments for identifying promising parameters are reported.
DOI:10.1109/WI-IAT.2013.123