Stork: Secure Package Management for VM Environments

Abstract

Package managers are a common tool for installing, removing, and updating software on modern computer systems. Unfortunately existingpackage managers have two major problems. First, inadequate security leads to vulnerability to attack. Thereare nine feasible attacks against modern package managers, many of which are enabled by flaws in the underlying security architecture. Second, in Virtual Machine (VM) environments such as Xen, VMWare, and VServers,different VMs on the same physical machine are treated as separate systemsby package managers leading to redundant package downloads and installations.This dissertation focuses on the design, development, and evaluation ofa package manager called Stork that does not have these problems. Stork provides a security architecture that prevents the attacks other package managers are vulnerable to. Stork also is efficient in VM environments and reduces redundant package management actions. Stork is a real system thathas been in use for four years and has managed half a million VM instantiations.