Modern software platforms and operating systems use code signing to build trust in their ecosystem. The compiled code of each 3rd-party software module is cryptographically signed with a private key issued by a trusted party, the certificate authority. This creates a digital signature that is attached to the software binary. Only the module developer has access to the private key and so only the developer can create the signature. When the software platform loads the signed module, it validates the signature using the associated public key. This confirms the identity of the module’s developer and that the module hasn’t been altered since the developer signed it.
PACE’s platform supports this standard code signing deployment, but can go further by allowing modules to defend themselves against reverse engineering or by building a web of trust which allows validation to be performed by the 3rd-party modules as well as the host platform.
Code signing protects your ecosystem and the users of your ecosystem.
It protects by ensuring only trusted software modules (applications or plug-ins) can execute within the ecosystem. Any untrusted module will be detected, allowing you to take mitigating steps. This prevents modules created or manipulated by threat actors from concealing malicious activities, like stealing personal data, from entering the ecosystem. It also allows you to manage who is creating modules for your ecosystem, allowing you to control the quality of modules available to your end users—higher-quality 3rd-party modules increase the overall reputation of your ecosystem.
It’s worth noting that code signing on its own does not defend against reverse engineering of your platform or the 3rd-party modules. Additional tooling, such as PACE’s Fusion and White-Box Works, is required for that.
The private keys used for signing are never exposed outside of iLok USBs: an advanced active security device. Developers can use their own iLok USB with iLok-generated private keys and a corresponding PACE-issued certificate for signing, or they can use PACE's Cloud Signing Service to sign. In either case, an iLok USB securely stores the key that generates the signature.
Going beyond digital signature verification is PACE’s Web of Trust.
Like standard signatures, the Web of Trust allows software publishers to verify that their code and the code of participating 3rd-party publishers is valid and unmodified. Further, it provides a mechanism for each module to validate the signatures of all other modules loaded into the ecosystem. Thus creating a network, or “web”, where signature checks are distributed throughout the ecosystem. Compromising the ecosystem would require compromising every single module within it—totally impractical, as each module comes from a different source.
Take, for example, a software platform that supports a plug-in architecture. The platform publisher can work with PACE and their 3rd-party plug-in developers to establish policies for validating each other’s digital signatures. In the simplest case, every participant must have a valid digital signature, or else the platform and plug-ins refuse to run—the entire system locks the user out. Of course, softer approaches are also possible, e.g., the system warns the user about the untrusted module.
Typically, when we talk about software ecosystems, we refer to a platform provided by one developer that 3rd parties can hook into. But not all ecosystems follow that model. In many industries (e.g. video production), multiple developers provide tools that are used in a chain, with high-value content passed through the chain.
In this model, one insecure tool in the chain has the potential to leak the high-value content.
PACE’s Web of Trust is uniquely positioned to allow all the tools in the chain to validate each other, keeping content safe by stopping it from being passed to an insecure tool.
PACE’s Code Signing Platform gives you the tools to secure your ecosystem keeping it and your users safe from malicious 3rd-party modules.
