Abstract:Dependency confusion attacks exploit a structural gap in software distribution: once a package is installed, there is no cryptographic proof of which registry distributed it. Every existing defense is configuration-based and fails silently when misconfigured. We present a cryptographic distribution provenance system comprising three components: (1) cryptographic registry identity, where every registry holds an Ed25519 keypair and signs every artifact it distributes; (2) a dual-signature model, where the publisher signs at packaging time and the registry countersigns at publication time; and (3) authoritative namespace binding, where consumers pin registry fingerprints and the resolver cryptographically rejects artifacts from unauthorized registries. These create three defense layers requiring simultaneous compromise for a successful attack. A comparison across eight ecosystems (npm, Cargo, this http URL, PyPI, Go modules, Docker/OCI, NuGet, Maven) shows no existing ecosystem combines mandatory publisher signing, cryptographic registry identity, mandatory registry countersigning, and consumer-side cryptographic enforcement. The system extends to AI-generation provenance as a signed attribute and governance-enforced dependency resolution. A case study integrates distribution provenance with a three-layer runtime governance architecture, creating a four-phase lifecycle chain with no cryptographic gaps.
| Comments: | 15 pages, 1 figure, 4 tables. Companion proofs: this https URL. Project: this https URL. Updated license |
| Subjects: | Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Software Engineering (cs.SE) |
| ACM classes: | D.2.4; D.3.1; F.3.1; I.2.0 |
| Cite as: | arXiv:2605.03309 [cs.CR] |
| (or arXiv:2605.03309v2 [cs.CR] for this version) | |
| https://doi.org/10.48550/arXiv.2605.03309 arXiv-issued DOI via DataCite |
From: Alan McCann [view email]
[v1]
Tue, 5 May 2026 02:56:31 UTC (25 KB)
[v2]
Tue, 26 May 2026 12:39:40 UTC (25 KB)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。