Trust and tamper-proof software delivery

Software engineering today relies to a large extent on acquiring and composing software components and other software-related artifacts from different producers, either at design or at run time. For any user of such artifacts, both as developer and as end-user, the question arises how to ensure that these artifacts are not malicious. Complete inspection of acquired code is, if not impossible, at least impractical and uneconomical for commercial software. The user thus has to trust the code, or rather its supplier and the delivery channel. This paper examines different trust models in the software supply chain and their rationales.Any trust-based supply chain also requires as prerequisite a tamper-proof distribution channel. Such channels can theoretically be realized using digital signature technology, but some practical and theoretical challenges remain. The paper outlines the challenges and shortcomings of current commercial approaches, proposes some solutions, and suggests areas for further research.