GOSH secures the delivery of critical software


GOSH secures source code and critical CI/CD processes, from source code to Docker images. BitRezus presents satellite applications for the space industry.

Kyiv, Ukraine, June 20, 2022 /PRNewswire/ — At this year’s VivaTech conference in Paris, BitRezus presents a use case developed in partnership with GOSH to perform self-healing procedures in satellite software delivery. The presentation includes a demonstration of a secure software update for a constellation of 2000 satellites. The update is performed and executed in milliseconds. Using Docker Containers and GOSH Docker Desktop Extension, developers and stakeholders not only sign containers, but sign and verify all developer operations and stakeholder voting.

GOSH co-founder Mitja Goroshevsky explains that “it’s about how we secure the supply chain in the satellite industry. We feature immutable triggers and actions on GOSH that enable at software level and, in this case, provide operational instructions to the satellites”. These immutable triggers and actions work through protected GOSH branches – a special git branch that requires consensus from repository stakeholders. Whenever a decision needs to be made, a vote of DAO repository token holders is automatically triggered. Voters use the GOSH Docker extension to verify that the container was built from the correct GOSH repositories. In this case, Docker containers are built directly from the protected GOSH branch and all actions are populated in immutable artifacts in the GOSH blockchain.

The constellation of satellites coordinates the change on Astropledge works by a Pull Request triggering a chain vote between all stakeholders of the repository. Once a consensus is reached, the commit is pushed onto the chain and an event is logged in a special smart contract on the GOSH blockchain. This triggers an immutable action that signals the operator to change the position of the satellite and provides cryptographic proof that all checks have been passed and consensus has been reached.

“When dealing with 2000 immutable artifacts, we need to make sure nothing fails in an automated process,” said BitRezus CEO Dr.Konstantinos Antonakopoulos, “this self-healing procedure works by triggering a complex software upgrade of the entire satellite fleet.” A special script runs on the operator’s server and is configured to listen for all pushes into the protected branch that trigger a Docker container build and its validity check. The container contains the satellite operator environment with accepted parameters ready to run. If the container code verification does not pass the cryptographic proofs, the deliver operation fails. This provides self-healing capabilities to Satellites core systems by preventing hackers from downloading and executing malicious source codes or binaries. All instructions must go through the consensus vote of stakeholders and be recorded in the ledger before the main satellite unit accepts, installs and deploys it.

GOSH secures the supply chain from the start by empowering key stakeholders to make decisions across the chain. This automates the uploading of satellite information to their repositories through the use of GOSH blockchain smart contracts, thereby securing the source code and the entire critical CI/CD process, and closing many gaps in current software delivery. .

These new GOSH features are currently used as a custom satellite control layer for BitRezus. GOSH Protected Branches and Immutable Triggers and Actions will be available to the general public later this year.

About GOSH
GOSH stands for Git Open Source Hodler. It is a decentralized community-based Git blockchain, specifically designed to secure the software supply chain and enable developers to build consensus around their code. GOSH is the first and only formally verified Git implementation. Built as an advanced scalable multi-threaded, multi-partition blockchain, it allows developers to build a layer of structural security smart contracts, making it the first platform where the more code you write, the more secure it becomes. It was founded on May 10, 2022.

About BitRezus
BitRezus PC is a space startup established in Greeceincubated at BIC ESA Greeceproviding tailor-made turnkey blockchain and AI solutions for the space industry.
Astroledge is a project that reduces the risk of cyberattacks against space assets, using a combination of blockchain technology, smart contracts and later embedded H/W to create an additional level of security. Astropledge offers strong security and governance model for satellite/ground infrastructure and is satellite type/manufacturer independent.






Comments are closed.