English
Related papers

Related papers: Attestable Builds: Compiling Verifiable Binaries o…

200 papers

Although it is possible to increase confidence in Free and Open Source Software (FOSS) by reviewing its source code, trusting code is not the same as trusting its executable counterparts. These are typically built and distributed by…

Software Engineering · Computer Science 2021-04-14 Chris Lamb , Stefano Zacchiroli

Build verifiability refers to the property that the build of a software system can be verified by independent third parties and it is crucial for the trustworthiness of a software system. Various efforts towards build verifiability have…

Software Engineering · Computer Science 2022-02-15 Jiawen Xiong , Yong Shi , Boyuan Chen , Filipe R. Cogo , Zhen Ming , Jiang

Enterprise software supply chains are increasingly vulnerable to infrastructure attacks, resulting in financial and reputational damage. Ensuring the integrity and provenance of software artifacts remains a significant challenge, where…

Cryptography and Security · Computer Science 2026-05-21 Fernando Castillo , Eduardo Brito , Pille Pullonen-Raudvere , Sebastian Werner , Stefan Tai

Attestation means providing evidence that a remote target system is worthy of trust for some sensitive interaction. Although attestation is already used in network access control, security management, and trusted execution environments, it…

Cryptography and Security · Computer Science 2026-03-09 Will Thomas , Logan Schmalz , Adam Petz , Perry Alexander , Joshua D. Guttman , Paul D. Rowe , James Carter

Supply chain attacks have emerged as a prominent cybersecurity threat in recent years. Reproducible and bootstrappable builds have the potential to reduce such attacks significantly. In combination with independent, exhaustive and periodic…

Cryptography and Security · Computer Science 2025-05-29 Joshua Drexel , Esther Hänggi , Iyán Méndez Veiga

Kettle is an attested build system that produces cryptographically verifiable provenance for software built inside Trusted Execution Environments (TEEs). A Kettle build records the source commit, dependency set, toolchain, build…

Cryptography and Security · Computer Science 2026-05-12 Amean Asad , André Arko

Reproducible builds are a set of software development practices that establish an independently verifiable path from source code to binary artifacts, helping to detect and mitigate certain classes of supply chain attacks. Although quantum…

Quantum Physics · Physics 2025-10-03 Iyán Méndez Veiga , Esther Hänggi

Modern Large Language Model (LLM) systems are assembled from third-party artifacts such as pre-trained weights, fine-tuning adapters, datasets, dependency packages, and container images, fetched through automated pipelines. This speed comes…

Cryptography and Security · Computer Science 2026-04-01 Zhuoran Tan , Jeremy Singer , Christos Anagnostopoulos

Process attestation systems verify that a continuous physical process, such as human authorship, actually occurred, rather than merely checking system state. These systems face a fundamental dependability challenge: the evidence collection…

Cryptography and Security · Computer Science 2026-05-26 David Condrey

Verification of microkernels, device drivers, and crypto routines requires analyses at the binary level. In order to automate these analyses, in the last years several binary analysis platforms have been introduced. These platforms share a…

Programming Languages · Computer Science 2019-01-23 Andreas Lindner , Roberto Guanciale , Roberto Metere

Reliable and fast builds are essential for rapid turnaround during development and testing. Popular existing build systems rely on correct manual specification of build dependencies, which can lead to invalid build outputs and…

Software Engineering · Computer Science 2012-03-14 Derrick Coetzee , Anand Bhaskar , George Necula

In response to challenges in software supply chain security, several organisations have created infrastructures to independently build commodity open source projects and release the resulting binaries. Build platform variability can…

Cryptography and Security · Computer Science 2025-04-10 Jens Dietrich , Tim White , Behnaz Hassanshahi , Paddy Krishnan

With the rapidly evolving next-generation systems-of-systems, we face new security, resilience, and operational assurance challenges. In the face of the increasing attack landscape, it is necessary to cater to efficient mechanisms to verify…

Cryptography and Security · Computer Science 2021-07-13 Heini Bergsson Debes , Thanassis Giannetsos , Ioannis Krontiris

Verifying that a compiled binary originates from its claimed source code is a fundamental security requirement, called source code provenance. Achieving verifiable source code provenance in practice remains challenging. The most popular…

Software Engineering · Computer Science 2026-02-13 Javier Ron , Martin Monperrus

Benchmarks are important measures to evaluate safety and compliance of AI models at scale. However, they typically do not offer verifiable results and lack confidentiality for model IP and benchmark datasets. We propose Attestable Audits,…

Artificial Intelligence · Computer Science 2025-07-01 Christoph Schnabl , Daniel Hugenroth , Bill Marino , Alastair R. Beresford

Many types of formal verification establish properties about abstract high-level program representations, leaving a large gap to programs at runtime. Although gaps can sometimes be narrowed by techniques such as refinement, a verified…

Logic in Computer Science · Computer Science 2025-03-19 Karl Palmskog , Andreas Lindner , Scott Constable , Roberto Guanciale , Hamed Nemati

This paper presents composable attestation as a generalized cryptographic framework for Continuous and Incremental Trust in Distributed Systems,such as Artificial Intelligence (AI) computation, and Open Source Software (OSS) supply chain…

Cryptography and Security · Computer Science 2026-03-04 Sheng Sun , Sarah Evans

We present a framework for verifying the deterministic structured computations surrounding a large language model rather than the model itself, extending a Lean 4 trust-boundary architecture to the generic interfaces of modern LLM…

Logic in Computer Science · Computer Science 2026-05-19 George Koomullil

Large language models are often adapted through parameter efficient fine tuning, but current release practices provide weak assurances about what data were used and how updates were computed. We present Verifiable Fine Tuning, a protocol…

Cryptography and Security · Computer Science 2025-12-30 Hasan Akgul , Daniel Borg , Arta Berisha , Amina Rahimova , Andrej Novak , Mila Petrov

Software ecosystems like Maven Central play a crucial role in modern software supply chains by providing repositories for libraries and build plugins. However, the separation between binaries and their corresponding source code in Maven…

Cryptography and Security · Computer Science 2025-09-11 Behnaz Hassanshahi , Trong Nhan Mai , Benjamin Selwyn Smith , Nicholas Allen
‹ Prev 1 2 3 10 Next ›