Check out the new USENIX Web site.


USENIX, The Advanced Computing Systems Association

1st USENIX Workshop on Hot Topics in Security

Pp. 37–43 of the Proceedings

Secure Software Updates: Disappointments and New Challenges

Anthony Bellissimo, John Burgess, and Kevin Fu, University of Massachusetts Amherst

Abstract

A client can use a content distribution network to securely download software updates. These updates help to patch everyday bugs, plug security vulnerabilities, and secure critical infrastructure. Yet challenges remain for secure content distribution: many deployed software update mechanisms are insecure, and emerging technologies pose further hurdles for deployment. Our analysis of several popular software update mechanisms shows that deployed systems often rely on trusted networks to distribute critical software updates—despite the research progress in secure content distribution. We demonstrate how many deployed systems are susceptible to weak man-in-the-middle attacks. Furthermore, emerging technologies such as mobile devices, sensors, medical devices, and RFID tags present new challenges for secure software updates. Sporadic network connectivity and limited power, computation, and storage require a rethinking of traditional approaches for secure content distribution on embedded devices.
  • View the full text of this paper in PDF.
    Click here if you have forgotten your password Until July 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
To become a USENIX Member, please see our Membership Information.

Last changed: 4 Aug. 2006 ch