Hi everyone,

I'm very new to Genode (discovered last week with seL4), so please forgive my lack of experience.

I just wanted to bring you some information that might interest you, may be not today but soon (I hope).

I stumble accross CHAINIAC https://eprint.iacr.org/2017/648.pdf (Usenix presentation video https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/nikitin), a system to distribute software with many nice properties, that might be used for Debian packages one day.

I copy-past Bryan Ford (co-author) description emailed at IEFT https://www.ietf.org/mail-archive/web/suit/current/msg00154.html :

Abstract: Software-update mechanisms are critical to the security of modern systems, but their typically centralized design presents a lucrative and frequently attacked target. In this work, we propose CHAINIAC, a decentralized software-update framework that eliminates single points of failure, enforces transparency, and provides efficient verifiability of integrity and authenticity for software-release processes. Independent witness servers collectively verify conformance of software updates to release policies, build verifiers validate the source-to-binary correspondence, and a tamper-proof release log stores collectively signed updates, thus ensuring that no release is accepted by clients before being widely disclosed and validated. The release log embodies a skipchain, a novel data structure, enabling arbitrarily out-of-date clients to efficiently validate updates and signing keys. Evaluation of our CHAINIAC prototype on reproducible Debian packages shows that the automated update process takes the average of 5 minutes per release for individual packages, and only 20 seconds for the aggregate timeline. We further evaluate the framework using real-world data from the PyPI package repository and show that it offers clients security comparable to verifying every single update themselves while consuming only one-fifth of the bandwidth and having a minimal computational overhead.

It uses blockchain, but it is an optional feature (as discussed in the Q&A at the end of the Usenix Conference https://youtu.be/xpT6L8htINU?t=24m18s) as long as you can check servers of the Cothority (if I have understood it well).

It is written in Go (github repo https://github.com/dedis/paper_chainiac).

On the subject of application portability/deployment, I know there is a lot of initiatives trying to normalize application packaging in a Linux kernel context, like OCI https://www.opencontainers.org/, Habitat https://www.habitat.sh/, Flatpak https://flatpak.org/, each targetting a different audience (cloud/desktop). It might be an interesting combination with Chainiac... I don't know.

That was my $2 contribution. Hope it was not spam for you. I really want to help. I can start a wiki page if you want? But I will not be able to maintain it.

Disclaimer : I'm absolutely not an expert neither about kernel/OS development, software distribution/package management, cyber security or any technology of this topic. But, until recently I've tryed to develop a generic desktop secure OS that isolate every process into a sandbox (using a Linux kernel, tools like firejail/bubblewrap/minijail providing linux-namespace and secomp-bpf, and inspiration from OpenWall for least priviledge policy. I've a prototype runing and working well but really too hacky. I've stopped because of not enought time and resources. Genode is an obviously much better approach! Congrats :-) I cannot wait to see my workstation runing a port of Qubes/SubGraph on Genode+seL4...

Best wishes and happy new year.

Michael Bideau, from France.