Le-git-imate: Towards verifiable web-based git repositories

Hammad Afzali, Santiago Torres-Arias, Reza Curtmola, Justin Cappos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature - the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended. In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate, a defense against these attacks which provides security guarantees comparable and compatible with Git's standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server's actions faithfully follow the user's requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git's standard commit signature mechanism. With our solution in place, users can take advantage of GitHub/GitLab's web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories.

    Original languageEnglish (US)
    Title of host publicationASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery, Inc
    Pages469-482
    Number of pages14
    ISBN (Electronic)9781450355766
    DOIs
    StatePublished - May 29 2018
    Event13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018 - Incheon, Korea, Republic of
    Duration: Jun 4 2018Jun 8 2018

    Other

    Other13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
    CountryKorea, Republic of
    CityIncheon
    Period6/4/186/8/18

    Fingerprint

    Servers
    Merging

    Keywords

    • Browser extension
    • Commit signature
    • GitHub
    • Verification record

    ASJC Scopus subject areas

    • Software
    • Computer Science Applications
    • Information Systems
    • Computer Networks and Communications

    Cite this

    Afzali, H., Torres-Arias, S., Curtmola, R., & Cappos, J. (2018). Le-git-imate: Towards verifiable web-based git repositories. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security (pp. 469-482). Association for Computing Machinery, Inc. https://doi.org/10.1145/3196494.3196523

    Le-git-imate : Towards verifiable web-based git repositories. / Afzali, Hammad; Torres-Arias, Santiago; Curtmola, Reza; Cappos, Justin.

    ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2018. p. 469-482.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Afzali, H, Torres-Arias, S, Curtmola, R & Cappos, J 2018, Le-git-imate: Towards verifiable web-based git repositories. in ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, pp. 469-482, 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018, Incheon, Korea, Republic of, 6/4/18. https://doi.org/10.1145/3196494.3196523
    Afzali H, Torres-Arias S, Curtmola R, Cappos J. Le-git-imate: Towards verifiable web-based git repositories. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2018. p. 469-482 https://doi.org/10.1145/3196494.3196523
    Afzali, Hammad ; Torres-Arias, Santiago ; Curtmola, Reza ; Cappos, Justin. / Le-git-imate : Towards verifiable web-based git repositories. ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2018. pp. 469-482
    @inproceedings{d339e60b5a504452937d3e93807126d9,
    title = "Le-git-imate: Towards verifiable web-based git repositories",
    abstract = "Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature - the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended. In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate, a defense against these attacks which provides security guarantees comparable and compatible with Git's standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server's actions faithfully follow the user's requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git's standard commit signature mechanism. With our solution in place, users can take advantage of GitHub/GitLab's web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories.",
    keywords = "Browser extension, Commit signature, GitHub, Verification record",
    author = "Hammad Afzali and Santiago Torres-Arias and Reza Curtmola and Justin Cappos",
    year = "2018",
    month = "5",
    day = "29",
    doi = "10.1145/3196494.3196523",
    language = "English (US)",
    pages = "469--482",
    booktitle = "ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security",
    publisher = "Association for Computing Machinery, Inc",

    }

    TY - GEN

    T1 - Le-git-imate

    T2 - Towards verifiable web-based git repositories

    AU - Afzali, Hammad

    AU - Torres-Arias, Santiago

    AU - Curtmola, Reza

    AU - Cappos, Justin

    PY - 2018/5/29

    Y1 - 2018/5/29

    N2 - Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature - the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended. In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate, a defense against these attacks which provides security guarantees comparable and compatible with Git's standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server's actions faithfully follow the user's requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git's standard commit signature mechanism. With our solution in place, users can take advantage of GitHub/GitLab's web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories.

    AB - Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature - the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended. In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate, a defense against these attacks which provides security guarantees comparable and compatible with Git's standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server's actions faithfully follow the user's requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git's standard commit signature mechanism. With our solution in place, users can take advantage of GitHub/GitLab's web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories.

    KW - Browser extension

    KW - Commit signature

    KW - GitHub

    KW - Verification record

    UR - http://www.scopus.com/inward/record.url?scp=85049201509&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85049201509&partnerID=8YFLogxK

    U2 - 10.1145/3196494.3196523

    DO - 10.1145/3196494.3196523

    M3 - Conference contribution

    AN - SCOPUS:85049201509

    SP - 469

    EP - 482

    BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security

    PB - Association for Computing Machinery, Inc

    ER -