{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T13:47:47Z","timestamp":1770299267923,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,8]],"date-time":"2022-11-08T00:00:00Z","timestamp":1667865600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,11]]},"DOI":"10.1145\/3560835.3564549","type":"proceedings-article","created":{"date-parts":[[2022,11,9]],"date-time":"2022-11-09T02:38:26Z","timestamp":1667961506000},"page":"3-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Policy Transparency"],"prefix":"10.1145","author":[{"given":"Andrew","family":"Ferraiuolo","sequence":"first","affiliation":[{"name":"Google, London, United Kingdom"}]},{"given":"Razieh","family":"Behjati","sequence":"additional","affiliation":[{"name":"Google, London, United Kingdom"}]},{"given":"Tiziano","family":"Santoro","sequence":"additional","affiliation":[{"name":"Google, London, United Kingdom"}]},{"given":"Ben","family":"Laurie","sequence":"additional","affiliation":[{"name":"Google, London, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2022,11,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"REFERENCES [1] [n.d.]. . https:\/\/developers.cloudflare.com\/time-services\/roughtime"},{"key":"e_1_3_2_1_2_1","unstructured":"2018. Trillian: General Transparency. https:\/\/github.com\/google\/trillian."},{"key":"e_1_3_2_1_3_1","volume-title":"Retrieved","year":"2022","unstructured":"2022. AWS Key Management Service. Retrieved July 21, 2022 from https:\/\/docs. aws.amazon.com\/kms\/latest\/developerguide\/overview.html"},{"key":"e_1_3_2_1_4_1","volume-title":"Retrieved","year":"2022","unstructured":"2022. Google Cloud Key Management. Retrieved July 21, 2022 from https: \/\/cloud.google.com\/security-key-management"},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Rekor: Software Supply Chain Transparency Log. https:\/\/github.com\/ sigstore\/rekor"},{"key":"e_1_3_2_1_6_1","volume-title":"Retrieved","year":"2022","unstructured":"2022. Software bill of materials. Retrieved July 21, 2022 from https:\/\/www.ntia. gov\/SBOM"},{"key":"e_1_3_2_1_7_1","volume-title":"Retrieved","year":"2022","unstructured":"2022. Souffle: Logic Defined Static Analysis. Retrieved July 21, 2022 from https: \/\/souffle-lang.github.io\/"},{"key":"e_1_3_2_1_8_1","unstructured":"A. Cutter A. Eijdenberg B. Laurie. 2015. Verifiable Data Structures. https: \/\/continusec.com\/static\/VerifiableDataStructures.pdf."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/155183.155225"},{"key":"e_1_3_2_1_10_1","unstructured":"Mart\u00edn Abadi and Boon Thau Loo. 2007. Towards a Declarative Language and System for Secure Networking.. In NetDB."},{"key":"e_1_3_2_1_11_1","volume-title":"Contour: A Practical System for Binary Transparency. In Data Privacy Management, Cryptocurrencies and Blockchain Technology.","author":"Al-Bassam Mustafa","year":"2018","unstructured":"Mustafa Al-Bassam and Sarah Meiklejohn. 2018. Contour: A Practical System for Binary Transparency. In Data Privacy Management, Cryptocurrencies and Blockchain Technology."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/319709.319718"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.32"},{"key":"e_1_3_2_1_14_1","volume-title":"Sequences Ii","author":"Bayer Dave","unstructured":"Dave Bayer, Stuart Haber, and W Scott Stornetta. 1993. Improving the efficiency and reliability of digital time-stamping. In Sequences Ii. Springer."},{"key":"e_1_3_2_1_15_1","volume-title":"CSF'07: Proc. In 20th IEEE Computer Security Foundations Symposium.","author":"Becker M","unstructured":"M Becker, C Fournet, and A Gordon. [n.d.]. Design and Semantics of a Decentralized Authorization Language, CSF'07: Proc. In 20th IEEE Computer Security Foundations Symposium."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.14"},{"key":"e_1_3_2_1_17_1","unstructured":"Moritz Y Becker Alexander Malkis Laurent Bussard et al. 2010. S4P: A generic language for specifying privacy preferences and policies. Microsoft Research 167 (2010)."},{"key":"e_1_3_2_1_18_1","unstructured":"Lorenz Breidenbach Christian Cachin Benedict Chan Alex Coventry Steve Ellis Ari Juels Farinaz Koushanfar Andrew Miller Brendan Magauran Daniel Moroz et al. 2021. Chainlink 2.0: Next steps in the evolution of decentralized oracle networks. Chainlink Labs (2021)."},{"key":"e_1_3_2_1_19_1","volume-title":"Chainlink off-chain reporting protocol. URl: https:\/\/blog. chain. link\/off-chain-reporting-live-on-mainnet","author":"Breidenbach Lorenz","year":"2021","unstructured":"Lorenz Breidenbach, Christian Cachin, Alex Coventry, Ari Juels, and Andrew Miller. 