Back to Search Start Over

P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements

Authors :
Antonio Muñoz
Jordy Ryan Casas Correia
Aristeidis Farao
Christos Xenakis
Source :
Information, Volume 12, Issue 9, Information, Vol 12, Iss 357, p 357 (2021), Multidisciplinary Digital Publishing Institute, ORCID
Publication Year :
2021
Publisher :
Zenodo, 2021.

Abstract

During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. On the security side however, most environments seem to focus on the authentication part, neglecting other critical aspects such as the integrity of the source code and the compiled binaries. To ensure the soundness of a software project, its source code must be secured from malicious modifications. Yet, no method can accurately verify that the integrity of the project’s source code has not been breached. This paper presents P2ISE, a novel integrity preserving tool that provides strong security assertions for developers against attackers. At the heart of P2ISE lies the TPM trusted computing technology which is leveraged to ensure integrity preservation. We have implemented the P2ISE and quantitatively assessed its performance and efficiency.

Details

Database :
OpenAIRE
Journal :
Information, Volume 12, Issue 9, Information, Vol 12, Iss 357, p 357 (2021), Multidisciplinary Digital Publishing Institute, ORCID
Accession number :
edsair.doi.dedup.....654eadc26680913d5f6ee816af7612c7