Trust and tamper-proof software delivery

Proceedings - International Conference on Software Engineering

Volumn 2006-May, Issue , 2006, Pages 51-57

  Naedele, Martin ^a   Koch, Thomas E ^a  

^a ABB CORPORATE RESEARCH   (Switzerland)

Author keywords

Digital signature; Integrity; Security; Software development

Indexed keywords

AUTHENTICATION; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; SOFTWARE ENGINEERING; SUPPLY CHAINS;

COMMERCIAL SOFTWARE; DELIVERY CHANNELS; DIGITAL SIGNATURE TECHNOLOGIES; DISTRIBUTION CHANNEL; INTEGRITY; SECURITY; SOFTWARE COMPONENT; SOFTWARE SUPPLY CHAINS;

SOFTWARE DESIGN;

EID: 39749173464     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1137627.1137636     Document Type: Conference Paper

References (28)

1. Alliance for Telecommunications Industry Solutions (ATIS) Committee T1A1. ATIS Telecom Glossary 2000. http://www.atis.org/tg2k/.
2. E. Amoroso, T. Nguyen, J. Weiss, J. Watson, P. Lapiska, and T. Starr. Toward an approach to measuring software trust. In Proceedings., 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 198-218, May 1991.
3. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. Secure Internet Programming: Issues in Distributed and Mobile Object Systems, chapter The Role of Trust Management in Distributed Systems Security, pages 185-210. Lecture Notes in Computer Science State-of-the-Art series. Springer-Verlag, 1999.
4. K. Brown. Security briefs: Strong names and security in the .net framework. http://msdn.microsoft.com/library/default.asp? url=/library/en-us/dnnetsec/html/strongNames.asp, December 2003.
5. M. de Mare and L. DeCoursey. A survey of the timestamping problem. Technical Report SUNYIT 2004-1, SUNY Institute of Technology Department of Computer Science, 2004.
6. P. Devanbu, P. Fong, and S. Stubblebine. Techniques for trusted software engineering. In Proceedings of the 20th international conference on Software engineering, April 1998.
7. D. Dzung, M. Naedele, T. von Hoff, and M. Crevatin. Security for industrial communication systems. Proceedings of the IEEE, 93(6):1152-1177, June 2005.
8. M. Ene-Pietrosanu, K. Yiu, A. Crossman, A. Lewis, and D. Murton. Deploying authenticode with cryptographic hardware for secure software publishing. http://www.microsoft.com/technet/security/topics/cryptographyetc/authenticodets.mspx, June 2005.
9. N. Ferguson and B. Schneier. Practical Cryptography. John Wiley & Sons, 2003.
10. E. Fleischman. Code signing. The Internet Protocol Journal, 5(1):14-26, March 2002.
11. S. Haber and W. S. Stornetta. How to time-stamp a digital document. In Advances in Cryptology-CRYPTO 90 Proceedings, number 537 in Lecture Notes in Computer Science, pages 437-455. Springer, 1991.
12. IEC. Functional safety of electrical /electronic /programmable electronic safety-related systems, part 1-7. Standard IEC 61508, December 1998.
13. ISO/IEC. Evaluation Criteria for Information Technology Security, version 2.1. Standard ISO/IEC 15408, December 1999.
14. M. Just. Some timestamping protocol failures. In Proceedings of the Symposium on Network and Distributed Security (NDSS 98), March 1998.
15. K. Kato and Y. Oyama. Software Security Theories and Systems, volume 2609 of Lecture Notes in Computer Science, chapter SoftwarePot: An Encapsulated Transferable File System for Secure Software Circulation, pages 112-132. Springer-Verlag GmbH, January 2003.
16. E. Levy. Poisoning the software supply chain. EEE Security and Privacy, 1(3):70-73, May-June 2003.
17. W. Mao. Modern Cryptography. Prentice Hall, 2004.
18. H. Massias, X. Serret, and J. Quisquater. Timestamps: Main issues on their use and implementation, 1999.
19. U. Maurer. New approaches to digital evidence. Proceedings of the IEEE, 92(6):933-947, June 2004.
20. G. Necula. Proof-carrying code. In Proceedings 24th Annual ACM Symposium on the Principles of Programming languages (PLOP97), 1997.
21. P.C. van Oorschot. Revisiting software protection. In 6th International Information Security Conference, volume 2851 of Springer LNCS, pages 1-13, October 2003.
22. B. Schneier. Applied Cryptography. Wiley, 2nd edition, 1996.
23. J. S. Shapiro. Understanding the Windows EAL4 evaluation. EEE Computer, 36(2):102-105, 2003.
24. V. Skoularidou and D. Spinellis. Security architectures for network clients. Information Management and Computer Security, 11(2):8491, 2003.
25. Y. H. Tan and W. Thoen. Toward a generic model of trust for electronic commerce. International Journal of Electronic Commerce, 5(2):61-74, 2001.
26. K. Thompson. Reflections on trusting trust. Communication of the ACM, 27(8):761-763, August 1984.
27. U. G. Wilhelm, S. Staamann, and L. Buttyn. On the problem of trust in mobile agent systems. In Internet Society Symposium on Network and Distributed System Security 98, 1998.
28. L. Xiong and L. Liu. A reputation-based trust model for peer-to-peer ecommerce communities. In Proceedings ACM Conference on Electronic Commerce, 2003.