Content area
Abstract
There are unique challenges in extending the use of state-of-the-art software update best practices to a wider range of systems. These software update systems have boundaries on efficiency, security, and flexibility that do not work in all cases. While existing systems can scale to software repositories with tens of thousands of packages, some repositories have millions of packages. In addition, there may be multiple software repositories, or other software supply chain security technologies that they need to interact with. In all of these cases, existing solutions cannot be applied to these systems, leaving them vulnerable to known attacks including repository compromise, dependency confusion, rollback attacks, and more. This work presents new techniques for secure software updates that extends the supported usage of secure software update systems.
