Software and firmware verification by distributed ledger and intrusion detection systems

摘要

A software ecosystem includes a software supply chain in which each of the participants in the software supply chain produce software components using reproducible builds. By using deterministic compilation practices, each of the software components produced by a respective participant should be identical. The software ecosystem also includes a set of tamper proof distributed ledgers. Hashes of the software components are generated and securely recorded in the set of distributed ledgers. The software ecosystem also includes an intrusion detection system configured to compare hashes of the software components to determine when one or more of the software components has been generated in a corrupt manner. The secure software ecosystem includes a full-platform approach to integrity which incorporates designing against attacks, rather than patching after them, which creates a paradigm in which computing platforms can be trusted because they have been designed to operate in an untrustworthy environment.