KIT | KIT-Bibliothek | Impressum | Datenschutz

Decentralized Review and Attestation of Software Attribute Claims

Stengele, Oliver ORCID iD icon 1; Westermeyer, Christina 1; Hartenstein, Hannes 1
1 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)

Abstract (englisch):

Software can be described, like human users and other objects, through attributes. For this work, we define software attributes as humanly verifiable, falsifiable, or judgeable statements regarding characteristics of said software. Much like attributes in general, software attributes require robust identities for their source but also for their target, meaning a software in general or a binary in particular. As software can be of critical importance, performing an independent review of attribute claims appears beneficial. We posit that decentralized platforms that were developed and refined over the past decade can bridge the gap between existing tools and methods for software review and their open, transparent, and accountable use for the benefit of users. In this work, we explore the feasibility and implications of decentralizing an independent review of software attribute claims. We envision the decentralization of a review process from initialization and execution to the persistent recording of results. We sketch the available design space by decomposing the overall process into a modular design and describe how each component covers overarching objectives. ... mehr

Verlagsausgabe §
DOI: 10.5445/IR/1000148056
Veröffentlicht am 27.06.2022
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Zeitschriftenaufsatz
Publikationsjahr 2022
Sprache Englisch
Identifikator ISSN: 2169-3536
KITopen-ID: 1000148056
HGF-Programm 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Weitere HGF-Programme 46.23.03 (POF IV, LK 01) Engineering Security for Mobility Systems
Erschienen in IEEE Access
Verlag Institute of Electrical and Electronics Engineers (IEEE)
Band 10
Seiten 66694 - 66710
Bemerkung zur Veröffentlichung Gefördert durch den KIT-Publikationsfonds
Vorab online veröffentlicht am 21.06.2022
Schlagwörter Decentralized systems, software attributes, software certification, software identity management, software review, software transparency
Nachgewiesen in Scopus
Web of Science
Relationen in KITopen
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page