Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Boender, Jaap; Primiero, Giuseppe; Raimondi, Franco (2015)
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Languages: English
Types: Unknown
We consider security threats in software installation processes, posed by transitively trusted dependencies between packages from distinct repositories. To analyse them, we present SecureNDC, a Coq implemented calculus using an explicit trust function to bridge repository access and software package installation rights. Thereby, we resolve a version of the minimum install problem under trust conditions on repositories
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [AGA13] Nasir Ali, Yann-Gae¨l Gue´he´neuc, and Giuliano Antoniol.
    • Trustrace: Mining software repositories to improve the accuracy of requirement traceability links. IEEE Trans. Software Eng., 39(5):725-741, 2013.
    • Fig. 3. The Algorithm TrMinInst [BDS11] tSrvuesnt eBsutagbielils,hLmuecnats wViitnhcesnocfotwDaraevir,eapnudtaStitoenff.enInScPhruolcze.eSdcinaglasbolef the Sixth ACM Workshop on Scalable Trusted Computing, STC '11, pages 15-24, New York, NY, USA, 2011. ACM.
    • [BPR15] J. Boender, G. Primiero, and F. Raimondi. SecureNDC - Coq implementation of the SecureND calculus, April 2015. https:
    • Given multiple configurations of dependency satisfaction un- [BS04] Moritz Y. Becker and Peter Sewell. Cassandra: Flexible trust der which a package fb could be installed, the user is now CmoamnapguetmereSnet,cuarpiptyliFedoutnodaetlieocntrsoWniocrkhsehaoltph, preacgoersd1s3.9I-n15I4n. IIEEEEEE in a position to score all possible valid installation profiles al- Computer Society Press, 2004.
    • lowing (NDUCProof (Pa::Pb::nil) nd_write fb) [CCX09] Stephen Clarke, Bruce Christianson, and Hannan Xiao. Trust*: according to the output of TrMinInst, i.e. in view of the CUhsirnisgtialoncsaoln,gJuaamraensteAes. Mtoaelcxotelmnd, VthaeshreekacMhaotfyatsru,satn.dInMiBcrhuaceel number of required trusted import relations to be eliminated. Roe, editors, Security Protocols Workshop, volume 7028 of Hence, the installation path requiring the minimal number of Lecture Notes in Computer Science, pages 171-178. Springer, 2009.
    • such transitive trust operations is chosen, minimizing the risks [CF58] H. B. Curry and R. Feys. Combinatory Logic, Volume I. Northfor security and stability. Holland, 1958. Second printing 1968.
    • [CH88] Thierry Coquand and Gerard Huet. The calculus of constructions. Information and Computation, 76(2-3):95-120, 1988.
    • [CH96] Bruce Christianson and William S. Harbison. Why isn't trust transitive? In T. Mark A. Lomas, editor, Security Protocols Workshop, volume 1189 of Lecture Notes in Computer Science, pages 171-176. Springer, 1996.
    • [CNS03] M. Carbone, M. Nielsen, and V. Sassone. A formal model for trust in dynamic networks. In A. Cerone and P. Lindsay, editors, Int. Conference on Software Engineering and Formal Methods, SEFM 2003., pages 54-61. IEEE Computer Society, 2003. A preliminary version appears as Technical Report BRICS RS-03- 4, Aarhus University.
    • [CSW08] Peter C. Chapin, Christian Skalka, and Xiaoyang Sean Wang. Authorization in trust management: Features and foundations. ACM Comput. Surv., 40(3), 2008.
    • [CVW+11] J. Chang, K. Venkatasubramanian, A. West, S. Kannan, B. Loo, O. Sokolsky, and I. & Lee. As-trust: A trust quantification scheme for autonomous systems in bgp. In Trust and Trustworthy Computing: 4th International Conference, TRUST 2011, volume 6740 of Lecture Notes in Computer Science, pages 262-276.
    • Springer Berlin / Heidelberg, 2011.
    • [DGS11] Thomas DuBois, Jennifer Golbeck, and Aravind Srinivasan. Predicting trust and distrust in social networks. In PASSAT/SocialCom 2011, Privacy, Security, Risk and Trust (PASSAT), 2011 IEEE Third International Conference on and 2011 IEEE Third International Conference on Social Computing (SocialCom), Boston, MA, USA, 9-11 Oct., 2011, pages 418-424. IEEE, 2011.
    • [DYT+14] Tianli Dang, Zheng Yan, Fei Tong, Weidong Zhang, and Peng Zhang. Implementation of a trust-behavior based reputation system for mobile applications. In Leonard Barolli, Fatos Xhafa, Xiaofeng Chen, and Makoto Ikeda, editors, Ninth International Conference on Broadband and Wireless Computing, Communication and Applications, BWCCA 2014, Guangdong, China, November 8-10, 2014, pages 221-228. IEEE, 2014.
    • [GH06] Jennifer Golbeck and James A. Hendler. Inferring binary trust relationships in web-based social networks. ACM Trans. Internet Techn., 6(4):497-529, 2006.
    • [GKRT04] R. Guha, Ravi Kumar, Prabhakar Raghavan, and Andrew Tomkins. Propagation of trust and distrust. In Proceedings of the 13th International Conference on World Wide Web, WWW '04, pages 403-412, New York, NY, USA, 2004. ACM.
    • [GM82] Joseph A. Goguen and Jose´ Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, pages 11-20, 1982.
    • [GS00] T. Grandison and M. Sloman. A survey of trust in internet applications. Communications Surveys Tutorials, IEEE, 3(4):2- 16, Fourth 2000.
