---
_id: '19'
abstract:
- lang: eng
  text: "Version Control Systems (VCS) are a valuable tool for software development\r\nand
    document management. Both client/server and distributed (Peer-to-Peer)\r\nmodels
    exist, with the latter (e.g., Git and Mercurial) becoming\r\nincreasingly popular.
    Their distributed nature introduces complications,\r\nespecially concerning security:
    it is hard to control the dissemination of\r\ncontents stored in distributed VCS
    as they rely on replication of complete\r\nrepositories to any involved user.\r\n\r\nWe
    overcome this issue by designing and implementing a concept for\r\ncryptography-enforced
    access control which is transparent to the user. Use\r\nof field-tested schemes
    (end-to-end encryption, digital signatures) allows\r\nfor strong security, while
    adoption of convergent encryption and\r\ncontent-defined chunking retains storage
    efficiency. The concept is\r\nseamlessly integrated into Mercurial---respecting
    its distributed storage\r\nconcept---to ensure practical usability and compatibility
    to existing\r\ndeployments."
author:
- first_name: Michael
  full_name: Lass, Michael
  id: '24135'
  last_name: Lass
  orcid: 0000-0002-5708-7632
- first_name: Dominik
  full_name: Leibenger, Dominik
  last_name: Leibenger
- first_name: Christoph
  full_name: Sorge, Christoph
  last_name: Sorge
citation:
  ama: 'Lass M, Leibenger D, Sorge C. Confidentiality and Authenticity for Distributed
    Version Control Systems - A Mercurial Extension. In: <i>Proc. 41st Conference
    on Local Computer Networks (LCN)</i>. IEEE; 2016. doi:<a href="https://doi.org/10.1109/lcn.2016.11">10.1109/lcn.2016.11</a>'
  apa: Lass, M., Leibenger, D., &#38; Sorge, C. (2016). Confidentiality and Authenticity
    for Distributed Version Control Systems - A Mercurial Extension. In <i>Proc. 41st
    Conference on Local Computer Networks (LCN)</i>. IEEE. <a href="https://doi.org/10.1109/lcn.2016.11">https://doi.org/10.1109/lcn.2016.11</a>
  bibtex: '@inproceedings{Lass_Leibenger_Sorge_2016, title={Confidentiality and Authenticity
    for Distributed Version Control Systems - A Mercurial Extension}, DOI={<a href="https://doi.org/10.1109/lcn.2016.11">10.1109/lcn.2016.11</a>},
    booktitle={Proc. 41st Conference on Local Computer Networks (LCN)}, publisher={IEEE},
    author={Lass, Michael and Leibenger, Dominik and Sorge, Christoph}, year={2016}
    }'
  chicago: Lass, Michael, Dominik Leibenger, and Christoph Sorge. “Confidentiality
    and Authenticity for Distributed Version Control Systems - A Mercurial Extension.”
    In <i>Proc. 41st Conference on Local Computer Networks (LCN)</i>. IEEE, 2016.
    <a href="https://doi.org/10.1109/lcn.2016.11">https://doi.org/10.1109/lcn.2016.11</a>.
  ieee: M. Lass, D. Leibenger, and C. Sorge, “Confidentiality and Authenticity for
    Distributed Version Control Systems - A Mercurial Extension,” in <i>Proc. 41st
    Conference on Local Computer Networks (LCN)</i>, 2016.
  mla: Lass, Michael, et al. “Confidentiality and Authenticity for Distributed Version
    Control Systems - A Mercurial Extension.” <i>Proc. 41st Conference on Local Computer
    Networks (LCN)</i>, IEEE, 2016, doi:<a href="https://doi.org/10.1109/lcn.2016.11">10.1109/lcn.2016.11</a>.
  short: 'M. Lass, D. Leibenger, C. Sorge, in: Proc. 41st Conference on Local Computer
    Networks (LCN), IEEE, 2016.'
date_created: 2017-07-25T14:36:16Z
date_updated: 2022-01-06T06:53:56Z
department:
- _id: '27'
- _id: '518'
doi: 10.1109/lcn.2016.11
keyword:
- access control
- distributed version control systems
- mercurial
- peer-to-peer
- convergent encryption
- confidentiality
- authenticity
language:
- iso: eng
publication: Proc. 41st Conference on Local Computer Networks (LCN)
publication_identifier:
  isbn:
  - 978-1-5090-2054-6
publication_status: published
publisher: IEEE
status: public
title: Confidentiality and Authenticity for Distributed Version Control Systems -
  A Mercurial Extension
type: conference
user_id: '24135'
year: '2016'
...