2021. Chainlink off-chain reporting protocol. URl: https:\/\/blog. chain. link\/off-chain-reporting-live-on-mainnet (2021)."},{"key":"e_1_3_2_1_20_1","volume-title":"The laws of identity. Microsoft Corp 12","author":"Cameron Kim","year":"2005","unstructured":"Kim Cameron. 2005. The laws of identity. Microsoft Corp 12 (2005)."},{"key":"e_1_3_2_1_21_1","volume-title":"Retrieved","author":"Software Supply","year":"2022","unstructured":"Supply chain Levels for Software Artifacts (SLSA). 2022. Safeguarding artifact integrity across any software supply chain. Retrieved July 21, 2022 from https: \/\/slsa.dev\/"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004365"},{"key":"e_1_3_2_1_23_1","volume-title":"Retrieved","year":"2022","unstructured":"Ethereum. 2022. Oracles. Retrieved July 21, 2022 from https:\/\/ethereum.org\/en\/ developers\/docs\/oracles\/"},{"key":"e_1_3_2_1_24_1","volume-title":"Retrieved","author":"Foundation The Linux","year":"2022","unstructured":"The Linux Foundation. 2022. A new standard for signing, verifying and protecting software. Retrieved July 21, 2022 from https:\/\/www.sigstore.dev\/"},{"key":"e_1_3_2_1_25_1","volume-title":"Boon Thau Loo, Wenchao Zhou, et al.","author":"Green Todd J","year":"2013","unstructured":"Todd J Green, Shan Shan Huang, Boon Thau Loo, Wenchao Zhou, et al. 2013. Datalog and recursive query processing. Foundations and Trends\u00ae in Databases (2013)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3384943.3409428"},{"key":"e_1_3_2_1_27_1","volume-title":"Retrieved","author":"The Linux Foundation Authors","year":"2022","unstructured":"in-toto Authors and The Linux Foundation. 2022. A framework to secure the integrity of software supply chains. Retrieved July 21, 2022 from https:\/\/in-toto.io\/"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","unstructured":"Piergiorgio Ladisa Henrik Plate Matias Martinez and Olivier Barais. 2022. Taxonomy of Attacks on Open-Source Software Supply Chains. https: \/\/doi.org\/10.48550\/ARXIV.2204.04008","DOI":"10.48550\/ARXIV.2204.04008"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03748-1_8"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. https:\/\/doi.org\/10.17487\/RFC6962","DOI":"10.17487\/RFC6962"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","unstructured":"Ralph C. Merkle. 1980. Protocols for Public Key Cryptosystems. https:\/\/doi.org\/ 10.1109\/SP.1980.10006","DOI":"10.1109\/SP.1980.10006"},{"key":"e_1_3_2_1_32_1","volume-title":"A decentralized model for information flow control. ACM SIGOPS Operating Systems Review","author":"Myers Andrew C","year":"1997","unstructured":"Andrew C Myers and Barbara Liskov. 1997. A decentralized model for information flow control. ACM SIGOPS Operating Systems Review (1997)."},{"key":"e_1_3_2_1_33_1","volume-title":"A peer-to-peer electronic cash system. Bitcoin.--URL: https:\/\/bitcoin. org\/bitcoin. pdf","author":"Nakamoto Satoshi","year":"2008","unstructured":"Satoshi Nakamoto and A Bitcoin. 2008. A peer-to-peer electronic cash system. Bitcoin.--URL: https:\/\/bitcoin. org\/bitcoin. pdf (2008)."},{"key":"e_1_3_2_1_34_1","unstructured":"Fred Schneider. 2019. . https:\/\/www.cs.cornell.edu\/courses\/cs5430\/2019sp\/paper. chptr01.pdf"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1118613"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043580"},{"key":"e_1_3_2_1_37_1","volume-title":"Authentication in the Taos operating system. ACM Transactions on Computer Systems (TOCS)","author":"Wobber Edward","year":"1994","unstructured":"Edward Wobber, Martin Abadi, Michael Burrows, and Butler Lampson. 1994. Authentication in the Taos operating system. ACM Transactions on Computer Systems (TOCS) (1994)."},{"key":"e_1_3_2_1_38_1","unstructured":"Evan D Wolff KM Growley MG Gruden et al. 2021. Navigating the SolarWinds Supply Chain Attack. The Procurement Lawyer 56 2 (2021)"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564549","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3560835.3564549","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:09Z","timestamp":1750182549000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564549"}},"subtitle":["Authorization Logic Meets General Transparency to Prove Software Supply Chain Integrity"],"short-title":[],"issued":{"date-parts":[[2022,11,8]]},"references-count":38,"alternative-id":["10.1145\/3560835.3564549","10.1145\/3560835"],"URL":"https:\/\/doi.org\/10.1145\/3560835.3564549","relation":{},"subject":[],"published":{"date-parts":[[2022,11,8]]},"assertion":[{"value":"2022-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}