Publications

Publications

Type of Publication: Article in Collected Edition

Scalable Trust Establishment with Software Reputation

Author(s):
Bugiel, Sven; Davi, Lucas; Schulz, Steffen
Title of Anthology:
Proc. of 6th ACM Workshop on Scalable Trusted Computing (STC)
Publication Date:
2011
Digital Object Identifier (DOI):
doi:10.1145/2046582.2046587
Link to complete version:
https://dl.acm.org/authorize?N27443
Citation:
LABEL-FOR-eidrisexport

Abstract

Users and administrators are often faced with the choice between different software solutions, sometimes even have to assess the security of complete software systems. With sufficient time and resources, such decisions can be based on extensive testing and review. However, in practice this is often too expensive and time consuming.

In this paper, we present a pragmatic, but scalable approach for the trustworthiness assessment of software programs based on their security history. The approach can be used to, e.g. automatically sort programs in an App store by their security record or to assess the trustworthiness of complex software systems in remote attestation schemes. Our prototype implementation for the popular Debian GNU/Linux system achieves good prediction accuracy for individual programs as well as entire systems.