Browse Prior Art Database

METHOD TO ENABLE SOFTWARE TRANSPARENCY ON COMPILED IMAGES

IP.com Disclosure Number: IPCOM000244467D
Publication Date: 2015-Dec-14

Publishing Venue

The IP.com Prior Art Database

Related People

Chris Olson: AUTHOR [+2]

Abstract

Mechanisms and systems are provided to document, archive and establish integrity of a software build process so that the recipient of a final product can trace a product's provenance back to the original source in a trusted manner. The trust mechanisms focus on two primary actions of a build process (compilation and linking) thus reducing the domain (tools and processes) for which trust must be established. The actions are performed in an automated fashion which makes the process replicable and less prone to human error, and therefore more trustworthy.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 14% of the total text.

Page 01 of 12

METHOD TO ENABLE SOFTWARE TRANSPARENCY ON COMPILED IMAGES

AUTHORS: Chris Olson Chirag Shroff

CISCO SYSTEMS, INC.

ABSTRACT

    Mechanisms and systems are provided to document, archive and establish integrity of a software build process so that the recipient of a final product can trace a product's provenance back to the original source in a trusted manner. The trust mechanisms focus on two primary actions of a build process (compilation and linking) thus reducing the domain (tools and processes) for which trust must be established. The actions are performed in an automated fashion which makes the process replicable and less prone to human error, and therefore more trustworthy.

DETAILED DESCRIPTION

    An increased concern regarding network security has prompted companies to request greater transparency with regard to software that companies have installed on their routers, switches and other network appliances. Image signing and cryptographic hashing allow network administrators to know that the image that they download and boot on a given appliance are unmodified forms of the images network administrators receive from the vendor. However, image signing and cryptographic hashing is not sufficient anymore and a higher level of transparency is required. In particular, visibility into the source code that produced the image is desired so that the process that turns the source code into the final executable image can be trusted.

    The mechanisms and systems described herein address the problem of trusting an image generation process by establishing an automated method for enabling a chain of trust from the source code to the final image that is downloaded. A concern of a customer may be that the software vendor implemented back doors in the software image or allows someone other than the customer to eavesdrop on or disable the network

Copyright 2015 Cisco Systems, Inc.

1


Page 02 of 12

appliance running the software image. With open source software, the customer has complete visibility into the source code and can build all the software images. While examining a large code base for vulnerabilities is not a trivial process, with open source software, the means for complete trust in the final product is in the customer's hands. With proprietary software, generally all the customer obtains is the final binary image. Since it is much more difficult to perform a security investigation on a binary image, customers have been asking vendors to provide them access to the software source code for inspection. While this access goes a long way in building customer trust, a critical gap exists between inspecting the source code and ensuring that the inspected source code produces the image that the customer ultimately uses.

    While perfect trust is difficult to establish, a high level of trust is still an acceptable outcome. However, building customer trust in the process presents a couple of issues.

    First, it may be difficult to determine what source files w...