{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,12]],"date-time":"2025-03-12T04:26:59Z","timestamp":1741753619844,"version":"3.38.0"},"reference-count":73,"publisher":"SAGE Publications","issue":"4","license":[{"start":{"date-parts":[[2020,4,6]],"date-time":"2020-04-06T00:00:00Z","timestamp":1586131200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2020,6,19]]},"abstract":"<jats:p> Web-based Git hosting services such as GitHub and GitLab are popular choices to manage and interact with Git repositories. However, they lack an important security feature \u2013 the ability to sign Git commits. Users instruct the server to perform repository operations on their behalf and have to trust that the server will execute their requests faithfully. Such trust may be unwarranted though because a malicious or a compromised server may execute the requested actions in an incorrect manner, leading to a different state of the repository than what the user intended. <\/jats:p><jats:p> In this paper, we show a range of high-impact attacks that can be executed stealthily when developers use the web UI of a Git hosting service to perform common actions such as editing files or merging branches. We then propose le-git-imate , a defense against these attacks, which enables users to protect their commits using Git\u2019s standard commit signing mechanism. We implement le-git-imate as a Chrome browser extension. le-git-imate does not require changes on the server side and can thus be used immediately. It also preserves current workflows used in Github\/GitLab and does not require the user to leave the browser, and it allows anyone to verify that the server\u2019s actions faithfully follow the user\u2019s requested actions. Moreover, experimental evaluation using the browser extension shows that le-git-imate has comparable performance with Git\u2019s standard commit signature mechanism. With our solution in place, users can take advantage of GitHub\/GitLab\u2019s web-based features without sacrificing security, thus paving the way towards verifiable web-based Git repositories. <\/jats:p>","DOI":"10.3233\/jcs-191371","type":"journal-article","created":{"date-parts":[[2020,4,7]],"date-time":"2020-04-07T17:53:04Z","timestamp":1586281984000},"page":"405-436","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":2,"title":["Towards adding verifiability to web-based Git repositories"],"prefix":"10.1177","volume":"28","author":[{"given":"Hammad","family":"Afzali","sequence":"first","affiliation":[{"name":"Department of Computer Science, New Jersey Institute of Technology, NJ, USA. E-mails:\u00a0,\u00a0"}]},{"given":"Santiago","family":"Torres-Arias","sequence":"additional","affiliation":[{"name":"Tandon School of Engineering, New York University, NY, USA. E-mails:\u00a0,\u00a0"}]},{"given":"Reza","family":"Curtmola","sequence":"additional","affiliation":[{"name":"Department of Computer Science, New Jersey Institute of Technology, NJ, USA. E-mails:\u00a0,\u00a0"}]},{"given":"Justin","family":"Cappos","sequence":"additional","affiliation":[{"name":"Tandon School of Engineering, New York University, NY, USA. E-mails:\u00a0,\u00a0"}]}],"member":"179","published-online":{"date-parts":[[2020,4,6]]},"reference":[{"key":"ref001","unstructured":"GitHub, https:\/\/github.com."},{"key":"ref002","unstructured":"GitLab, https:\/\/gitlab.com."},{"key":"ref003","unstructured":"Bitbucket, https:\/\/bitbucket.org."},{"key":"ref004","unstructured":"SourceForge, https:\/\/sourceforge.net."},{"key":"ref005","unstructured":"Assembla, https:\/\/www.assembla.com."},{"key":"ref006","unstructured":"RhodeCode, https:\/\/rhodecode.com."},{"key":"ref007","unstructured":"GitHub Octoverse 2019, 2019, https:\/\/octoverse.github.com\/."},{"key":"ref008","unstructured":"10 million repositories, 2013, https:\/\/github.com\/blog\/1724-10-million-repositories."