William
David Boulton

Securing the Software Supply Chain With Trusted Build Systems STEM

Abstract profile. Full document pending author claim.

Authors:

William David Boulton

Date Created:

Not specified

Course Title:
Professor:

Not specified

About Paper:

The software supply chain is an increasingly complex network of tools and operations used to create software, but inadequate security in the build pipeline leaves it vulnerable to compromise. Prior efforts, like in- toto, provide a framework for securely tracking build metadata, while other projects, like rebuilderd, attempt to validate the software bill of materials (SBOM) by reconstructing build artifacts to detect tampering. This work extends those initiatives by proposing a trusted build system (TBS) that uses trusted execution environments (TEEs) to ensure the validity of a build. TBS implements a protected build environment using Arm TrustZone to introspect the reconstruction process. Such introspection is carried out by tracing the execution of the build process through system-call instrumentation and stack introspection. After an artifact is successfully recreated, the TEE can endorse the result and provide confidence to users that the software was not tampered with. TBS is part of the larger open-source project SBOMctl, which aims to implement secure-by-design software supply chain infrastructure. Keywords: Trusted Execution Environments; Software Bill of Materials; Trustzone; Trusted Build System; Software Supply Chain

Source:

Purdue University / 2025

Topics:

No topics listed

Co-authors:

William David Boulton

0