SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties
- URL: http://arxiv.org/abs/2406.10109v1
- Date: Fri, 14 Jun 2024 15:16:09 GMT
- Title: SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties
- Authors: Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, James C. Davis,
- Abstract summary: This paper systematizes knowledge about secure software supply chain patterns.
It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain.
- Score: 6.1570934202202725
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques
Related papers
- SoK: A Defense-Oriented Evaluation of Software Supply Chain Security [3.165193382160046]
We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach.
This paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships.
arXiv Detail & Related papers (2024-05-23T18:53:48Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Enhancing Trust and Privacy in Distributed Networks: A Comprehensive Survey on Blockchain-based Federated Learning [51.13534069758711]
Decentralized approaches like blockchain offer a compelling solution by implementing a consensus mechanism among multiple entities.
Federated Learning (FL) enables participants to collaboratively train models while safeguarding data privacy.
This paper investigates the synergy between blockchain's security features and FL's privacy-preserving model training capabilities.
arXiv Detail & Related papers (2024-03-28T07:08:26Z) - Securing OPEN-RAN Equipment Using Blockchain-Based Supply Chain Verification [0.0]
This paper puts forth a novel blockchain-based approach to secure OPEN-RAN equipment through its lifecycle.
We architect a tamper-resistant ecosystem to track provenance.
There is a vivid potential to make OPEN-RAN supply chains corner to corner secure, igniting further research and real-world deployment.
arXiv Detail & Related papers (2024-02-27T15:58:32Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.
This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z) - Software supply chain: review of attacks, risk assessment strategies and
security controls [0.13812010983144798]
The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector.
We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks.
This study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.
arXiv Detail & Related papers (2023-05-23T15:25:39Z) - Towards Security Enhancement of Blockchain-based Supply Chain Management [0.0]
The cybersecurity of modern systems has dramatically increased attention from both industrial and academia perspectives.
This paper shed the light on the blockchain and specifically on a smart contract technology which been used to handle the process of creation, verification and checking data over the supply chain management process.
arXiv Detail & Related papers (2022-09-11T18:52:11Z) - Will bots take over the supply chain? Revisiting Agent-based supply
chain automation [71.77396882936951]
Agent-based supply chains have been proposed since early 2000; industrial uptake has been lagging.
We find that agent-based technology has matured, and other supporting technologies that are penetrating supply chains are filling in gaps.
For example, the ubiquity of IoT technology helps agents "sense" the state of affairs in a supply chain and opens up new possibilities for automation.
arXiv Detail & Related papers (2021-09-03T18:44:26Z) - Decentralizing Supply Chain Anti-Counterfeiting Systems Using Blockchain
Technology [0.0]
This research proposes the Decentralized NFC-Enabled Anti-Counterfeiting System (dNAS)
dNAS is proposed and developed to facilitate trustworthy data retrieval, verification and management.
It provides a secure and immutable scientific data tracking and management platform on which provenance records are validated.
arXiv Detail & Related papers (2021-02-02T12:17:10Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.