Abstract
During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. On the security side however, most environments seem to focus on the authentication part, neglecting other critical aspects such as the integrity of the source code and the compiled binaries. To ensure the soundness of a software project, its source code must be secured from malicious modifications. Yet, no method can accurately verify that the integrity of the project’s source code has not been breached. This paper presents P2ISE, a novel integrity preserving tool that provides strong security assertions for developers against attackers. At the heart of P2ISE lies the TPM trusted computing technology which is leveraged to ensure integrity preservation. We have implemented the P2ISE and quantitatively assessed its performance and efficiency.
Reference53 articles.
1. DevOps: A Software Architect’s Perspective;Bass,2015
2. Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation;Humble,2010
3. Rapid Continuous Software Engineering
4. CURRENTS: A Quarterly Report on Developer Trends in the Cloud
https://assets.digitalocean.com/currents-report/DigitalOcean-Currents-Q1-2018.pdf
5. Trusted services for cyber manufacturing systems;André,2018
Cited by
12 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献