in-toto: Providing farm-to-table guarantees for bits and bytes
Source: USENIX Security Authors: Santiago Torres-Arias, Hammad Afzali, Trishank Karthik Kuppusamy, Reza Curtmola, Justin Cappos Date: 2019
Core idea
Software supply chains become auditable when each step emits signed provenance metadata that can be verified against a declared layout of steps, actors, and thresholds.
Key claims
- Artifact lineage should be verified step by step rather than trusted in bulk.
- Thresholded attestations are useful for high-trust workflows.
- Provenance should attach to the produced artifact, not disappear into operations folklore.
Harness takeaway
Artifacts, approvals, and promotions in a multiplayer harness should carry signed provenance bundles. That turns trust into inspectable evidence of who did what under which workflow constraints.