Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM
Future
- URL: http://arxiv.org/abs/2307.02088v4
- Date: Thu, 18 Jan 2024 06:06:20 GMT
- Title: Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM
Future
- Authors: Boming Xia, Dawen Zhang, Yue Liu, Qinghua Lu, Zhenchang Xing, Liming
Zhu
- Abstract summary: This study introduces a blockchain-empowered architecture for SBOM sharing, leveraging verifiable credentials to allow for selective disclosure.
This paper broadens the remit of SBOM to encompass AI systems, thereby coining the term AI Bill of Materials (AIBOM)
- Score: 28.67753149592534
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The robustness of critical infrastructure systems is contingent upon the
integrity and transparency of their software supply chains. A Software Bill of
Materials (SBOM) is pivotal in this regard, offering an exhaustive inventory of
components and dependencies crucial to software development. However, prevalent
challenges in SBOM sharing, such as data tampering risks and vendors'
reluctance to fully disclose sensitive information, significantly hinder its
effective implementation. These challenges pose a notable threat to the
security of critical infrastructure and systems where transparency and trust
are paramount, underscoring the need for a more secure and flexible mechanism
for SBOM sharing. To bridge the gap, this study introduces a
blockchain-empowered architecture for SBOM sharing, leveraging verifiable
credentials to allow for selective disclosure. This strategy not only heightens
security but also offers flexibility. Furthermore, this paper broadens the
remit of SBOM to encompass AI systems, thereby coining the term AI Bill of
Materials (AIBOM). The advent of AI and its application in critical
infrastructure necessitates a nuanced understanding of AI software components,
including their origins and interdependencies. The evaluation of our solution
indicates the feasibility and flexibility of the proposed SBOM sharing
mechanism, positing a solution for safeguarding (AI) software supply chains,
which is essential for the resilience and reliability of modern critical
infrastructure systems.
Related papers
- Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls [0.6990493129893112]
This paper proposes a comprehensive secure framework for managing third-party vendor risk.
It integrates blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions.
arXiv Detail & Related papers (2024-11-20T16:42:14Z) - Enhancing Supply Chain Visibility with Knowledge Graphs and Large Language Models [49.898152180805454]
This paper presents a novel framework leveraging Knowledge Graphs (KGs) and Large Language Models (LLMs) to enhance supply chain visibility.
Our zero-shot, LLM-driven approach automates the extraction of supply chain information from diverse public sources.
With high accuracy in NER and RE tasks, it provides an effective tool for understanding complex, multi-tiered supply networks.
arXiv Detail & Related papers (2024-08-05T17:11:29Z) - Critical Infrastructure Protection: Generative AI, Challenges, and Opportunities [3.447031974719732]
Critical National Infrastructure (CNI) encompasses a nation's essential assets that are fundamental to the operation of society and the economy.
Growing cybersecurity threats targeting these infrastructures can potentially interfere with operations and seriously risk national security and public safety.
We examine the intricate issues raised by cybersecurity risks to vital infrastructure, highlighting these systems' vulnerability to different types of cyberattacks.
arXiv Detail & Related papers (2024-05-08T08:08:50Z) - Enhancing Data Integrity and Traceability in Industry Cyber Physical Systems (ICPS) through Blockchain Technology: A Comprehensive Approach [0.0]
This study explores the potential of blockchain in enhancing data integrity and traceability within Industry Cyber-Physical Systems (ICPS)
ICPS is pivotal in managing critical infrastructure like manufacturing, power grids, and transportation networks.
This research unearths various blockchain applications in ICPS, including supply chain management, quality control, contract management, and data sharing.
arXiv Detail & Related papers (2024-05-08T06:22:37Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - A Landscape Study of Open Source and Proprietary Tools for Software Bill
of Materials (SBOM) [3.1190983209295076]
Software Bill of Materials (SBOM) is a repository that inventories all third-party components and dependencies used in an application.
Recent supply chain breaches underscore the urgent need to enhance software security and vulnerability risks.
This research paper conducts an empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM.
arXiv Detail & Related papers (2024-02-17T00:36:20Z) - Coordinated Flaw Disclosure for AI: Beyond Security Vulnerabilities [1.3225694028747144]
We propose a Coordinated Flaw Disclosure framework tailored to the complexities of machine learning (ML) issues.
Our framework introduces innovations such as extended model cards, dynamic scope expansion, an independent adjudication panel, and an automated verification process.
We argue that CFD could significantly enhance public trust in AI systems.
arXiv Detail & Related papers (2024-02-10T20:39:04Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
ThreatKG is an automated system for OSCTI gathering and management.
It efficiently collects a large number of OSCTI reports from multiple sources.
It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
arXiv Detail & Related papers (2022-12-20T16:13:59Z) - Will bots take over the supply chain? Revisiting Agent-based supply
chain automation [71.77396882936951]
Agent-based supply chains have been proposed since early 2000; industrial uptake has been lagging.
We find that agent-based technology has matured, and other supporting technologies that are penetrating supply chains are filling in gaps.
For example, the ubiquity of IoT technology helps agents "sense" the state of affairs in a supply chain and opens up new possibilities for automation.
arXiv Detail & Related papers (2021-09-03T18:44:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.