A Secure Mocking Approach towards Software Supply Chain Security

As software development increasingly relies on external collaboration, organizations face new risks of intellectual property leakage beyond traditional concerns about deployed software. Even when the source code is protected, adversaries may infer sensitive internal program specifications by observing the program behavior during the development and testing phases. This paper addresses the problem of specification leakage through behavioral observation in collaborative software development. We propose a novel software development method that centers on specially crafted test doubles referred to as secure mocks. Secure mocks serve as drop-in replacements for original components during development and testing while preventing the exposure of sensitive internal specifications through observable behavior. We formalize the correctness conditions for secure mocks and define the secure mock construction problem as a constraint satisfaction problem parameterized by the program to protect, the development specification, and a security policy. Our approach enables secure test-driven development (TDD) with external collaborators, bridging the gap between traditional TDD styles. We discuss the implications for secure collaboration with external developers and outline future research directions for automating secure mock generation and integrating this paradigm into real-world development pipelines.