In this paper we consider the problem of enforcing dependencies during software distribution process. We consider a model in which multiple independent vendors encrypt their software and distribute it by means of untrusted mirror repositories. The decryption of each package is executed on the user side and it is possible if and only if the target device satisfies the dependency requirements posed by the vendor. Once a package is decrypted, the protocol non-interactively updates the key material on the target device so that the decryption of future packages requiring the newly installed package can be executed. We further present a variant of the protocol in which also the vendordefined installation policy can be partially hidden from unauthorized users.
|Titolo:||Guaranteeing dependency enforcement in software updates|
|Data di pubblicazione:||2015|
|Appare nelle tipologie:||2.1 Contributo in volume|