    • [HBPB09] Omar Hasan, Lionel Brunie, Jean-Marc Pierson, and Elisa Bertino. Elimination of subjectivity from trust recommendation. In Elena Ferrari, Ninghui Li, Elisa Bertino, and Yu¨cel Karabulut, editors, Trust Management III, Third IFIP WG 11.11 International Conference, IFIPTM 2009 , West Lafayette, IN, USA, June 15-19, 2009. Proceedings, volume 300 of IFIP Advances in Information and Communication Technology, pages 65-80.
    • Springer, 2009.
    • [Her03] Peter Herrmann. Trust-based protection of software component users and designers. In Paddy Nixon and Sotirios Terzis, editors, Trust Management, First International Conference, iTrust 2003, Heraklion, Crete, Greece, May 28-30, 2002, Proceedings, volume 2692 of Lecture Notes in Computer Science, pages 75-90.
    • Springer, 2003.
    • [How80] W. Howard. The formulae-as-types notion of construction. In J. Seldin and J. Hindley, editors, To H. B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism, pages 479-490. Academic Press, 1980.
    • [JAM12] Audun Jøsang, Tanja Azderska, and Stephen Marsh. Trust transitivity and conditional belief reasoning. In Theo Dimitrakos, Rajat Moona, Dhiren Patel, and D. Harrison McKnight, editors, Trust Management VI - 6th IFIP WG 11.11 International Conference, IFIPTM 2012, Surat, India, May 21-25, 2012. Proceedings, volume 374 of IFIP Advances in Information and Communication Technology, pages 68-83. Springer, 2012.
    • [JMP06] Audun Jøsang, Stephen Marsh, and Simon Pope. Exploring different types of trust propagation. In Ketil Stølen, William H. Winsborough, Fabio Martinelli, and Fabio Massacci, editors, Trust Management, 4th International Conference, iTrust 2006, Pisa, Italy, May 16-19, 2006, Proceedings, volume 3986 of Lecture Notes in Computer Science, pages 179-192. Springer, 2006.
    • [JP05] Audun Jøsang and Simon Pope. Semantic constraints for trust transitivity. In Sven Hartmann and Markus Stumptner, editors, APCCM, volume 43 of CRPIT, pages 59-68. Australian Computer Society, 2005.
    • [KG10] Ugur Kuter and Jennifer Golbeck. Using probabilistic confidence models for trust inference in web-based social networks. ACM Trans. Internet Technol., 10(2):8:1-8:23, June 2010.
    • [LM03] Ninghui Li and John C. Mitchell. Datalog with constraints: A foundation for trust management languages. In Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, PADL '03, pages 58-73, London, UK, UK, 2003. Springer-Verlag.
    • [MBC+06] Fabio Mancinelli, Jaap Boender, Roberto Di Cosmo, Jerome Vouillon, Berke Durak, Xavier Leroy, and Ralf Treinen. Managing the complexity of large free and open source packagebased software distributions. In 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006), 18-22 September 2006, Tokyo, Japan, pages 199-208. IEEE Computer Society, 2006.
    • [MD05] Stephen Marsh and MarkR. Dibben. Trust, untrust, distrust and mistrust an exploration of the dark(er) side. In Peter Herrmann, Valrie Issarny, and Simon Shiu, editors, Trust Management, volume 3477 of Lecture Notes in Computer Science, pages 17- 33. Springer Berlin Heidelberg, 2005.
    • [ML84] P. Martin-Lo¨f. Intuitionistic Type Theory, volume 1 of Studies in Proof Theory: Lecture Notes. Bibliopolis, Napoli, 1984.
    • [NBL10] Qun Ni, Elisa Bertino, and Jorge Lobo. Risk-based access control systems built on fuzzy inferences. In Dengguo Feng, David A. Basin, and Peng Liu, editors, Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, Beijing, China, April 13-16, 2010, pages 250-260. ACM, 2010.
    • [PR14] Giuseppe Primiero and Franco Raimondi. A typed natural deduction calculus to reason about secure trust. In Ali Miri, Urs Hengartner, Nen-Fu Huang, Audun Jøsang, and Joaqu´ın Garc´ıaAlfaro, editors, 2014 Twelfth Annual International Conference on Privacy, Security and Trust, Toronto, ON, Canada, July 23- 24, 2014, pages 379-382. IEEE, 2014.
    • [SSDC07] Stefan Schmidt, Robert Steele, Tharam S. Dillon, and Elizabeth Chang. Fuzzy trust evaluation and credibility development in multi-agent systems. Appl. Soft Comput., 7(2):492-505, 2007.
    • [TKH08] Mozhgan Tavakolifard, Svein J. Knapskog, and Peter Herrmann. Trust transferability among similar contexts. In Albert Y. Zomaya and Matteo Cesana, editors, Q2SWinet'08 - Proceedings of the 4th ACM Workshop on Q2S and Security for Wireless and Mobile Networks, Vancouver, British Columbia, Canada, October 27-28, 2008, pages 91-97. ACM, 2008.
    • [TSJL07] C. Tucker, D. Shuffelton, R. Jhala, and S. Lerner. Opium: Optimal package install/uninstall manager. In Software Engineering, 2007. ICSE 2007. 29th International Conference on, pages 178- 188, 2007.
    • [YP11] Zheng Yan and Christian Prehofer. Autonomic trust management for a component-based software system. IEEE Trans. Dependable Sec. Comput., 8(6):810-823, 2011.
    • [Zel13] Andreas Zeller. Can we trust software repositories? In Jrgen Mnch and Klaus Schmid, editors, Perspectives on the Future of Software Engineering, pages 209-215. Springer Berlin Heidelberg, 2013.
    • [ZL05] Cai-Nicolas Ziegler and Georg Lausen. Propagation models for trust and distrust in social networks. Information Systems Frontiers, 7(4-5):337-358, December 2005.
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article