Type of Publication: Article in Collected Edition
Scalable Trust Establishment with Software Reputation
- Bugiel, Sven; Davi, Lucas; Schulz, Steffen
- Title of Anthology:
- Proc. of 6th ACM Workshop on Scalable Trusted Computing (STC)
- Publication Date:
- Digital Object Identifier (DOI):
- Link to complete version:
Users and administrators are often faced with the choice between different software solutions, sometimes even have to assess the security of complete software systems. With sufficient time and resources, such decisions can be based on extensive testing and review. However, in practice this is often too expensive and time consuming.
In this paper, we present a pragmatic, but scalable approach for the trustworthiness assessment of software programs based on their security history. The approach can be used to, e.g. automatically sort programs in an App store by their security record or to assess the trustworthiness of complex software systems in remote attestation schemes. Our prototype implementation for the popular Debian GNU/Linux system achieves good prediction accuracy for individual programs as well as entire systems.