Back to Search
Start Over
P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements
- Source :
- Information, Volume 12, Issue 9, Information, Vol 12, Iss 357, p 357 (2021), Multidisciplinary Digital Publishing Institute, ORCID
- Publication Year :
- 2021
- Publisher :
- Zenodo, 2021.
-
Abstract
- During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. On the security side however, most environments seem to focus on the authentication part, neglecting other critical aspects such as the integrity of the source code and the compiled binaries. To ensure the soundness of a software project, its source code must be secured from malicious modifications. Yet, no method can accurately verify that the integrity of the project’s source code has not been breached. This paper presents P2ISE, a novel integrity preserving tool that provides strong security assertions for developers against attackers. At the heart of P2ISE lies the TPM trusted computing technology which is leveraged to ensure integrity preservation. We have implemented the P2ISE and quantitatively assessed its performance and efficiency.
- Subjects :
- Source code
Computer science
media_common.quotation_subject
trusted computing
02 engineering and technology
Information technology
Computer security
computer.software_genre
TPM
Software
0202 electrical engineering, electronic engineering, information engineering
media_common
Soundness
Focus (computing)
Authentication
business.industry
Software development
020207 software engineering
Trusted Computing
T58.5-58.64
Continuous integration
CI/CD pipeline
code integrity
020201 artificial intelligence & image processing
business
computer
Information Systems
Subjects
Details
- Database :
- OpenAIRE
- Journal :
- Information, Volume 12, Issue 9, Information, Vol 12, Iss 357, p 357 (2021), Multidisciplinary Digital Publishing Institute, ORCID
- Accession number :
- edsair.doi.dedup.....654eadc26680913d5f6ee816af7612c7