Policy Transparency: Authorization Logic Meets General Transparency to Prove Software Supply Chain Integrity
Abstract
Building reliable software is challenging because today’s software supply chains are built
and secured from tools and individuals from a broad range of organizations
with complex trust relationships.
In this setting, tracking the origin of each piece of software and understanding the security
and privacy implications of using it is essential. In this work we aim to secure software
supply chains by using verifiable policies in which the origin of information and the
trust assumptions are first-order concerns and abusive evidence is discoverable.
To do so, we propose Policy Transparency, a new paradigm in which
policies are based on authorization logic and all claims issued in this policy
language are made transparent by inclusion in a transparency log. Achieving this
goal in a real-world setting is non-trivial and to do so we propose a novel
software architecture called PolyLog. We find that this combination
of authorization logic and transparency logs is mutually beneficial --
transparency logs allow authorization logic claims to be widely available aiding
in discovery of abuse, and making claims interpretable
with policies allows misbehavior captured in the transparency logs to be
handled proactively.
and secured from tools and individuals from a broad range of organizations
with complex trust relationships.
In this setting, tracking the origin of each piece of software and understanding the security
and privacy implications of using it is essential. In this work we aim to secure software
supply chains by using verifiable policies in which the origin of information and the
trust assumptions are first-order concerns and abusive evidence is discoverable.
To do so, we propose Policy Transparency, a new paradigm in which
policies are based on authorization logic and all claims issued in this policy
language are made transparent by inclusion in a transparency log. Achieving this
goal in a real-world setting is non-trivial and to do so we propose a novel
software architecture called PolyLog. We find that this combination
of authorization logic and transparency logs is mutually beneficial --
transparency logs allow authorization logic claims to be widely available aiding
in discovery of abuse, and making claims interpretable
with policies allows misbehavior captured in the transparency logs to be
handled proactively.