Diplomat: Using Delegations to Protect Community Repositories

@inproceedings{Kuppusamy2016DiplomatUD,
  title={Diplomat: Using Delegations to Protect Community Repositories},
  author={Trishank Karthik Kuppusamy and Santiago Torres-Arias and Vladimir Diaz and Justin Cappos},
  booktitle={NSDI},
  year={2016}
}
Community repositories, such as Docker Hub, PyPI, and RubyGems, are bustling marketplaces that distribute software. Even though these repositories use common software signing techniques (e.g., GPG and TLS), attackers can still publish malicious packages after a server compromise. This is mainly because a community repository must have immediate access to signing keys in order to certify the large number of new projects that are registered each day. This work demonstrates that community… CONTINUE READING
Highly Cited
This paper has 17 citations. REVIEW CITATIONS
12 Citations
61 References
Similar Papers

Citations

Publications citing this paper.

References

Publications referenced by this paper.
Showing 1-10 of 61 references

And Docker, Inc

  • D. MÓNICA
  • Introducing Docker Content Trust. https://blog…
  • 2015
Highly Influential
7 Excerpts

Cve 2014-0092

  • THE MITRE CORPORATION
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name…
  • 2014
Highly Influential
11 Excerpts

Diplomat : Using Delegations to Protect Community Repositories

  • T. K. KUPPUSAMY, S. TORRES-ARIAS, V. DIAZ, J. CAP-POS
  • Tech . Rep . TRCSE -
  • 2016

Evaluate The Update Framework

  • B. PHILIPS
  • https:// github.com/appc/spec/issues/211,
  • 2015
2 Excerpts

Improving Hackage security

  • LLP WELL-TYPED
  • http://www.well-typed.com/blog/2015/04…
  • 2015
3 Excerpts

Inc

  • PRIME DIRECTIVE
  • Development - Flynn. https:// flynn.io/docs…
  • 2015

Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed? https://blog.cloudflare.com/answering-the-criticalquestion-can-you-get-private-ssl-keys-usingheartbleed

  • CLOUDFLARE, INC
  • 2014
1 Excerpt

Let’s figure out a way to start signing RubyGems

  • T. ARCIERI
  • http://tonyarcieri.com/lets-figure-out-away-to…
  • 2014
1 Excerpt

Similar Papers

Loading similar papers…