Practical Trade-Offs in Integrity Protection for Binaries via Ethereum
Stengele, Oliver
1; Droll, Jan
1; Hartenstein, Hannes 1
1 Institut für Telematik (TM), Karlsruher Institut für Technologie (KIT)
1; Droll, Jan
1; Hartenstein, Hannes 11 Institut für Telematik (TM), Karlsruher Institut für Technologie (KIT)
Abstract (englisch):
Ensuring the integrity of executable binaries is of vital importance to systems that run and depend on them.
Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions.
Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems.
Stengele et al. presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations.
In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes.
We show the client's ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client.
We also examine the trust relations and trade-offs through our use case.
Since the user client fully relies on an Ethereum client as a gateway, the latter's resilience against malicious actors is crucial to consider in a practical deployment.
Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions.
Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems.
Stengele et al. presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations.
In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes.
We show the client's ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client.
We also examine the trust relations and trade-offs through our use case.
Since the user client fully relies on an Ethereum client as a gateway, the latter's resilience against malicious actors is crucial to consider in a practical deployment.
| Zugehörige Institution(en) am KIT | Institut für Telematik (TM) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsmonat/-jahr | 12.2020 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-1-4503-8202-1 KITopen-ID: 1000128600 |
| Erschienen in | Middleware '20 Demos and Posters: Proceedings of the 21st International Middleware Conference Demos and Posters |
| Veranstaltung | 21st International Middleware Conference Demos and Posters (2020), Delft, Niederlande, 07.12.2020 – 11.12.2020 |
| Verlag | Association for Computing Machinery (ACM) |
| Seiten | 9–10 |
| Projektinformation | KASTEL_ISE (BMBF, 16KIS0754) |
| Vorab online veröffentlicht am | 07.12.2020 |
| Schlagwörter | Blockchain, integrity protection, revocation |
| Nachgewiesen in | Dimensions Scopus |
| Relationen in KITopen |
|