Package management systems play an essential role in pursuing systems dependability by ensuring that software is correctly installed and kept up-to-date according to vendor-defined installation policies. Circumventing such policies could make the system unhealthy and insecure and can constitute a serious security threat. In many application scenarios, e.g., distribution of commercial software, the confidentiality of the software must be guaranteed against non-authorized players. In some cases, the installation policy itself is considered a sensitive information, e.g., when it reveals required hardware in military contexts. In this paper we address the problem of strongly enforcing software dependencies in package management systems, to prevent that a malicious user forces the system to install any package despite its requirements are not completely fulfilled. The enforcement is strong in the sense that the encrypted software package cannot be even decrypted if the dependencies are not satisfied. Once a new package is decrypted and installed, our protocol non-interactively updates the key material on the target device. This key update will allow the decryption of further packages that depend on the newly installed one. We further present “policy-hiding” variants of our protocol. Finally we provide an experimental evaluation of the system performance.

中文翻译：

---

包管理系统中的安全依赖执行

软件包管理系统通过确保正确安装软件并根据供应商定义的安装策略保持最新，在追求系统可靠性方面发挥着重要作用。规避此类策略可能会使系统不健康和不安全，并可能构成严重的安全威胁。在许多应用场景中，例如商业软件的分发，必须保证软件的机密性，防止非授权玩家。在某些情况下，安装策略本身被视为敏感信息，例如，当它揭示军事环境中所需的硬件时。在本文中，我们解决了在包管理系统中强执行软件依赖关系的问题，防止恶意用户强迫系统安装任何包，尽管其要求未完全满足。从某种意义上说，如果不满足依赖关系，加密的软件包甚至无法解密，则强制执行是强的。一旦解密并安装了新软件包，我们的协议就会以非交互方式更新目标设备上的密钥材料。此密钥更新将允许解密依赖于新安装的更多软件包。我们进一步介绍了我们协议的“策略隐藏”变体。最后，我们提供了系统性能的实验评估。我们的协议以非交互方式更新目标设备上的密钥材料。此密钥更新将允许解密依赖于新安装的更多软件包。我们进一步介绍了我们协议的“策略隐藏”变体。最后，我们提供了系统性能的实验评估。我们的协议以非交互方式更新目标设备上的密钥材料。此密钥更新将允许解密依赖于新安装的更多软件包。我们进一步介绍了我们协议的“策略隐藏”变体。最后，我们提供了系统性能的实验评估。