SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

• URL: http://arxiv.org/abs/2406.10109v1
• Date: Fri, 14 Jun 2024 15:16:09 GMT
• Title: SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties
• Authors: Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, James C. Davis,
• Abstract summary: This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain.
• Score: 6.1570934202202725
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques

Related papers

• SPOQchain: Platform for Secure, Scalable, and Privacy-Preserving Supply Chain Tracing and Counterfeit Protection [46.68279506084277]
  This work proposes SPOQchain, a novel blockchain-based platform that provides comprehensive traceability and originality verification. It provides an analysis of privacy and security aspects, demonstrating the need and qualification of SPOQchain for the future of supply chain tracing.
  arXiv  Detail & Related papers  (2024-08-30T07:15:43Z)
• S3C2 Summit 2023-11: Industry Secure Supply Chain Summit [60.025314516749205]
  This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.
  arXiv  Detail & Related papers  (2024-08-29T13:40:06Z)
• Enhancing Supply Chain Visibility with Knowledge Graphs and Large Language Models [49.898152180805454]
  This paper presents a novel framework leveraging Knowledge Graphs (KGs) and Large Language Models (LLMs) to enhance supply chain visibility. Our zero-shot, LLM-driven approach automates the extraction of supply chain information from diverse public sources. With high accuracy in NER and RE tasks, it provides an effective tool for understanding complex, multi-tiered supply networks.
  arXiv  Detail & Related papers  (2024-08-05T17:11:29Z)
• Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle [0.0]
  This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience. The article contributes to the ongoing effort to strengthen the security posture of software supply chains.
  arXiv  Detail & Related papers  (2024-07-08T18:10:47Z)
• SoK: A Defense-Oriented Evaluation of Software Supply Chain Security [3.165193382160046]
  We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach. This paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships.
  arXiv  Detail & Related papers  (2024-05-23T18:53:48Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Securing OPEN-RAN Equipment Using Blockchain-Based Supply Chain Verification [0.0]
  This paper puts forth a novel blockchain-based approach to secure OPEN-RAN equipment through its lifecycle. We architect a tamper-resistant ecosystem to track provenance. There is a vivid potential to make OPEN-RAN supply chains corner to corner secure, igniting further research and real-world deployment.
  arXiv  Detail & Related papers  (2024-02-27T15:58:32Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Software supply chain: review of attacks, risk assessment strategies and security controls [0.13812010983144798]
  The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks. This study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.
  arXiv  Detail & Related papers  (2023-05-23T15:25:39Z)
• Towards Security Enhancement of Blockchain-based Supply Chain Management [0.0]
  The cybersecurity of modern systems has dramatically increased attention from both industrial and academia perspectives. This paper shed the light on the blockchain and specifically on a smart contract technology which been used to handle the process of creation, verification and checking data over the supply chain management process.
  arXiv  Detail & Related papers  (2022-09-11T18:52:11Z)
• Will bots take over the supply chain? Revisiting Agent-based supply chain automation [71.77396882936951]
  Agent-based supply chains have been proposed since early 2000; industrial uptake has been lagging. We find that agent-based technology has matured, and other supporting technologies that are penetrating supply chains are filling in gaps. For example, the ubiquity of IoT technology helps agents "sense" the state of affairs in a supply chain and opens up new possibilities for automation.
  arXiv  Detail & Related papers  (2021-09-03T18:44:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.