Saved in:
Bibliographic Details
Main Authors: Romansky, Brian, Mazzuchi, Thomas, Sarkani, Shahram
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2502.18092
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910843857272832
author Romansky, Brian
Mazzuchi, Thomas
Sarkani, Shahram
author_facet Romansky, Brian
Mazzuchi, Thomas
Sarkani, Shahram
contents The Update Framework or TUF was developed to address several known weaknesses that have been observed in software update distribution and validation systems. Unlike conventional secure software distribution methods where there may be a single digital signature applied to each update, TUF introduces four distinct roles each with one or more signing key, that must participate in the update process. This approach increases the total size of each update package and increases the number of signatures that each client system must validate. As system architects consider the transition to post-quantum algorithms, understanding the impact of new signature algorithms on a TUF deployment becomes a significant consideration. In this work we introduce a state machine model that accounts for the cumulative impact of of signature algorithm selection when used with TUF for software updates.
format Preprint
id arxiv_https___arxiv_org_abs_2502_18092
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle State Machine Model for The Update Framework (TUF)
Romansky, Brian
Mazzuchi, Thomas
Sarkani, Shahram
Software Engineering
Cryptography and Security
The Update Framework or TUF was developed to address several known weaknesses that have been observed in software update distribution and validation systems. Unlike conventional secure software distribution methods where there may be a single digital signature applied to each update, TUF introduces four distinct roles each with one or more signing key, that must participate in the update process. This approach increases the total size of each update package and increases the number of signatures that each client system must validate. As system architects consider the transition to post-quantum algorithms, understanding the impact of new signature algorithms on a TUF deployment becomes a significant consideration. In this work we introduce a state machine model that accounts for the cumulative impact of of signature algorithm selection when used with TUF for software updates.
title State Machine Model for The Update Framework (TUF)
topic Software Engineering
Cryptography and Security
url https://arxiv.org/abs/2502.18092