Git - an example of a Version Control System (VCS) - provides its users with the possibility of Signed Commits (SC) using GPG signatures. SC are useful for establishing strong guarantees of integrity, authorship, non-repudiation and auditability of source code. These properties are highly desirable when developing high assurance products. Additionally the following features are also desirable in a SC enabled VCS system: Write Access Control, Write Access Management and GPG Identity Revocation.
Available fall 2020
The purpose of this thesis is to theoretically investigate and practically develop a system which makes use of SC based on GPG signature. The aim is to answer the following research questions:
- How can SC be used to guarantee that only explicitly permitted GPG identities are allowed to push commits in a specific VCS repository?
- What is a good Root of Trust (ROT) for organization global GPG identities to be strongly tied to a specific individual?
- How can organization global GPG identities be securely managed with a low amount of overhead and with as little need as possible for administrators or other VIPs to get involved?
- How can the permissions of (question 1) be flexibly and securely managed with low overhead, on a per repository basis?
- How can organization global GPG identities be securely revoked without the need for local administration of all VCS repositories.
- How can the validity of past signatures be maintained after revocation?
- What are good procedures for repository audits of GPG signature correctness?
- How should VSC-hooks be designed to prevent user mistakes from propagating into VCS repositories.
Preferred areas of knowledge/interest
- Security Protocols
- Ring/web of trust
- Git and other VCSs