{"id":"https://openalex.org/W2769963789","doi":"https://doi.org/10.1109/tdsc.2017.2777991","title":"Secure Dependency Enforcement in Package Management Systems","display_name":"Secure Dependency Enforcement in Package Management Systems","publication_year":2017,"publication_date":"2017-11-27","ids":{"openalex":"https://openalex.org/W2769963789","doi":"https://doi.org/10.1109/tdsc.2017.2777991","mag":"2769963789"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2017.2777991","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2017.2777991","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053881300","display_name":"Luigi Catuogno","orcid":"https://orcid.org/0000-0002-6315-4221"},"institutions":[{"id":"https://openalex.org/I131729948","display_name":"University of Salerno","ror":"https://ror.org/0192m2k53","country_code":"IT","type":"education","lineage":["https://openalex.org/I131729948"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Luigi Catuogno","raw_affiliation_strings":["Universit\u00e0 degli Studi di Salerno, Fisciano, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 degli Studi di Salerno, Fisciano, Italy","institution_ids":["https://openalex.org/I131729948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026500214","display_name":"Clemente Galdi","orcid":"https://orcid.org/0000-0002-2988-700X"},"institutions":[{"id":"https://openalex.org/I71267560","display_name":"University of Naples Federico II","ror":"https://ror.org/05290cv24","country_code":"IT","type":"education","lineage":["https://openalex.org/I71267560"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Clemente Galdi","raw_affiliation_strings":["Universit\u00e0 degli Studi di Napoli \u201cFederico II\u201d, Napoli, Italy","Universit\u00e0 degli Studi di Napoli \"Federico II\", Napoli, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 degli Studi di Napoli \u201cFederico II\u201d, Napoli, Italy","institution_ids":["https://openalex.org/I71267560"]},{"raw_affiliation_string":"Universit\u00e0 degli Studi di Napoli \"Federico II\", Napoli, Italy","institution_ids":["https://openalex.org/I71267560"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050503720","display_name":"Giuseppe Persiano","orcid":"https://orcid.org/0000-0001-6579-4807"},"institutions":[{"id":"https://openalex.org/I131729948","display_name":"University of Salerno","ror":"https://ror.org/0192m2k53","country_code":"IT","type":"education","lineage":["https://openalex.org/I131729948"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Giuseppe Persiano","raw_affiliation_strings":["Universit\u00e0 di Salerno, Fisciano, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 di Salerno, Fisciano, Italy","institution_ids":["https://openalex.org/I131729948"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5053881300"],"corresponding_institution_ids":["https://openalex.org/I131729948"],"apc_list":null,"apc_paid":null,"fwci":0.2077,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.65768579,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"17","issue":"2","first_page":"377","last_page":"390"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7742643356323242},{"id":"https://openalex.org/keywords/vendor","display_name":"Vendor","score":0.6972472667694092},{"id":"https://openalex.org/keywords/dependability","display_name":"Dependability","score":0.6814508438110352},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6684346199035645},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5444475412368774},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.5344582796096802},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5239015817642212},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.48525428771972656},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.45225927233695984},{"id":"https://openalex.org/keywords/key-management","display_name":"Key management","score":0.42170485854148865},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.309256911277771},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.27656441926956177}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7742643356323242},{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.6972472667694092},{"id":"https://openalex.org/C77019957","wikidata":"https://www.wikidata.org/wiki/Q2689057","display_name":"Dependability","level":2,"score":0.6814508438110352},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6684346199035645},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5444475412368774},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.5344582796096802},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5239015817642212},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.48525428771972656},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.45225927233695984},{"id":"https://openalex.org/C17886624","wikidata":"https://www.wikidata.org/wiki/Q1320561","display_name":"Key