T-76 4115 06-07 F-Secure Software Signing System Olli Salminen, Research Manager F-Secure Research.
-
Upload
pierce-alexander -
Category
Documents
-
view
216 -
download
2
Transcript of T-76 4115 06-07 F-Secure Software Signing System Olli Salminen, Research Manager F-Secure Research.
Page 2
F-Secure Corporation
• Founded in 1988
• Anti-Virus and Intrusion Prevention solutions
• The Group's personnel numbered 454 at the end of the quarter 1 2006
• Offices in 15 countries, resellers and distributors in over 50 countries
http://www.f-secure.com
Page 3
Difficulty in Signing Process
• At the moment the signing cannot be done remotely
• When something needs to be signed, people need to come to the office
• At the moment not integrated with other signing systems
• Anti-Virus Database Updates are signed in different system
• Logging and monitoring missing
• Only a few people has rights to sign F-Secure software
• New Windows Vista will increase the amount of code that needs to be signed
Page 4
What we need
• Objective is to have automatic, reliable, secure and remotely usable software signing system. It will accept software package as input, performs various operations, adds the signature and releases the software to correct channel. The system needs to have reporting functionality to see later what was done.
• So, we need a system that
• Signs software and verifies the result
• Does it securely
• Allows remote usage of the system
• Logs the changes / results
• Allows to see later what has happened and by who
• Has a user management
• Integrates with other signing systems
Page 5
What That Might Mean?
• It might be enough just to create the system and module architecture documentation + prototype
• It also might mean the ready system which will be used in production
• Signing workflow is described here
Firewall
Developer
4. Approval
1. Submission Request
6. Virus Scan
Internet
Timestamp Server
Security Boundary
Security Boundary
Web Server
Approvers
File Server
Code SigningServer
2. File Share Creation
3. Submission Uploaded
Security Boundary
7. Logging
8. Code Signing
10. Return Signed Code
Firewall
Staging Server
Archive Server
9. Archive
Audit Server
VirusScanner
HSM
5. Transfer to Staging Server
Firewall
Page 6
What tools can be used
• We are not limiting the set of development tools, but we encourage the use of:
• Java/Hibernate/Spring,
• MySQL for the database,
• Python for scripting and
• XML-RPC as a communication tool between processes
• If the usage of these tools is not suitable for some parts of the system, different tools can also be used
Page 7
Why Would You Choose This Project?
• What we offer is:
• Challenging project that will be used in real world
• We have done T-76-4115 projects also earlier
• We know what to expect
• Good working environment
• Workstations / laptops for the development
• Good hardware for the production
• Room in Ruoholahti office
• Possibility to work also remotely
• Guidance and technical advisor
• Learn from leading edge software development professionals
• Benefits like cheap soft drinks, free coffee/tea/fruits, sauna parties, free beer…
Page 8
What Type of Persons
• We are looking for
• 5-7 energetic and ambitious persons
• With technical skills mentioned earlier
• We need developers
• Project leader with management skills
• System Architect
• Quality-minded system tester
• Fluent communication skills in English
• We expect that the project uses Agile software development methods
• Technical Advisor, Kimmo Toro, tells more about this project