240 research outputs found

    Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software

    Get PDF
    The majority of computer users download software from the Internet and run it directly on their machine. They expect applications to work as advertised, and implicitly trust them not to perform any malicious activities. For security-sensitive applications though, users need the assurance that what they downloaded is what has been officially released by the developers, and that it comes directly from audited sources to avoid surreptitious backdoors. However, the compilation process from source code to binary files, and more generally, the toolchain used in software packaging, has not been designed with verifiability in mind. Rather, the output of compilers is often dependent on parameters that can be strongly tied to the building environment, and may not be easily repeatable anywhere else. In this paper, we first manually replicate a close match to the official binaries of sixteen most recent versions of TrueCrypt for Windows up to v7.1a, a widely known open-source encryption tool, and explain the remaining differences that can solely be attributed to non-determinism in the build process. This experiment provides the missing guarantee on the official binaries, and makes audits on TrueCrypt's source code more meaningful. Also, it gives insights about what constitutes sources of non-determinism in a compilation process, which may help create future verifiable build processes. We also summarize challenges faced by Bitcoin, Tor, Debian and other Linux distributions in designing automated methods, such as deterministic and reproducible builds, for the verification of their official packages. Finally, we discuss a few suggestions for achieving deterministic builds

    Proceedings of the 4th International Conference on Principles and Practices of Programming in Java

    Full text link
    This book contains the proceedings of the 4th international conference on principles and practices of programming in Java. The conference focuses on the different aspects of the Java programming language and its applications

    Challenges and Implications of Verifiable Builds for Security-Critical Open-Source Software

    Get PDF
    The majority of computer users download compiled software and run it directly on their machine. Apparently, this is also true for open-sourced software -- most users would not compile the available source, and implicitly trust that the available binaries have been compiled from the published source code (i.e., no backdoor has been inserted in the binary). To verify that the official binaries indeed correspond to the released source, one can compile the source of a given application, and then compare the locally generated binaries with the developer-provided official ones. However, such simple verification is non-trivial to achieve in practice, as modern compilers, and more generally, toolchains used in software packaging, have not been designed with verifiability in mind. Rather, the output of compilers is often dependent on parameters that can be strongly tied to the building environment. In this paper, we analyze a widely-used encryption tool, TrueCrypt, to verify its official binary with the corresponding source. We first manually replicate a close match to the official binaries of sixteen most recent versions of TrueCrypt for Windows up to v7.1a, and then explain the remaining differences that can solely be attributed to non-determinism in the build process. Our analysis provides the missing guarantee on official binaries that they are indeed backdoor-free, and makes audits on TrueCrypt's source code more meaningful. Also, we uncover several sources of non-determinism in TrueCrypt's compilation process; these findings may help create future verifiable build processes

    Reverse code engineering of .NET applications

    Get PDF

    ALGORITHMS FOR THE ALIGNMENT AND VISUALIZATION OF GENOME MAPPING DATA WITH APPLICATIONS TO STRUCTURAL VARIANT DETECTION

    Get PDF
    Optical mapping and nanocoding are single molecule restriction mapping systems for interrogating genomic structure at a scale that cannot currently be achieved using DNA sequencing methods. In these mapping experiments, large DNA molecules approximately 500 kb are stretched, immobilized or confined, and then digested with a restriction endonuclease that cuts or nicks the DNA at its cognate sequence. The cut/nick sites are then observed through fluorescent microscopy and machine vision is used to estimate the length of the DNA fragments between consecutive sites. This produces, for each molecule, a barcode-like pattern comprising the ordered list of restriction fragment lengths Despite the promise of the optical mapping and nanocoding systems, there are few open source tools for working with the data generated by these platforms. Most analyses rely on custom in-house software pipelines using proprietary software. In this dissertation we present open source software tools for the alignment and vizualization of restriction mapping data. In this work we first present a review of the optical mapping and nanocoding systems and provide an overview of the current methods for aligning and assembling consensus restriction maps and their related applications. Next, we present the Maligner software for the alignment of a query restriction pattern to a reference pattern. Alignment is a fundamental problem which is the first step in many downstream analyses, such as consensus map assembly or structural variant calling. The Maligner software features both a sensitive dynamic programming implementation and a faster but less sensitive index based mode of alignment. We compare the Maligner software to other available tools for the task of aligning a sequence contig assembly to a reference optical map and for aligning single molecule maps to a reference. Next, we present a portable data visualization web application for visualizing pairwise alignments of restriction maps. Finally, we present updates to the Maligner software to support partial alignments of single molecule maps, allowing for the clustering of compatible split map alignments to identify structural variants

    NASA Tech Briefs, November/December 1987

    Get PDF
    Topics include: NASA TU Services; New Product Ideas; Electronic Components and Circuits; Electronic Systems; Physical Sciences; Materials; Computer Programs; Mechanics; Fabrication Technology; Machinery; Mathematics and Information Sciences; Life Sciences

    Designing a higher layer protocol for small distributed microcontroller systems using the control area network protocol

    Get PDF
    This thesis is concerned with designing a Higher Layer Protocol (HLP) for small distributed microcontroller systems using a well-established network protocol: the Controller Area Network (CAN) protocol which, currently, is widely used in the automation industries. Steps were taken to investigate three popular HLPs based on the CAN protocol: namely. Smart Distributed System (SDS), DeviceNet. and CAN Kingdom. Following the comparison of the three HLPs, the CAN Kingdom protocol was chosen for the task of designing the HLP in this project in order to satisfy the restrictions associated with small systems. Thus, the HLP (named the Small CAN Kingdom protocol) of this project was designed according to the principles of the CAN Kingdom protocol, which contains many advantages for open network solutions. This enables designers to enhance a system\u27s performance relatively easily. A complete hardware and software design of a small CAN-based system, utilising the Motorola MC68HC 11 microcontrollers, the Intel 82527 CAN controller chips, and DS3695 (RS485 standard) transceivers has been described. This small system can be used to demonstrate the performance of the Small CAN Kingdom protocol. The development of the system software has also taken into account the rules associated with this protocol

    A cost and utility analysis of NIM/CAMAC standards and equipment for shuttle payload data acquisition and control systems. Volume 3: Tasks 3 and 4

    Get PDF
    The modifications for the Nuclear Instrumentation Modular (NIM) and Computer Automated Measurement Control (CAMAC) equipment, designed for ground based laboratory use, that would be required to permit its use in the Spacelab environments were determined. The cost of these modifications were estimated and the most cost effective approach to implementing them were identified. A shared equipment implementation in which the various Spacelab users draw their required complement of standard NIM and CAMAC equipment for a given flight from a common equipment pool was considered. The alternative approach studied was a dedicated equipment implementation in which each of the users is responsible for procuring either their own NIM/CAMAC equipment or its custom built equivalent

    Voyager spacecraft phase B, task D. Volume 7 - Preliminary OSE and MDE Final report

    Get PDF
    Systems analysis and preliminary requirements for mission dependent and operational support equipment for Voyager Mars spacecraf
    • …
    corecore