Secure Software Distribution in an Adversarial Environment - Duo Tech Talk

Secure software distribution is a hard problem. The thousands of different software update systems in use today, most of which are vulnerable to a myriad of attacks that leave the end users potentially vulnerable to compromise, are a testament to this fact. With the explosion in popularity of package managers and distributors such as RubyGems, PyPI and npm, more and more of our applications are dependent on small, reusable, modules, developed by thousands of different developers, and distributed by infrastructures outside of our control. Given that distributed systems are only as secure as their weakest link, it only takes compromising one of these modules to be able to compromise the entire infrastructure. It is time for software developers and publishers to start operating under an attack model that considers the distribution infrastructure itself as being actively malicious, and to start following best practices concerning role responsibility separation, offline storage of signing keys, and routine rotation of signing keys. Bio: Diogo Mónica is the security lead at Docker, an open platform for building, shipping and running distributed applications. He was an early employee at Square where he led the platform security team. He received his BSc, MSc and PhD degrees in Computer Science, and is currently a Security Researcher at the Technical University of Lisbon. Diogo also serves on the board of advisors of several security startups, and is a long-time IEEE Volunteer.