},{"key":"ref009","unstructured":"LWN, Linux kernel backdoor attempt, https:\/\/lwn.net\/Articles\/57135\/."},{"key":"ref010","unstructured":"E.\u00a0Homakov, How I hacked GitHub again, http:\/\/homakov.blogspot.com\/2014\/02\/how-i-hacked-github-again.html."},{"key":"ref011","unstructured":"gamasutra, Cloud source host Code Spaces hacked, developers lose code, http:\/\/www.gamasutra.com\/view\/news\/219462\/Cloud_source_host_Code_Spaces_hacked_developers_lose_code.php."},{"key":"ref012","unstructured":"Kernel.org Linux repository rooted in hack attack, http:\/\/www.theregister.co.uk\/2011\/08\/31\/linux_kernel_security_breach\/."},{"key":"ref013","unstructured":"ZDNet, Red Hat\u2019s Ceph and Inktank code repositories were cracked, http:\/\/www.zdnet.com\/article\/red-hats-ceph-and-inktank-code-repositories-were-cracked."},{"key":"ref014","unstructured":"Gigaom, Adobe source code breach; it\u2019s bad, real bad, https:\/\/gigaom.com\/2013\/10\/04\/adobe-source-code-breech-its-bad-real-bad."},{"key":"ref015","unstructured":"ZDNet, Open-source ProFTPD hacked, backdoor planted in source code, http:\/\/www.zdnet.com\/article\/open-source-proftpd-hacked-backdoor-planted-in-source-code."},{"key":"ref016","unstructured":"ExtremeTech, GitHub hacked, millions of projects at risk of being modified or deleted, http:\/\/www.extremetech.com\/computing\/120981-github-hacked-millions-of-projects-at-risk-of-being-modified-or-deleted."},{"key":"ref017","unstructured":"It\u2019s 2017 and 200,000 services still have unpatched Heartbleeds, 2017, https:\/\/www.theregister.co.uk\/2017\/01\/23\/heartbleed_2017\/."},{"key":"ref018","unstructured":"Gerrit, https:\/\/www.gerritcodereview.com\/."},{"key":"ref019","unstructured":"Jira, https:\/\/www.atlassian.com\/software\/jira."},{"key":"ref020","unstructured":"Phabricator, https:\/\/www.phacility.com."},{"key":"ref021","unstructured":"le-git-imate, https:\/\/le-git-imate.github.io\/."},{"key":"ref022","unstructured":"isomorphic-git, https:\/\/isomorphic-git.org\/."},{"key":"ref023","unstructured":"China, GitHub and the man-in-the-middle, https:\/\/en.greatfire.org\/blog\/2013\/jan\/china-github-and-man-middle."},{"key":"ref024","unstructured":"B.\u00a0Marczak, N.\u00a0Weaver, J.\u00a0Dalek, R.\u00a0Ensafi, D.\u00a0Fifield, S.\u00a0McKune, A.\u00a0Rey, J.\u00a0Scott-Railton, R.\u00a0Deibert and V.\u00a0Paxson, An analysis of China\u2019s \u201cGreat Cannon\u201d, in: Fifth USENIX Workshop on Free and Open Comms. on the Internet (FOCI 15), 2015."},{"key":"ref025","doi-asserted-by":"crossref","unstructured":"C.\u00a0Soghoian and S.\u00a0Stamm, Certified lies: Detecting and defeating government interception attacks against SSL (short paper), in: Proc. of the 16th International Conference on Financial Cryptography and Data Security (FC \u201912), 2012.","DOI":"10.1007\/978-3-642-27576-0_20"},{"key":"ref026","unstructured":"N.\u00a0Aviram, S.\u00a0Schinzel, J.\u00a0Somorovsky, N.\u00a0Heninger, M.\u00a0Dankel, J.\u00a0Steube, L.\u00a0Valenta, D.\u00a0Adrian, J.A.\u00a0Halderman, V.\u00a0Dukhovni, E.\u00a0K\u00e4sper, S.\u00a0Cohney, S.\u00a0Engels, C.\u00a0Paar and Y.\u00a0Shavitt, DROWN: Breaking TLS using SSLv2, in: 25th USENIX Security Symposium (USENIX Security 16), 2016, pp.\u00a0689\u2013706."},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"Z.\u00a0Durumeric, Z.\u00a0Ma, D.\u00a0Springall, R.\u00a0Barnes, N.\u00a0Sullivan, E.\u00a0Bursztein, M.\u00a0Bailey, J.A.\u00a0Halderman and V.\u00a0Paxson, The security impact of HTTPS interception, in: Proc. of Network and Distributed System Security Symposium (NDSS), 2016, pp.\u00a0689\u2013706.","DOI":"10.14722\/ndss.2017.23456"},{"key":"ref028","unstructured":"S.\u00a0Torres-Arias, A.K.\u00a0Ammula, R.