Papers
We have a paper that focuses on an adversary that controls a mirror (or a man-in-the-middle attacker) that appeared at CCS 2008. This paper is available as a PDF.
An article discussing the current state of package manager vulnerabilities and what actions an administrator can take appeared in the February 2009 edition of the ;login: magazine.
We released a technical report decribing a broad look at the security of package managers. This is available as University of Arizona Technical Report TR08-02. A longer version is available in Justin Cappos' dissertation
In addition, there are several research papers that describe our research package manager Stork.
- A Stork Overview paper appeared in LISA 2007.
- A discussion on Why it is hard to build a long running service appeared in WORLDS 2005.
- Proper and its interaction with Stork appeared in a short version at USENIX ATC 2005 and a full version in Operating Systems Review 2006.
- A description of the techniques for centralized management of Stork appeared in ;login: magazine in the Feb, 2008 edition.