自动更新:这是安全的? [英] Auto update: Is this secure?
本文介绍了自动更新:这是安全的?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我觉得像.NET是缺乏一种简单安全的自动更新库,所以我已经实现的东西,并把它的这里。有人认为,用我渴望图书馆前更新过程变得有点同行评审。
I felt like .net was lacking a simple secure automatic update library so I've implemented something and put it up here. Before anyone considers using the library I was keen for the update process to get a bit a peer review.
- 客户端软件填充了一个公共键和URI轮询
- 客户端轮询URI的清单文件。
- 清单是下载并签名(在一个单独的的.signature。 )用于检查清单是有效的。
- 挂起更新的名单解析出舱单(展现给用户)。
- 安装程序运行。
<利>安装程序文件下载并再次与相应的的.signature文件验证。 (下载的文件将使用ACL来保护)
- The client software is populated with a public key and URI to poll.
- Client polls a URI for a manifest file.
- Manifest is downloaded and signature (in a separate ".signature") is used to check that the manifest is valid.
- A list of pending updates is parsed out of the manifest (to show to the user).
- The installer file is downloaded and again is verified with a corresponding ".signature" file. (the downloaded file will be protected with ACLs)
- The installer is run.
- 清单签名应防止任何恶意下载(的地毯式轰炸)
- 安装程序签名应阻止发送恶意安装任何MITM攻击
- 使用ACL保护下载的安装应避免任何本地升级攻击
- MITM 攻击下,攻击者总是报没有可用的更新。 (可以在易受攻击的版本保持客户端)
- A MITM attack where the attacker always reports "no updates available". (Could keep a client at a vulnerable version)
- Secure Software Updates: Disappointments and New Challenges
- Black Ops 2008: It’s The End Of The Cache As We Know It
- Evilgrade Will Destroy Us All
推荐答案
卡明斯基有一个用于更新一个很好的一套准则:
Dan Kaminsky has a good set of guidelines for an updater:
要取得成功,你的更新包必须是:
To succeed, your update package must be:
- 签名。由您
- 签名。
- 将您签名,使用正确的EKU
(扩展密钥用法) - 从一个未被撤销的签名
- 是相同的产品 $ b $乙双方签署
- 是一个新的版本
- Signed.
- Signed by you.
- Signed by you, using the right EKU (Extended Key Usage)
- Signed from an unrevoked signature
- Be the same product
- Be a new version
这是在这个问题上你的描述,看来你有第3。
From your description in this question, it appears that you have the first 3.
这篇关于自动更新:这是安全的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文