Document Type
Thesis
Date of Award
8-31-2016
Degree Name
Master of Science in Cyber Security and Privacy - (M.S.)
Department
Computer Science
First Advisor
Reza Curtmola
Second Advisor
Cristian Borcea
Third Advisor
Kurt Rohloff
Abstract
Software development often relies on a Version Control System (VCS) to manage the source code, documentation and configuration of files. A VCS allows team development in which multiple developers can work simultaneously on source code updates. It also provides the ability to keep track of the historical changes made to the data over time, including the ability to retrieve previous versions of the source code in order to locate and fix bugs, and roll back to earlier versions in case the working version becomes buggy or unstable.
Apache Subversion (SVN) is a popular version control system that uses a client-server model: the SVN server hosts the central repository and multiple clients can submit updates to and retrieve other developers' updates from the central repository.
Due to the collaboration required for the large projects, VCS repositories are often hosted at third parties that are not always trustworthy. A malicious or compromised SVN server can manipulate the repository and insert buggy code in the repository such that it remains undetected. In addition, SVN currently does not have an accountability mechanism that allows an external auditor to establish the author of the code committed to the repository. As a result, a malicious or compromised server could create the appearance that a developer committed code that was in fact committed by another developer.
In this thesis, the security of SVN is enhanced by protecting the repository from being maliciously tampered by a compromised server or an attacker with write access to the repository. The main mechanism to achieve this is via signed commits, i.e., clients digitally sign their committed changes, and these signed commits are stored in the repository along with the committed data. In this way, clients can establish the authenticity, integrity and non-repudiation of the data retrieved from the repository. The SVN protocols have been modified to incorporate the commit signing mechanism. In practice, several challenges were taken into the account to preserve SVN's features related to the management of data. The security enhanced SVN is referred to as SSVN.
SSVN has been designed such that it respects several important design goals such as minimizing changes to the existing SVN protocols, minimizing the additional client-server communication and the additional metadata needed to be stored in order to achieve the desired security goals, and minimizing changes in existing workflows in order to preserve the usability of the software.
Significantly, the complex source code of SVN with around 1,685,000 lines of C code was modified for both SVN client and SVN server in order to implement the prototype of SSVN on top of the Apache Subversion (SVN). For SVN client, the major SVN commands that includes "checkout", "commit" and "update" were modified, and, for SVN server, the standalone server "svnserve" was modified.
The SSVN prototype is robust enough to handle hundreds of thousands of files while providing the aforementioned security properties. SSVN also provides backward compatibility with the older versions of SVN. Experimentally, the performance of SSVN shows that it adds a reasonable amount of overhead compared to the regular SVN.
Recommended Citation
Arya, Ruchir, "Towards trustworthy version control systems: enhancing the security of subversion" (2016). Theses. 2865.
https://digitalcommons.njit.edu/theses/2865
