Contour: A Practical System for Binary Transparency
This work addresses the need for accountability in software distribution, particularly for security-critical applications, by offering a deployable solution for binary transparency, though it is incremental in applying existing transparency concepts to a new domain.
The authors tackled the problem of ensuring transparency in software distribution by introducing Contour, a system for binary transparency that provides proactive security against attacks, and demonstrated its practicality through benchmarks and a test deployment for Debian, showing it meets efficiency and coordination requirements for immediate deployment.
Transparency is crucial in security-critical applications that rely on authoritative information, as it provides a robust mechanism for holding these authorities accountable for their actions. A number of solutions have emerged in recent years that provide transparency in the setting of certificate issuance, and Bitcoin provides an example of how to enforce transparency in a financial setting. In this work we shift to a new setting, the distribution of software package binaries, and present a system for so-called "binary transparency." Our solution, Contour, uses proactive methods for providing transparency, privacy, and availability, even in the face of persistent man-in-the-middle attacks. We also demonstrate, via benchmarks and a test deployment for the Debian software repository, that Contour is the only system for binary transparency that satisfies the efficiency and coordination requirements that would make it possible to deploy today.