\u00a0Curtmola and J.\u00a0Cappos, On omitting commits and committing omissions: Preventing Git metadata tampering that (re)introduces software vulnerabilities, in: 25th USENIX Security Symposium (USENIX Security 16), 2016, pp.\u00a0379\u2013395."},{"key":"ref029","unstructured":"GitHub Platform Roadmap, https:\/\/developer.github.com\/early-access\/platform-roadmap\/."},{"key":"ref030","unstructured":"The GitHub Blog, https:\/\/github.com\/blog."},{"key":"ref031","unstructured":"Chrome browser extension, https:\/\/developer.chrome.com\/extensions."},{"key":"ref032","unstructured":"Content Scripts, https:\/\/developer.chrome.com\/extensions\/content_scripts."},{"key":"ref033","unstructured":"Manage events with background scripts, https:\/\/developer.chrome.com\/extensions\/background_pages."},{"key":"ref034","unstructured":"GitHub API, https:\/\/developer.github.com\/v3\/."},{"key":"ref035","unstructured":"Git\u2019s pack protocol, https:\/\/github.com\/git\/git\/blob\/master\/Documentation\/technical\/pack-protocol.txt."},{"key":"ref036","unstructured":"gitkit-js, https:\/\/github.com\/SamyPesse\/gitkit-js."},{"key":"ref037","unstructured":"js-git, https:\/\/github.com\/creationix\/js-git."},{"key":"ref038","unstructured":"git.js, https:\/\/github.com\/danlucraft\/git.js."},{"key":"ref039","unstructured":"es-git, https:\/\/github.com\/es-git\/es-git."},{"key":"ref040","unstructured":"isomorphic-git v0.65.0, https:\/\/github.com\/isomorphic-git\/isomorphic-git\/releases\/tag\/v0.65.0."},{"key":"ref041","unstructured":"Git internals \u2013 Transfer protocols, https:\/\/git-scm.com\/book\/ms\/v2\/Git-Internals-Transfer-Protocols."},{"key":"ref042","unstructured":"Keybase, https:\/\/keybase.io."},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"S.\u00a0Fahl, M.\u00a0Harbach, T.\u00a0Muders, M.\u00a0Smith and U.\u00a0Sander, Helping Johnny 2.0 to encrypt his Facebook conversations, in: Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS \u201912), ACM, 2012.","DOI":"10.1145\/2335356.2335371"},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"M.M.\u00a0Lucas and N.\u00a0Borisov, FlyByNight: Mitigating the privacy risks of social networking, in: Proc. of the 7th ACM WPES \u201908, 2008.","DOI":"10.1145\/1456403.1456405"},{"key":"ref045","unstructured":"GPG signature verification, https:\/\/github.com\/blog\/2144-gpg-signature-verification."},{"key":"ref046","unstructured":"Mailvelope, https:\/\/www.mailvelope.com\/en."},{"key":"ref047","unstructured":"FlowCrypt, https:\/\/flowcrypt.com\/."},{"key":"ref048","doi-asserted-by":"crossref","unstructured":"H.\u00a0Afzali, S.\u00a0Torres-Arias, R.\u00a0Curtmola and J.\u00a0Cappos, le-git-imate: Towards verifiable web-based Git repositories, in: Proc. of the 2018 ACM Asia Conference on Computer and Communications Security (ASIACCS \u201918), ACM, 2018, pp.\u00a0469\u2013482.","DOI":"10.1145\/3196494.3196523"},{"key":"ref049","unstructured":"OpenPGP.js, https:\/\/openpgpjs.org\/."},{"key":"ref050","unstructured":"Global trends in online shopping \u2013 A Nielsen report, http:\/\/www.nielsen.com\/us\/en\/insights\/reports\/2010\/Global-Trends-in-Online-Shopping-Nielsen-Consumer-Report.html."},{"key":"ref051","doi-asserted-by":"crossref","unstructured":"R.B.\u00a0Miller, Response time in man\u2013computer conversational transactions, in: Proc. of the December 9\u201311, 1968, Fall Joint Computer Conference, Part I, ACM, 1968.","DOI":"10.1145\/1476589.1476628"},{"key":"ref052","unstructured":"J.\u00a0Nielsen, Usability engineering at a discount, in: Proc. of the 3rd Int. Conf. on Human\u2013Computer Interaction on Designing and Using Human\u2013Computer Interfaces and Knowledge Based Systems, 2nd edn, Elsevier, 1989, pp.\u00a0394\u2013401."