In this paper we consider the problem of enforcing dependencies during software distribution process. We consider a model in which multiple independent vendors encrypt their software and distribute it by means of untrusted mirror repositories. The decryption of each package is executed on the user side and it is possible if and only if the target device satisfies the dependency requirements posed by the vendor. Once a package is decrypted, the protocol non-interactively updates the key material on the target device so that the decryption of future packages requiring the newly installed package can be executed. We further present a variant of the protocol in which also the vendordefined installation policy can be partially hidden from unauthorized users.
Guaranteeing dependency enforcement in software updates
CATUOGNO, Luigi;Galdi, Clemente;PERSIANO, Giuseppe
2015-01-01
Abstract
In this paper we consider the problem of enforcing dependencies during software distribution process. We consider a model in which multiple independent vendors encrypt their software and distribute it by means of untrusted mirror repositories. The decryption of each package is executed on the user side and it is possible if and only if the target device satisfies the dependency requirements posed by the vendor. Once a package is decrypted, the protocol non-interactively updates the key material on the target device so that the decryption of future packages requiring the newly installed package can be executed. We further present a variant of the protocol in which also the vendordefined installation policy can be partially hidden from unauthorized users.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
