Attacks on Package Managers
Overview | Attack Anatomy | Impact | Protecting Yourself | People | Other Attacks | FAQ | Papers | Acknowledgments


We have a paper that focuses on an adversary that controls a mirror (or a man-in-the-middle attacker) that appeared at CCS 2008. This paper is available as a PDF.

An article discussing the current state of package manager vulnerabilities and what actions an administrator can take appeared in the February 2009 edition of the ;login: magazine.

We released a technical report decribing a broad look at the security of package managers. This is available as University of Arizona Technical Report TR08-02. A longer version is available in Justin Cappos' dissertation

In addition, there are several research papers that describe our research package manager Stork.