---
_id: '20719'
author:
- first_name: Philipp
  full_name: Holzinger, Philipp
  last_name: Holzinger
- first_name: Stefan
  full_name: Triller, Stefan
  last_name: Triller
- first_name: Alexandre
  full_name: Bartel, Alexandre
  last_name: Bartel
- first_name: Eric
  full_name: Bodden, Eric
  id: '59256'
  last_name: Bodden
  orcid: 0000-0003-3470-3647
citation:
  ama: 'Holzinger P, Triller S, Bartel A, Bodden E. An In-Depth Study of More Than
    Ten Years of Java Exploitation. In: <i>Proceedings of the 2016 ACM SIGSAC Conference
    on Computer and Communications Security</i>. CCS ’16. ; 2016:779-790. doi:<a href="http://doi.acm.org/10.1145/2976749.2978361">http://doi.acm.org/10.1145/2976749.2978361</a>'
  apa: Holzinger, P., Triller, S., Bartel, A., &#38; Bodden, E. (2016). An In-Depth
    Study of More Than Ten Years of Java Exploitation. <i>Proceedings of the 2016
    ACM SIGSAC Conference on Computer and Communications Security</i>, 779–790. <a
    href="http://doi.acm.org/10.1145/2976749.2978361">http://doi.acm.org/10.1145/2976749.2978361</a>
  bibtex: '@inproceedings{Holzinger_Triller_Bartel_Bodden_2016, series={CCS ’16},
    title={An In-Depth Study of More Than Ten Years of Java Exploitation}, DOI={<a
    href="http://doi.acm.org/10.1145/2976749.2978361">http://doi.acm.org/10.1145/2976749.2978361</a>},
    booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications
    Security}, author={Holzinger, Philipp and Triller, Stefan and Bartel, Alexandre
    and Bodden, Eric}, year={2016}, pages={779–790}, collection={CCS ’16} }'
  chicago: Holzinger, Philipp, Stefan Triller, Alexandre Bartel, and Eric Bodden.
    “An In-Depth Study of More Than Ten Years of Java Exploitation.” In <i>Proceedings
    of the 2016 ACM SIGSAC Conference on Computer and Communications Security</i>,
    779–90. CCS ’16, 2016. <a href="http://doi.acm.org/10.1145/2976749.2978361">http://doi.acm.org/10.1145/2976749.2978361</a>.
  ieee: 'P. Holzinger, S. Triller, A. Bartel, and E. Bodden, “An In-Depth Study of
    More Than Ten Years of Java Exploitation,” in <i>Proceedings of the 2016 ACM SIGSAC
    Conference on Computer and Communications Security</i>, 2016, pp. 779–790, doi:
    <a href="http://doi.acm.org/10.1145/2976749.2978361">http://doi.acm.org/10.1145/2976749.2978361</a>.'
  mla: Holzinger, Philipp, et al. “An In-Depth Study of More Than Ten Years of Java
    Exploitation.” <i>Proceedings of the 2016 ACM SIGSAC Conference on Computer and
    Communications Security</i>, 2016, pp. 779–90, doi:<a href="http://doi.acm.org/10.1145/2976749.2978361">http://doi.acm.org/10.1145/2976749.2978361</a>.
  short: 'P. Holzinger, S. Triller, A. Bartel, E. Bodden, in: Proceedings of the 2016
    ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 779–790.'
date_created: 2020-12-14T11:58:33Z
date_updated: 2022-01-06T06:54:34Z
department:
- _id: '76'
doi: http://doi.acm.org/10.1145/2976749.2978361
keyword:
- ATTRACT
- access control
- exploits
- java security
- security analysis
- ITSECWEBSITE
language:
- iso: eng
page: 779-790
publication: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications
  Security
publication_identifier:
  isbn:
  - 978-1-4503-4139-4
series_title: CCS '16
status: public
title: An In-Depth Study of More Than Ten Years of Java Exploitation
type: conference
user_id: '5786'
year: '2016'
...