},{"issue":"1","key":"ref053","first-page":"1","volume":"5","author":"Galletta D.F.","year":"2004","journal-title":"J. of the Assoc. for Info. Systems"},{"issue":"7","key":"ref054","first-page":"8","volume":"32","author":"Sevcik P.J.","year":"2002","journal-title":"Business Communications Review"},{"key":"ref055","doi-asserted-by":"publisher","DOI":"10.1080\/01449290410001669914"},{"key":"ref056","doi-asserted-by":"crossref","unstructured":"I.\u00a0Arapakis, X.\u00a0Bai and B.B.\u00a0Cambazoglu, Impact of response latency on user behavior in web search, in: Proc. of the 37th Annual ACM SIGIR Conference, 2014.","DOI":"10.1145\/2600428.2609627"},{"key":"ref057","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-012-9387-4"},{"key":"ref058","unstructured":"Flask, http:\/\/flask.pocoo.org\/."},{"key":"ref059","unstructured":"D.A.\u00a0Wheeler, Software configuration management (SCM) security, http:\/\/www.dwheeler.com\/essays\/scm-security.html."},{"key":"ref060","unstructured":"M.\u00a0Gerwitz, A Git horror story: Repository integrity with signed commits, http:\/\/mikegerwitz.com\/papers\/git-horror-story."},{"key":"ref061","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22312-0_25"},{"key":"ref062","unstructured":"Apso: Secrecy for version control systems, https:\/\/savannah.nongnu.org\/projects\/apso."},{"key":"ref063","doi-asserted-by":"crossref","unstructured":"J.\u00a0Pellegrini, Secrecy in concurrent version control systems, in: Presented at the Brazilian Symposium on Information and Computer Security (SBSeg 2006), 2006.","DOI":"10.5753\/sbseg.2006.20953"},{"key":"ref064","doi-asserted-by":"crossref","unstructured":"R.G.\u00a0Shirey, K.M.\u00a0Hopkinson, K.E.\u00a0Stewart, D.D.\u00a0Hodson and B.J.\u00a0Borghetti, Analysis of implementations to secure Git for use as an encrypted distributed version control system, in: 48th Hawaii Int. Conf. on Sys. Sci. (HICSS \u201915), 2015.","DOI":"10.1109\/HICSS.2015.625"},{"key":"ref065","unstructured":"SaaS, https:\/\/en.wikipedia.org\/wiki\/Software_as_a_service."},{"key":"ref066","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2010.07.006"},{"key":"ref067","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7956"},{"key":"ref068","unstructured":"Introducing Keybase chat, https:\/\/keybase.io\/blog\/keybase-chat."},{"key":"ref069","unstructured":"M.S.\u00a0Melara, A.\u00a0Blankstein, J.\u00a0Bonneau, E.W.\u00a0Felten and M.J.\u00a0Freedman, CONIKS: Bringing key transparency to end users, in: Usenix Security, 2015, pp.\u00a0383\u2013398."},{"key":"ref070","doi-asserted-by":"crossref","unstructured":"S.\u00a0Chiasson, A.\u00a0Forget, R.\u00a0Biddle and P.C.\u00a0van Oorschot, User interface design affects security: Patterns in click-based graphical passwords, International Journal of Information Security 8(6) (2009), 387.","DOI":"10.1007\/s10207-009-0080-7"},{"key":"ref071","unstructured":"Dark patterns, https:\/\/darkpatterns.org\/."},{"key":"ref072","doi-asserted-by":"publisher","DOI":"10.5120\/20831-3494"},{"key":"ref073","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242659"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191371","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-191371","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191371","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,11]],"date-time":"2025-03-11T08:32:30Z","timestamp":1741681950000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-191371"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,6]]},"references-count":73,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,6,19]]}},"alternative-id":["10.3233\/JCS-191371"],"URL":"https:\/\/doi.org\/10.3233\/jcs-191371","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"type":"print","value":"0926-227X"},{"type":"electronic","value":"1875-8924"}],"subject":[],"published":{"date-parts":[[2020,4,6]]}}}