Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Techniques for trusted software engineering
Proceedings of the 20th international conference on Software engineering
Communications of the ACM
How to Time-Stamp a Digital Document
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
A reputation-based trust model for peer-to-peer ecommerce communities [Extended Abstract]
Proceedings of the 4th ACM conference on Electronic commerce
Modern Cryptography: Theory and Practice
Modern Cryptography: Theory and Practice
Poisoning the Software Supply Chain
IEEE Security and Privacy
Practical Cryptography
Toward a Generic Model of Trust for Electronic Commerce
International Journal of Electronic Commerce
SoftwarePot: an encapsulated transferable file system for secure software circulation
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Introduction to software engineering for secure systems: SESS06 -- secure by design
Proceedings of the 2006 international workshop on Software engineering for secure systems
Data usage control in the future internet cloud
The future internet
Hi-index | 0.00 |
Software engineering today relies to a large extent on acquiring and composing software components and other software-related artifacts from different producers, either at design or at run time. For any user of such artifacts, both as developer and as end-user, the question arises how to ensure that these artifacts are not malicious. Complete inspection of acquired code is, if not impossible, at least impractical and uneconomical for commercial software. The user thus has to trust the code, or rather its supplier and the delivery channel. This paper examines different trust models in the software supply chain and their rationales.Any trust-based supply chain also requires as prerequisite a tamper-proof distribution channel. Such channels can theoretically be realized using digital signature technology, but some practical and theoretical challenges remain. The paper outlines the challenges and shortcomings of current commercial approaches, proposes some solutions, and suggests areas for further research.