At this year’s VivaTech conference in Paris, BitRezus presents a use case developed in partnership with GOSH to achieve self-healing procedures in satellite software delivery. The presentation includes a demonstration of a secure software update to a constellation of 2000 satellites. The update is performed and executed in milliseconds. Using Docker Containers and GOSH Docker Desktop Extension, developers and stakeholders sign not only containers, but sign and verify all developer operations and stakeholder voting.
GOSH co-founder Mitja Goroshevsky explains that “this is about how we secure the supply chain in the satellite industry. We are presenting Immutable Triggers and Actions on GOSH which allows upgrades to software and, in this case, deliver operational instructions to satellites.” These Immutable Triggers and Actions work through GOSH Protected Branches — a special git branch which requires repository stakeholders’ consensus. Whenever any decision must be reached, a vote of DAO repository token holders is automatically triggered. Voters use the GOSH Docker Extension to verify the Container has been built from the correct GOSH repositories. Docker Containers in this case are built directly from the GOSH Protected Branch and all actions are populated into immutable artifacts in the GOSH blockchain.
The satellite constellation coordinates change on Astropledge works by a Pull Request triggering an on-chain vote between all the stakeholders of the repository. Once a consensus is reached, the commit is pushed on-chain and an event is registered in a special smart contract on the GOSH blockchain. This triggers an immutable action which signals to the operator to change the satellite position and provides cryptographic proof that all the checks have been passed and that consensus is reached.
“When we are dealing with 2000 immutable artifacts, we have to make sure that nothing fails in any automated process,” said BitRezus CEO, Dr.Konstantinos Antonakopoulos, “this self-healing procedure works by triggering a complex software upgrade to the entire satellite fleet.” A special script runs on the Operator Server and is set to listen to all pushes into the protected Branch that triggers a Docker Container build and verification of its validity. The container holds the Satellite Operator environment with accepted parameters ready to be executed. If the container code verification does not pass cryptographic proofs, the operation of Delivery fails. This provides self-healing capabilities to Satellites core systems by preventing hackers from uploading and executing malicious source or binary codes. All instructions must pass stakeholders voting consensus and be registered to the ledger before the satellites’ main unit will accept and install and deploy it.
GOSH secures the supply chain from the get-go by allowing for key stakeholder decision making on-chain. This automates the uploading of satellite information on their repositories through using GOSH blockchain smart contracts, thereby securing Source Code and the entire mission critical CI/CD process, and closing a lot of loopholes in current software delivery.
These new GOSH features are currently being used as a customized satellite control layer for BitRezus. GOSH Protected Branches and Immutable Triggers and Actions will be available to the general public later this year.
GOSH stands for Git Open Source Hodler. It is a decentralized community Git blockchain, purpose-built for securing the software supply chain, and allowing developers to build consensus around their code. GOSH is the first and only formally verified Git implementation. Built as an advanced scalable multithreaded and multi-sharded blockchain, it allows developers to build a layer of structural security smart contracts therefore making it the first platform where the more code you write the more secure it becomes. It was founded on May 10th, 2022.