On omitting commits and committing omissions: Preventing Git metadata tampering that (re)introduces software vulnerabilities

Santiago Torres-Arias, Anil Kumar Ammula, Reza Curtmola, Justin Cappos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

Metadata manipulation attacks represent a new threat class directed against Version Control Systems, such as the popular Git. This type of attack provides inconsistent views of a repository state to different developers, and deceives them into performing unintended operations with often negative consequences. These include omitting security patches, merging untested code into a production branch, and even inadvertently installing software containing known vulnerabilities. To make matters worse, the attacks are subtle by nature and leave no trace after being executed. We propose a defense scheme that mitigates these attacks by maintaining a cryptographically-signed log of relevant developer actions. By documenting the state of the repository at a particular time when an action is taken, developers are given a shared history, so irregularities are easily detected. Our prototype implementation of the scheme can be deployed immediately as it is backwards compatible and preserves current workflows and use cases for Git users. An evaluation shows that the defense adds a modest overhead while offering significantly stronger security. We performed responsible disclosure of the attacks and are working with the Git community to fix these issues in an upcoming version of Git.

Original languageEnglish (US)
Title of host publicationProceedings of the 25th USENIX Security Symposium
PublisherUSENIX Association
Pages379-395
Number of pages17
ISBN (Electronic)9781931971324
StatePublished - Jan 1 2016
Event25th USENIX Security Symposium - Austin, United States
Duration: Aug 10 2016Aug 12 2016

Publication series

NameProceedings of the 25th USENIX Security Symposium

Conference

Conference25th USENIX Security Symposium
Country/TerritoryUnited States
CityAustin
Period8/10/168/12/16

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'On omitting commits and committing omissions: Preventing Git metadata tampering that (re)introduces software vulnerabilities'. Together they form a unique fingerprint.

Cite this