"Stacking the Deck" Attack on Software Updates: Solution by Distributed Recommendation of Testers
The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change their vision and abandon features that are essential for certain users. Moreover, well funded attackers can effectively take control...
Uloženo v:
| Vydáno v: | 2013 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT) Ročník 2; s. 293 - 300 |
|---|---|
| Hlavní autoři: | , , , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.11.2013
|
| Témata: | |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change their vision and abandon features that are essential for certain users. Moreover, well funded attackers can effectively take control of a project by orchestrating the transfer of the leadership of the developers to people that they control. We propose a mechanism to reduce the level of trust that users are required to have in the maintainers of free and open-source agent software. In fact, with the proposed method, it is sufficient for the user to trust that his constellation of independent testers are safe from attack, even as all testers may be subject to different attacks. Our solution inserts independent intermediaries (testers) between the developers and the end-users. To encourage independence of the testers, essential for the desired security, a distributed recommendation mechanism is employed, suggesting testers for end-users based on preferences of immediate connections, and on the frequency of usage of these testers in her neighborhood. Metrics of success and experiments for identifying promising parameters are reported. |
|---|---|
| AbstractList | The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change their vision and abandon features that are essential for certain users. Moreover, well funded attackers can effectively take control of a project by orchestrating the transfer of the leadership of the developers to people that they control. We propose a mechanism to reduce the level of trust that users are required to have in the maintainers of free and open-source agent software. In fact, with the proposed method, it is sufficient for the user to trust that his constellation of independent testers are safe from attack, even as all testers may be subject to different attacks. Our solution inserts independent intermediaries (testers) between the developers and the end-users. To encourage independence of the testers, essential for the desired security, a distributed recommendation mechanism is employed, suggesting testers for end-users based on preferences of immediate connections, and on the frequency of usage of these testers in her neighborhood. Metrics of success and experiments for identifying promising parameters are reported. |
| Author | Alhamed, Khalid Silaghi, Marius C. Yi Yang Stansifer, Ryan Hussien, Ihsan |
| Author_xml | – sequence: 1 givenname: Khalid surname: Alhamed fullname: Alhamed, Khalid – sequence: 2 givenname: Marius C. surname: Silaghi fullname: Silaghi, Marius C. – sequence: 3 givenname: Ihsan surname: Hussien fullname: Hussien, Ihsan – sequence: 4 givenname: Ryan surname: Stansifer fullname: Stansifer, Ryan – sequence: 5 surname: Yi Yang fullname: Yi Yang |
| BookMark | eNotjE1Lw0AURUdQ0NauXbgZuk98byaZZNyF1o9AQbApLstk8qKxTVIyU6T_3hRdXTjncCfssus7YuwOIUQE_fCRB3lWhAJQhijkBZtglGgtNAh1zWbOfQMAqnhs1Q0z87U3dtd0n9x_EV-S3c155s-M9x1f97X_MQPxzaEyntzjSPZH34yqPPFl4_zQlEdPFX8n27ctdWN2tn3NC3KeBnfLrmqzdzT73ynbPD8Vi9dg9faSL7JVYESU-AATXYqojFVEVsoIU4OyFgRCKNI2jipTWwNKWZlWqSWTQFwCoqhQGU1xKafs_u-3IaLtYWhaM5y2SmlIQcpfd4pUaA |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/WI-IAT.2013.123 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 1479929026 9780769551456 9781479929023 0769551459 |
