Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM
Future
- URL: http://arxiv.org/abs/2307.02088v4
- Date: Thu, 18 Jan 2024 06:06:20 GMT
- Title: Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM
Future
- Authors: Boming Xia, Dawen Zhang, Yue Liu, Qinghua Lu, Zhenchang Xing, Liming
Zhu
- Abstract summary: This study introduces a blockchain-empowered architecture for SBOM sharing, leveraging verifiable credentials to allow for selective disclosure.
This paper broadens the remit of SBOM to encompass AI systems, thereby coining the term AI Bill of Materials (AIBOM)
- Score: 28.67753149592534
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The robustness of critical infrastructure systems is contingent upon the
integrity and transparency of their software supply chains. A Software Bill of
Materials (SBOM) is pivotal in this regard, offering an exhaustive inventory of
components and dependencies crucial to software development. However, prevalent
challenges in SBOM sharing, such as data tampering risks and vendors'
reluctance to fully disclose sensitive information, significantly hinder its
effective implementation. These challenges pose a notable threat to the
security of critical infrastructure and systems where transparency and trust
are paramount, underscoring the need for a more secure and flexible mechanism
for SBOM sharing. To bridge the gap, this study introduces a
blockchain-empowered architecture for SBOM sharing, leveraging verifiable
credentials to allow for selective disclosure. This strategy not only heightens
security but also offers flexibility. Furthermore, this paper broadens the
remit of SBOM to encompass AI systems, thereby coining the term AI Bill of
Materials (AIBOM). The advent of AI and its application in critical
infrastructure necessitates a nuanced understanding of AI software components,
including their origins and interdependencies. The evaluation of our solution
indicates the feasibility and flexibility of the proposed SBOM sharing
mechanism, positing a solution for safeguarding (AI) software supply chains,
which is essential for the resilience and reliability of modern critical
infrastructure systems.
Related papers
- Federated Learning with Blockchain-Enhanced Machine Unlearning: A Trustworthy Approach [20.74679353443655]
We introduce a framework that melds blockchain with federated learning, thereby ensuring an immutable record of unlearning requests and actions.
Our key contributions encompass a certification mechanism for the unlearning process, the enhancement of data security and privacy, and the optimization of data management.
arXiv Detail & Related papers (2024-05-27T04:35:49Z) - Critical Infrastructure Protection: Generative AI, Challenges, and Opportunities [3.447031974719732]
Critical National Infrastructure (CNI) encompasses a nation's essential assets that are fundamental to the operation of society and the economy.
Growing cybersecurity threats targeting these infrastructures can potentially interfere with operations and seriously risk national security and public safety.
We examine the intricate issues raised by cybersecurity risks to vital infrastructure, highlighting these systems' vulnerability to different types of cyberattacks.
arXiv Detail & Related papers (2024-05-08T08:08:50Z) - Enhancing Data Integrity and Traceability in Industry Cyber Physical Systems (ICPS) through Blockchain Technology: A Comprehensive Approach [0.0]
This study explores the potential of blockchain in enhancing data integrity and traceability within Industry Cyber-Physical Systems (ICPS)
ICPS is pivotal in managing critical infrastructure like manufacturing, power grids, and transportation networks.
This research unearths various blockchain applications in ICPS, including supply chain management, quality control, contract management, and data sharing.
arXiv Detail & Related papers (2024-05-08T06:22:37Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Decentralized Multimedia Data Sharing in IoV: A Learning-based Equilibrium of Supply and Demand [57.82021900505197]
Internet of Vehicles (IoV) has great potential to transform transportation systems by enhancing road safety, reducing traffic congestion, and improving user experience through onboard infotainment applications.
Decentralized data sharing can improve security, privacy, reliability, and facilitate infotainment data sharing in IoVs.
We propose a decentralized data-sharing incentive mechanism based on multi-intelligent reinforcement learning to learn the supply-demand balance in markets.
arXiv Detail & Related papers (2024-03-29T14:58:28Z) - A Landscape Study of Open Source and Proprietary Tools for Software Bill
of Materials (SBOM) [3.1190983209295076]
Software Bill of Materials (SBOM) is a repository that inventories all third-party components and dependencies used in an application.
Recent supply chain breaches underscore the urgent need to enhance software security and vulnerability risks.
This research paper conducts an empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM.
arXiv Detail & Related papers (2024-02-17T00:36:20Z) - Coordinated Disclosure for AI: Beyond Security Vulnerabilities [1.3225694028747144]
Algorithmic flaws in machine learning (ML) models present distinct challenges compared to traditional software vulnerabilities.
To address this gap, we propose the implementation of a dedicated Coordinated Flaw Disclosure framework.
This paper delves into the historical landscape of disclosures in ML, encompassing the ad hoc reporting of harms and the emergence of participatory auditing.
arXiv Detail & Related papers (2024-02-10T20:39:04Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Will bots take over the supply chain? Revisiting Agent-based supply
chain automation [71.77396882936951]
Agent-based supply chains have been proposed since early 2000; industrial uptake has been lagging.
We find that agent-based technology has matured, and other supporting technologies that are penetrating supply chains are filling in gaps.
For example, the ubiquity of IoT technology helps agents "sense" the state of affairs in a supply chain and opens up new possibilities for automation.
arXiv Detail & Related papers (2021-09-03T18:44:26Z) - Trustworthy AI [75.99046162669997]
Brittleness to minor adversarial changes in the input data, ability to explain the decisions, address the bias in their training data, are some of the most prominent limitations.
We propose the tutorial on Trustworthy AI to address six critical issues in enhancing user and public trust in AI systems.
arXiv Detail & Related papers (2020-11-02T20:04:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.