Proceedings of the 15th ACM conference on Computer and communications security
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Proceedings of the 5th ACM symposium on QoS and security for wireless and mobile networks
MeshUp: reliably evolving a living lab
Proceedings of the fifth ACM international workshop on Wireless network testbeds, experimental evaluation and characterization
Survivable key compromise in software update systems
Proceedings of the 17th ACM conference on Computer and communications security
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
System security, platform security and usability
Proceedings of the fifth ACM workshop on Scalable trusted computing
Patch auditing in infrastructure as a service clouds
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
HealthSec'11 Proceedings of the 2nd USENIX conference on Health security and privacy
Typhoon: a middleware for epidemic propagation of software updates
Proceedings of the Third International Workshop on Middleware for Pervasive Mobile and Embedded Computing
Computer security and the modern home
Communications of the ACM
Hi-index | 0.02 |
A client can use a content distribution network to securely download software updates. These updates help to patch everyday bugs, plug security vulnerabilities, and secure critical infrastructure. Yet challenges remain for secure content distribution: many deployed software update mechanisms are insecure, and emerging technologies pose further hurdles for deployment. Our analysis of several popular software update mechanisms shows that deployed systems often rely on trusted networks to distribute critical software updates-despite the research progress in secure content distribution. We demonstrate how many deployed systems are susceptible to weak man-in-the-middle attacks. Furthermore, emerging technologies such as mobile devices, sensors, medical devices, and RFID tags present new challenges for secure software updates. Sporadic network connectivity and limited power, computation, and storage require a rethinking of traditional approaches for secure content distribution on embedded devices.