Confidentiality and Authenticity for Distributed Version Control Systems - A Mercurial Extension

Version Control Systems (VCS) are a valuable tool for software development and document management. Both client/server and distributed (Peer-to-Peer) models exist, with the latter (e.g., Git and Mercurial) becoming increasingly popular. Their distributed nature introduces complications, especially c...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2016 IEEE 41st Conference on Local Computer Networks (LCN) s. 1 - 9
Hlavní autoři: Lass, Michael, Leibenger, Dominik, Sorge, Christoph
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.11.2016
Témata:
Access control
Encryption
History
Permission
Synchronization
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Version Control Systems (VCS) are a valuable tool for software development and document management. Both client/server and distributed (Peer-to-Peer) models exist, with the latter (e.g., Git and Mercurial) becoming increasingly popular. Their distributed nature introduces complications, especially concerning security: it is hard to control the dissemination of contents stored in distributed VCS as they rely on replication of complete repositories to any involved user. We overcome this issue by designing and implementing a concept for cryptography-enforced access control which is transparent to the user. Use of field-tested schemes (end-to-end encryption, digital signatures) allows for strong security, while adoption of convergent encryption and content-defined chunking retains storage efficiency. The concept is seamlessly integrated into Mercurial-respecting its distributed storage concept-to ensure practical usability and compatibility to existing deployments.
DOI:10.1109/LCN.2016.11