{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,20]],"date-time":"2025-09-20T20:40:12Z","timestamp":1758400812214,"version":"3.37.3"},"reference-count":35,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2020,3,1]],"date-time":"2020-03-01T00:00:00Z","timestamp":1583020800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,3,1]],"date-time":"2020-03-01T00:00:00Z","timestamp":1583020800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,3,1]],"date-time":"2020-03-01T00:00:00Z","timestamp":1583020800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Italian POR"},{"name":"Piattaforma di Mobilità Intelligente basata su sistema Multi-Agente"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2020,3,1]]},"DOI":"10.1109\/tdsc.2017.2777991","type":"journal-article","created":{"date-parts":[[2017,11,27]],"date-time":"2017-11-27T19:06:51Z","timestamp":1511809611000},"page":"377-390","source":"Crossref","is-referenced-by-count":8,"title":["Secure Dependency Enforcement in Package Management Systems"],"prefix":"10.1109","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6315-4221","authenticated-orcid":false,"given":"Luigi","family":"Catuogno","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2988-700X","authenticated-orcid":false,"given":"Clemente","family":"Galdi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6579-4807","authenticated-orcid":false,"given":"Giuseppe","family":"Persiano","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48071-4_12"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-34799-2_3"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1002\/ecjc.4430720906"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"year":"2012","key":"ref35","article-title":"Common criteria for information technology security evaluation part 1: Introduction and general model, version 3.1 rev 4"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.dam.2008.04.001"},{"year":"2005","key":"ref10","article-title":"Signing your applications"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_33"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/293347.293350"},{"key":"ref13","first-page":"79","article-title":"Nix: A safe and policy-free system for software deployment","volume":"4","author":"dolstra","year":"2004","journal-title":"Proc 18th USENIX Conf System Administration"},{"article-title":"Red Hat RPM Guide","year":"2003","author":"foster-johnson","key":"ref14"},{"key":"ref15","first-page":"155","article-title":"An analysis of RPM validation drift","volume":"2","author":"hart","year":"2002","journal-title":"Proc 18th USENIX Conf System Administration"},{"key":"ref16","first-page":"383","article-title":"The beauty and the beast: Vulnerabilities in Red Hat's packages","author":"neuhaus","year":"2009","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11203-9_5"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.11"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/11426639_27"},{"year":"2017","key":"ref28","article-title":"TEE System Architecture (version 1.1)"},{"key":"ref4","first-page":"7","article-title":"Package managers still vulnerable: How to protect your systems","volume":"34","author":"samuel","year":"2009","journal-title":"LOGIN The USENIX Magazine"},{"first-page":"1967","article-title":"Unified extensible firmware interface specification","year":"2017","key":"ref27"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/NDSS.1995.390646"},{"key":"ref6","first-page":"7","article-title":"Secure software updates: Disappointments and new challenges","author":"bellissimo","year":"2006","journal-title":"Proc Usenix Workshop Hot Topics in Security"},{"key":"ref29","first-page":"27","article-title":"Generalized secret sharing and monotone functions","author":"benaloh","year":"1988","journal-title":"Proc Annu Int Cryptology Conf"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455841"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2012.10.003"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866315"},{"article-title":"A fault model for upgrades in distributed systems (cmu-pdl-08-115)","year":"2008","author":"dumitra?","key":"ref2"},{"year":"0","key":"ref9","article-title":"Introduction to code signing."},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26502-5_15"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315270"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70936-7_28"},{"key":"ref21","first-page":"20","author":"m\u00fcller","year":"2009","journal-title":"Distributed Attribute-Based Encryption"},{"year":"2011","key":"ref24","article-title":"Tee system architecture v1.0"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11212-1_5"},{"key":"ref26","first-page":"223","article-title":"Design and implementation of a TCG-based integrity measurement architecture","volume":"13","author":"sailer","year":"2004","journal-title":"Proc Usenix Security Symp"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/IMIS.2015.31"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/9034462\/08120104.pdf?arnumber=8120104","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T16:44:16Z","timestamp":1651077856000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8120104\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,1]]},"references-count":35,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2017.2777991","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"type":"print","value":"1545-5971"},{"type":"electronic","value":"1941-0018"},{"type":"electronic","value":"2160-9209"}],"subject":[],"published":{"date-parts":[[2020,3,1]]}}}