Software is now a critical part of our national security infrastructure. Compromises in critical software systems can put lives in jeopardy. With the inclusion of foreign software into critical software systems the ability to detect, locate, and expose malicious or unauthorized source code is a significant concern. This proposal presents the use of a multi-level certifying tool-chain as an approach that greatly improves the ability to authenticate code pedigree and reliably identify code integrity, thereby providing an enabling technology to detect tampering and ultimately provide software protection and security. Such a scheme provides a means to protect software in source, relocatable-binary, library, shared-object, and executable binary forms and therein we can provide a reasonable level of end-user software security. A top-to-bottom discussion is presented that describes a typical distributed software development process with such modifications. The discussion also takes into account problems related to trust `flow-down' that may be encountered with authenticating and certifying software modules developed overseas. Since a comprehensive authentication scheme that is difficult to use will likely not be used, the proposed approach also focuses on techniques that can be made relatively easy to use at each level. We also describe how code pedigree is tracked.
Keywords: Software Module Trust Management, Software Module Re-Use, Certified Code, Certified Software Development Tools, Code Integrity, Tamperproofing, Software Pedigree, Software Sec
