Cargo Sherlock: An SMT-Based Checker for Software Trust Costs

Supply chain attacks threaten open-source software ecosystems. This paper proposes a formal framework for quantifying trust in third-party software dependencies that is both formally checkable - formalized in satisfiability modulo theories (SMT) - while at the same time incorporating human factors, like the number of downloads, authors, and other metadata that are commonly used to identify trustworthy software in practice. We use data from both software analysis tools and metadata to build a first-order relational model of software dependencies; to obtain an overall “trust cost” combining these factors, we propose a formalization based on the minimum trust problem which asks for the minimum cost of a set of assumptions which can be used to prove that the code is safe. We implement these ideas in Cargo Sherlock, targeted for Rust libraries (crates), incorporating a list of candidate assumptions motivated by quantifiable trust metrics identified in prior work. Our evaluation shows that Cargo Sherlock can be used to identify synthetically generated supply chain attacks and known incidents involving typosquatted and poorly AI-maintained crates, and that its performance scales to Rust crates with many dependencies.

💡 Research Summary

The paper addresses the growing threat of software supply‑chain attacks by proposing a formal, SMT‑based framework for quantifying trust in third‑party dependencies, specifically targeting the Rust ecosystem. The authors first construct a first‑order relational model of a crate’s dependency graph, enriching it with both static analysis results (e.g., RustSec advisories, Clippy warnings) and a variety of human‑centric metadata such as download counts, GitHub stars, author reputation, and audit records. These pieces of information are abstracted as “assumptions” – logical predicates that a user might accept as evidence of safety – each annotated with a numeric cost reflecting the degree of uncertainty or effort required to rely on that assumption.

The core technical contribution is the definition of the Minimum Trust Problem (MTP): given a set of candidate assumptions Γ, a target conclusion (typically “crate c is safe”), and a cost function C mapping each assumption to a non‑negative integer, find a subset Δ ⊆ Γ of minimum total cost such that Δ logically entails the conclusion (Δ ⊨ c). The authors formalize MTP in propositional logic, focusing on Horn clauses because many trust rules naturally have an “if‑premises‑then‑conclusion” shape. They prove that solving MTP for Horn clauses is NP‑complete, justifying the need for efficient SMT‑based heuristics.

Two solution strategies are presented. The first is a straightforward SAT/SMT encoding that treats each assumption as a Boolean variable, adds constraints encoding logical entailment, and minimizes the sum of selected costs using the linear‑arithmetic theory of the SMT solver. The second, more scalable approach leverages Horn‑clause inference: the set of assumptions is transformed into a directed acyclic graph of inference rules, and a cost‑propagation algorithm (akin to weighted Datalog evaluation) searches for the cheapest proof of safety. The second algorithm dramatically reduces solving time on large dependency graphs while preserving optimality for acyclic rule sets.

Implementation details are encapsulated in the tool Cargo Sherlock. The system automatically harvests crate metadata from crates.io, GitHub, and the RustSec advisory database, and runs static analysis tools to collect additional predicates (e.g., “has no known CVE”). These inputs are fed into an “assumption encoder” that produces the logical formulas and associated costs. The tool also supports “parameterized assumptions” where the cost is a linear function of a continuous metric (e.g., cost = α · downloads + β), and “negative assumptions” that assign high cost to known vulnerabilities, thereby integrating both trust and distrust into a unified score.

The evaluation answers four research questions: (1) Can Cargo Sherlock detect synthetically injected typosquatting attacks? Yes – the crafted malicious crates receive significantly higher trust costs than benign counterparts, making them easy to flag. (2) Does the tool identify real‑world incidents such as rustdecimal, faster_log, and AI‑generated crates? The affected crates exhibit both high trust costs (due to missing positive assumptions) and high distrust costs (because of known CVEs), correctly labeling them as risky. (3) How does the system perform on crates with extensive dependency trees (e.g., tokio, serde)? The Horn‑based algorithm solves instances with several hundred dependencies in under two seconds, while the naïve SAT encoding remains under ten seconds, demonstrating practical scalability. (4) Is the framework configurable and auditable? The authors show that adjusting the cost of a single assumption (e.g., trusting a particular auditor) instantly changes the minimal proof, and the tool outputs the exact set of assumptions used, satisfying auditability.

In summary, Cargo Sherlock bridges the gap between formal verification and the human‑centric heuristics developers actually use when assessing third‑party code. By casting trust judgments as weighted logical assumptions and solving a minimum‑cost entailment problem with SMT, the authors provide a transparent, configurable, and composable metric that can be integrated into existing CI pipelines. Limitations include the subjective nature of cost assignment and potential manipulation of metadata (e.g., inflated download counts), which the authors acknowledge as avenues for future work. The open‑source release under an MIT license invites further extension to other ecosystems such as npm or Maven, and encourages research into more objective cost calibration and defenses against metadata spoofing.