Browse > Article
http://dx.doi.org/10.3745/KTCCS.2022.11.4.119

Secure and Efficient Package Management Techniques in Closed Networks  

Ahn, Gun-Hee (고려대학교 사이버국방학과)
An, Sang-Hyuk (고려대학교 사이버국방학과)
Lim, Dong-Kyun (고려대학교 사이버국방학과)
Jeong, Su-Hwan (고려대학교 사이버국방학과)
Kim, Jaewoo (한화시스템)
Shin, Youngjoo (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.11, no.4, 2022 , pp. 119-126 More about this Journal
Abstract
In this paper, we present important factors and methodologies that we have to follow for secure and efficient package management systems in a closed network. By analyzing previous works, we present several security considerations for the existing package management systems. Based on the consideration, we propose guidelines regarding the use of package management systems in the closed network. More specifically, we propose the development of new package management tools, utilization of physical storage media, utilization of local backup repositories, package updates, and downgrade batches for secure and efficient package management.
Keywords
Closed Network; Package Management System;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Format of the RPM File - RPM File Format [Internet], http://ftp.rpm.org/max-rpm/s1-rpm-file-format-rpm-file-format.html.
2 J. Cappos, J. Samuel, S. Baker, and J. H. Hartman, "A look in the mirror: Attacks on package managers," Proceedings of the 15th ACM conference on Computer and communications security, Oct. 2008.
3 J. Cappos, J. Samuel, S. Baker, and J. H. Hartman, "Package management security," University of Arizona Technical Report, 2008.
4 J. Cappos et al., "Stork: Package management for distributed VM environments," Proceedings of the 21st Large Installation System Administration Conference (LISA '07), Nov. 2007.
5 A. Athalye, R. Hristov, T. Nguyen, and Q. Nguyen, "Package Manager Security," Tech. Rep. [Internet], https://pdfs.semanticscholar.org/d398/d240e916079e418b77ebb4b3730d7e959b15.pdf. 2020.
6 RPM Package File Structure [Internet], https://docs.fedoraproject.org/ro/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch-package-structure.html.
7 Securing RPM Signing Keys [Internet], https://access.redhat.com/blogs/766093/posts/3373211.
8 Y. H. Jo and E. K. Lee, "Design of information security management for industrial control system," Proceedings of the Korean Society of Computer Information Conference, Korean Society of Computer Information, Jan. 2016.
9 RPM Package Manager [Internet], http://www.rpm.org/.
10 Man dpkg-sig [Internet], http://pwet.fr/man/linux/commandes/dpkg_sig.