Quantitative Toolchain Assurance

Authors: Dennis Volpano, Drew Malzahn, Andrew Pareles, Mark Thober

arXiv: 2308.16275v1 - DOI (cs.SE)
7 pages, 3 figures
License: CC BY 4.0

Abstract: The software bill of materials (SBOM) concept aims to include more information about a software build such as copyrights, dependencies and security references. But SBOM lacks visibility into the process for building a package. Efforts such as Supply-chain Levels for Software Artifacts (SLSA) try to remedy this by focusing on the quality of the build process. But they lack quantitative assessment of that quality. They are purely qualitative. A new form of assurance case and new technique for structuring it, called process reduction, are presented. An assurance case for a toolchain is quantitative and when structured as a process reduction can measure the strength of the toolchain via the strength of the reduction. An example is given for a simple toolchain.

Submitted to arXiv on 30 Aug. 2023

Explore the paper tree

Click on the tree nodes to be redirected to a given paper and access their summaries and virtual assistant

Also access our AI generated Summaries, or ask questions about this paper to our AI assistant.

Look for similar papers (in beta version)

By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.