management","level":3,"score":0.42170485854148865},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.309256911277771},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.27656441926956177},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tdsc.2017.2777991","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2017.2777991","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:ricerca.uniparthenope.it:11367/120585","is_oa":false,"landing_page_url":"http://ieeexplore.ieee.org/document/8120104/","pdf_url":null,"source":{"id":"https://openalex.org/S4377196432","display_name":"CINECA IRIS Institutial research information system (Parthenope University of Naples)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I183638586","host_organization_name":"Parthenope University of Naples","host_organization_lineage":["https://openalex.org/I183638586"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:ricerca.uniparthenope.it:11367/120589","is_oa":false,"landing_page_url":"https://hdl.handle.net/11367/120589","pdf_url":null,"source":{"id":"https://openalex.org/S4377196432","display_name":"CINECA IRIS Institutial research information system (Parthenope University of Naples)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I183638586","host_organization_name":"Parthenope University of Naples","host_organization_lineage":["https://openalex.org/I183638586"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6700000166893005}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W103044395","https://openalex.org/W134297691","https://openalex.org/W144981307","https://openalex.org/W223924547","https://openalex.org/W1498316612","https://openalex.org/W1504669610","https://openalex.org/W1505299987","https://openalex.org/W1532500809","https://openalex.org/W1582777245","https://openalex.org/W1658564704","https://openalex.org/W1763482972","https://openalex.org/W1995732515","https://openalex.org/W2052277587","https://openalex.org/W2073346043","https://openalex.org/W2076046175","https://openalex.org/W2097407854","https://openalex.org/W2099000090","https://openalex.org/W2101238246","https://openalex.org/W2108072891","https://openalex.org/W2114016378","https://openalex.org/W2120039195","https://openalex.org/W2122742966","https://openalex.org/W2141420453","https://openalex.org/W2145074871","https://openalex.org/W2148542607","https://openalex.org/W2189292051","https://openalex.org/W2337734285","https://openalex.org/W6605902667","https://openalex.org/W6629953387","https://openalex.org/W6630256684","https://openalex.org/W6674864358","https://openalex.org/W6678002638","https://openalex.org/W6678024836","https://openalex.org/W6686930470"],"related_works":["https://openalex.org/W2391717201","https://openalex.org/W2383950765","https://openalex.org/W2807659734","https://openalex.org/W3184904781","https://openalex.org/W2360134422","https://openalex.org/W2151467572","https://openalex.org/W3197761231","https://openalex.org/W1576928878","https://openalex.org/W2372286639","https://openalex.org/W4321488702"],"abstract_inverted_index":{"Package":[0],"management":[1,98],"systems":[2,9],"play":[3],"an":[4,189],"essential":[5],"role":[6],"in":[7,81,96,124],"pursuing":[8],"dependability":[10],"by":[11],"ensuring":[12],"that":[13,102,127,171],"software":[14,56,94,130],"is":[15,70,122,146],"correctly":[16],"installed":[17,176],"and":[18,34,36,148],"kept":[19],"up-to-date":[20],"according":[21],"to":[22,100,109],"vendor-defined":[23],"installation":[24,67],"policies.":[25],"Circumventing":[26],"such":[27],"policies":[28],"could":[29],"make":[30],"the":[31,52,55,66,89,107,125,128,137,154,158,166,174,193],"system":[32,108,194],"unhealthy":[33],"insecure":[35],"can":[37],"constitute":[38],"a":[39,72,103,143],"serious":[40],"security":[41],"threat.":[42],"In":[43,63,84],"many":[44],"application":[45],"scenarios,":[46],"e.g.,":[47,75],"distribution":[48],"of":[49,54,91,168,183,192],"commercial":[50],"software,":[51],"confidentiality":[53],"must":[57],"be":[58,133],"guaranteed":[59],"against":[60],"non-authorized":[61],"players.":[62],"some":[64],"cases,":[65],"policy":[68],"itself":[69],"considered":[71],"sensitive":[73],"information,":[74],"when":[76],"it":[77],"reveals":[78],"required":[79],"hardware":[80],"military":[82],"contexts.":[83],"this":[85],"paper":[86],"we":[87,187],"address":[88],"problem":[90],"strongly":[92],"enforcing":[93],"dependencies":[95,138],"package":[97,112,131,145],"systems,":[99],"prevent":[101],"malicious":[104],"user":[105],"forces":[106],"install":[110],"any":[111],"despite":[113],"its":[114],"requirements":[115],"are":[116,139],"not":[117,140],"completely":[118],"fulfilled.":[119],"The":[120],"enforcement":[121],"strong":[123],"sense":[126],"encrypted":[129],"cannot":[132],"even":[134],"decrypted":[135,147],"if":[136],"satisfied.":[141],"Once":[142],"new":[144],"installed,":[149],"our":[150,184],"protocol":[151],"non-interactively":[152],"updates":[153],"key":[155,162],"material":[156],"on":[157,173],"target":[159],"device.":[160],"This":[161],"update":[163],"will":[164],"allow":[165],"decryption":[167],"further":[169,179],"packages":[170],"depend":[172],"newly":[175],"one.":[177],"We":[178],"present":[180],"\u201cpolicy-hiding\u201d":[181],"variants":[182],"protocol.":[185],"Finally":[186],"provide":[188],"experimental":[190],"evaluation":[191],"performance.":[195]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}