"Stacking the Deck" Attack on Software Updates: Solution by Distributed Recommendation of Testers

The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change their vision and abandon features that are essential for certain users. Moreover, well funded attackers can effectively take control...

Full description

Saved in:
Bibliographic Details
Published in:2013 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT) Vol. 2; pp. 293 - 300
Main Authors: Alhamed, Khalid, Silaghi, Marius C., Hussien, Ihsan, Stansifer, Ryan, Yi Yang
Format: Conference Proceeding
Language:English
Published: IEEE 01.11.2013
Subjects:
agent
Mirrors
recommendation
Security
Social network services
Software
Stacking
tester
Testing
update
Vectors
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The discussed "Stacking the Deck" attack and our solution are relevant only to software controlled by loosely constituted communities. Developers can change their vision and abandon features that are essential for certain users. Moreover, well funded attackers can effectively take control of a project by orchestrating the transfer of the leadership of the developers to people that they control. We propose a mechanism to reduce the level of trust that users are required to have in the maintainers of free and open-source agent software. In fact, with the proposed method, it is sufficient for the user to trust that his constellation of independent testers are safe from attack, even as all testers may be subject to different attacks. Our solution inserts independent intermediaries (testers) between the developers and the end-users. To encourage independence of the testers, essential for the desired security, a distributed recommendation mechanism is employed, suggesting testers for end-users based on preferences of immediate connections, and on the frequency of usage of these testers in her neighborhood. Metrics of success and experiments for identifying promising parameters are reported.
DOI:10.1109/WI-IAT.2013.123