Conference and Journal Publications
-
Survivable Key Compromise in Software Update Systems: Presented at the 17th ACM Conference on Computer and Communications Security (CCS'10) in Chicago, Illinois, in 2010. This paper introduced the TUF design concept on which Uptane is based.
-
Diplomat: Using Delegations to Protect Community Repositories: Presented at the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16) in Santa Clara, CA 2016. This paper describes security enhancements to TUF that enable it to work with community repositories like PyPI or RubyGems.
-
Uptane: Securing Software Updates for Automobiles: Presented at the 14th Embedded Security in Cars (escar16) conference in Munich, Germany, in 2016. This escar presentation was the first public acknowledgement of the Uptane framework.
-
Mercury: Bandwidth-Effective Prevention of Rollback Attacks against Community Repositories: Presented at the 2017 USENIX Annual Technical Conference (USENIX 2017) in Santa Clara, CA. This paper describes enhancements to TUF that reduce the amount of bandwidth used.
-
Securing Software Updates for Automotives Using Uptane: Article that appeared in the Summer 2017 issue of ;login magazine, a USENIX publication.
-
Uptane: Security and Customizability of Software Updates for Vehicles: Article that appeared in the March 2018 issue of IEEE Vehicular Technology Magazine.
-
Using a Dual-Layer Specification to Offer Selective Interoperability for Uptane: Appeared in the ESCAR USA 2020 Special Issue journal. This paper describes the way Uptane uses POUFs to allow for a flexible specification as well as interoperability when needed.
Whitepapers
-
Uptane: Securing delivery of software updates for ground vehicles: The first in a series of whitepapers, this serves as an introduction to the Uptane framework and explain how it differs from other secure update systems in the automotive sector.
-
Uptane: 地上車両を対象とするソフトウェア アップデート配信のセキュリティ対策: The first Uptane whitepaper translated into Japanese by Shotaro Tadehara, TMNA.
-
Scudo: A Proposal for Resolving Software Supply Chain Insecurities in Vehicles: The second Uptane whitepaper, this discusses software supply chain attacks and their impact to automobiles. It also introduces Scudo, a framework that combines Uptane and in-toto, a software supply chain security framework, to achieve end-to-end guarantees, from the development of automobile code all the way to its delivery.