SCC Overview: Difference between revisions
No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
__TOC__ | __TOC__ | ||
The acronym 'SCC' is not related to the [http://en.wikipedia.org/wiki/Sirius_Cybernetics_Corporation#Sirius_Cybernetics_Corporation Sirius Cybernetics Corporation] | The acronym ''SCC'' is not related to the [http://en.wikipedia.org/wiki/Sirius_Cybernetics_Corporation#Sirius_Cybernetics_Corporation Sirius Cybernetics Corporation] | ||
or any of their 'superficial design flaws' :) | or any of their ''superficial design flaws'' :) | ||
== Overview == | == Overview == | ||
Revision as of 11:58, 12 September 2013
Source Certification Contract (SCC)
Question:
Are You Who You Say You Are?
Answer:
Trust the Source, User
The acronym SCC is not related to the Sirius Cybernetics Corporation or any of their superficial design flaws :)
Overview
SCC aims to allow verification of a binary object's identity.
SCC verifies a binary object's source code signatures, which uniquely identifies the binaries sources.
Design
Use source and binary signature tags stored in accessible source code repository (SCR).
The source tag is provided at build time.
The binary tags are generated for each build and target and retroactively added to the SCR.
The binary contains both, source and binary tags, i.e. it claims a source code identification while providing it's binary identification.
SCC then validates whether both exist and are equal as stored on the SCR.
Revocation
Revocation of single binary signatures are possible by simply removing a binary signature from the SCR.