Search Icon
Register

Rethinking Trust in Forge-Based Git Security

Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New York University), Reza Curtmola (New Jersey Institute of Technology), Justin Cappos (New York University)

Git is the most popular version control system today, with Git forges such as
GitHub, GitLab, and Bitbucket used to add functionality. Significantly, these
forges are used to enforce security controls. However, due to the lack of an
open protocol for ensuring a repository's integrity, forges cannot prove
themselves to be trustworthy, and have to carry the responsibility of being
non-verifiable trusted third parties in modern software supply chains.

In this paper, we present textbf{gittuf}, a system that decentralizes Git
security and enables every user to contribute to collectively enforcing the
repository's security. First, gittuf enables distributing of policy
declaration and management responsibilities among more parties such that no
single user is trusted entirely or unilaterally. Second, gittuf decentralizes
the tracking of repository activity, ensuring that a single entity cannot
manipulate repository events. Third, gittuf decentralizes policy enforcement
by enabling all developers to independently verify the policy, eliminating the
single point of trust placed in the forge as the only arbiter for whether a
change in the repository is authorized. Thus, gittuf can provide strong
security guarantees in the event of a compromise of the centralized forge, the
underlying infrastructure, or a subset of privileged developers trusted to set
policy. gittuf also implements policy features that can protect against
unauthorized changes to branches and tags (emph{i.e.}, pushes) as well as
files/folders (emph{i.e.}, commits). Our analysis of gittuf shows that its
properties and policy features provide protections against previously seen
version control system attacks. In addition, our evaluation of gittuf shows it
is viable even for large repositories with a high volume of activity such as
those of Git and Kubernetes (less than 4% storage overhead and under 0.59s of
time to verify each push).

Currently, gittuf is an OpenSSF sandbox project hosted by the Linux
Foundation. gittuf is being used in projects hosted by the OpenSSF and the
CNCF, and an enterprise pilot at Bloomberg is underway.

Paper

View More Papers

Automated Mass Malware Factory: The Convergence of Piggybacking and...

Heng Li (Huazhong University of Science and Technology), Zhiyuan Yao (Huazhong University of Science and Technology), Bang Wu (Huazhong University of Science and Technology), Cuiying Gao (Huazhong University of Science and Technology), Teng Xu (Huazhong University of Science and Technology), Wei Yuan (Huazhong University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University)

Read More

Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment...

Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology)

Read More

Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel

Hang Zhang (Indiana University Bloomington), Jangha Kim (The Affiliated Institute of ETRI, ROK), Chuhong Yuan (Georgia Institute of Technology), Zhiyun Qian (University of California, Riverside), Taesoo Kim (Georgia Institute of Technology)

Read More

BitShield: Defending Against Bit-Flip Attacks on DNN Executables

Yanzuo Chen (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Zhibo Liu (The Hong Kong University of Science and Technology), Sihang Hu (Huawei Technologies), Tianxiang Li (Huawei Technologies), Shuai Wang (The Hong Kong University of Science and Technology)

Read More