| EndPage | 300 |
| ExternalDocumentID | 6690803 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL ACM ALMA_UNASSIGNED_HOLDINGS APO CBEJK GUFHI LHSKQ RIE RIL |
| ID | FETCH-LOGICAL-a247t-179b24b564ec33418a13f2e0226e9c54dafca066c38d8cea705b0112d16a9e5b3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 4 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000330993500041&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 03:57:48 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a247t-179b24b564ec33418a13f2e0226e9c54dafca066c38d8cea705b0112d16a9e5b3 |
| PageCount | 8 |
| ParticipantIDs | ieee_primary_6690803 |
| PublicationCentury | 2000 |
| PublicationDate | 2013-Nov. |
| PublicationDateYYYYMMDD | 2013-11-01 |
| PublicationDate_xml | – month: 11 year: 2013 text: 2013-Nov. |
| PublicationDecade | 2010 |
| PublicationTitle | 2013 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT) |
| PublicationTitleAbbrev | wi-iat |
| PublicationYear | 2013 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001651096 ssj0001651097 ssib026764162 ssj0001651098 |
| Score | 1.5535556 |
| Snippet | The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 293 |
| SubjectTerms | agent Mirrors recommendation Security Social network services Software Stacking tester Testing update Vectors |
| Title | "Stacking the Deck" Attack on Software Updates: Solution by Distributed Recommendation of Testers |
| URI | https://ieeexplore.ieee.org/document/6690803 |
| Volume | 2 |
| WOSCitedRecordID | wos000330993500041&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEG6QePCECsZ3GuLRhd1uX3gjKpELIREiN9LHbGKMuwQWjf_edncBY7x4a3tq2unM12nn-xC6MeBwbgRR4LCQDijTLNCamMAIGkJslTDKFGITYjSSs1lvXEO321oYACg-n0HHN4u3fJuZtU-Vdbm7yklP7bknBC9rtTa2Q7jgtCJDKvMr3FlbRSW364tffVmx_bhm92UYDPsT_9sr7kRevuiH3EoRbQaN_83zELV2ZXt4vA1IR6gG6TFqbHQbcHWMm0i1HcQ0PkeOHfzDD2De2rif-zGcpfjZeeZPtQQ8Xfh0wOoOb3JnWH_hB8-060WywGJ_d313cyl1mXCW4ElBvLBqoengcXL_FFRSC4EiVOSepFQTqhmnYGIX2KSK4oSAC_AceoZRqxKjHDoxsbTSgBIh084zEBtx1QOm4xNUT7MUThF2HkKZhIUJ05QSG2olQ3Ax0FJNwEJ4hpp-xeaLkk1jXi3W-d_DF-jAb0hZ_XeJ6vlyDVdo33zkr6vldWEC31zarpQ |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEG4ImugJFYxvG-LRhX20u4s3IhKISEiEyI30MZsY4y6BReO_d7q7gDFevLU9Ne105uu0832E3ChAnOuAYyEWkhbjkltSuspSAbPB0yJQQmViE8FwGE6nrVGJ3G5qYQAg-3wGDdPM3vJ1olYmVdb08SoXGmrPHc6Ya-fVWmvrcf3AZwUdUp5h8dHeCjK5bT_41Q8Lvh9sNl_6Vr89Nv-9vIZjBIx-CK5k8aZb-d9MD0htW7hHR5uQdEhKEB-Rylq5gRYHuUpEHUGmMllyigCQdkC91Wk7NWM0iekz-uZPsQA6mZuEwPKOrrNnVH7RjuHaNTJZoKm5vb7jXHJlJppEdJxRLyxrZNJ9GN_3rEJswRIuC1JDUypdJrnPQHkY2kLheJELGOJ9aCnOtIiUQHyivFCHCkRgc4m-wdWOL1rApXdMynESwwmh6COEirgdcYnbpG0pQhswCmomXdBgn5KqWbHZPOfTmBWLdfb38DXZ642fBrNBf_h4TvbN5uS1gBeknC5WcEl21Uf6ulxcZebwDaMqsds |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2013+IEEE%2FWIC%2FACM+International+Joint+Conferences+on+Web+Intelligence+%28WI%29+and+Intelligent+Agent+Technologies+%28IAT%29&rft.atitle=%22Stacking+the+Deck%22+Attack+on+Software+Updates%3A+Solution+by+Distributed+Recommendation+of+Testers&rft.au=Alhamed%2C+Khalid&rft.au=Silaghi%2C+Marius+C.&rft.au=Hussien%2C+Ihsan&rft.au=Stansifer%2C+Ryan&rft.date=2013-11-01&rft.pub=IEEE&rft.volume=2&rft.spage=293&rft.epage=300&rft_id=info:doi/10.1109%2FWI-IAT.2013.123&rft.externalDocID=6690803 |