Securing the Software Package Supply Chain for Critical Systems

• URL: http://arxiv.org/abs/2505.22023v1
• Date: Wed, 28 May 2025 06:42:37 GMT
• Title: Securing the Software Package Supply Chain for Critical Systems
• Authors: Ritwik Murali, Akash Ravi,
• Abstract summary: Software systems have grown as an indispensable commodity used across various industries.<n>Emerging threats target software supply chains, as demonstrated by the widespread SolarWinds hack in late 2020.<n>This chapter enhances the existing delivery frameworks by including a permissioned ledger with Proof of Authority consensus and multi-party signatures.
• Score: 1.3812010983144802
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Software systems have grown as an indispensable commodity used across various industries, and almost all essential services depend on them for effective operation. The software is no longer an independent or stand-alone piece of code written by a developer but rather a collection of packages designed by multiple developers across the globe. Ensuring the reliability and resilience of these systems is crucial since emerging threats target software supply chains, as demonstrated by the widespread SolarWinds hack in late 2020. These supply chains extend beyond patches and updates, involving distribution networks throughout the software lifecycle. Industries like smart grids, manufacturing, healthcare, and finance rely on interconnected software systems and their dependencies for effective functioning. To secure software modules and add-ons, robust distribution architectures are essential. The proposed chapter enhances the existing delivery frameworks by including a permissioned ledger with Proof of Authority consensus and multi-party signatures. The proposed system aims to prevent attacks while permitting every stakeholder to verify the same. Critical systems can interface with the secure pipeline without disrupting existing functionalities, thus preventing the cascading effect of an attack at any point in the supply chain.

Related papers

• S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit [50.93790634176803]
  Over the past several years, there has been an exponential increase in cyberattacks targeting software supply chains.<n>The ever-evolving threat of software supply chain attacks has garnered interest from the software industry and the US government.<n>Three researchers from the NSF-backed Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 12 practitioners from 9 companies.
  arXiv  Detail & Related papers  (2025-05-15T17:48:14Z)
• Extending Lifetime of Embedded Systems by WebAssembly-based Functional Extensions Including Drivers [46.538276603099916]
  We present Wasm-IO, a framework designed to facilitate peripheral I/O operations within WebAssembly (Wasm) containers.<n>We detail synchronous I/O and methods for embedding platform-independent peripheral configurations within Wasm binaries.
  arXiv  Detail & Related papers  (2025-03-10T17:22:00Z)
• SPOQchain: Platform for Secure, Scalable, and Privacy-Preserving Supply Chain Tracing and Counterfeit Protection [46.68279506084277]
  This work proposes SPOQchain, a novel blockchain-based platform that provides comprehensive traceability and originality verification. It provides an analysis of privacy and security aspects, demonstrating the need and qualification of SPOQchain for the future of supply chain tracing.
  arXiv  Detail & Related papers  (2024-08-30T07:15:43Z)
• S3C2 Summit 2023-11: Industry Secure Supply Chain Summit [60.025314516749205]
  This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.
  arXiv  Detail & Related papers  (2024-08-29T13:40:06Z)
• Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle [0.0]
  This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience. The article contributes to the ongoing effort to strengthen the security posture of software supply chains.
  arXiv  Detail & Related papers  (2024-07-08T18:10:47Z)
• SoK: A Defense-Oriented Evaluation of Software Supply Chain Security [3.165193382160046]
  We argue that the next stage of software supply chain security research and development will benefit greatly from a defense-oriented approach. This paper introduces the AStRA model, a framework for representing fundamental software supply chain elements and their causal relationships.
  arXiv  Detail & Related papers  (2024-05-23T18:53:48Z)
• Assessing the Threat Level of Software Supply Chains with the Log Model [4.1920378271058425]
  The use of free and open source software (FOSS) components in all software systems is estimated to be above 90%. This work presents a novel approach of assessing threat levels in FOSS supply chains with the log model.
  arXiv  Detail & Related papers  (2023-11-20T12:44:37Z)
• Analyzing Maintenance Activities of Software Libraries [55.2480439325792]
  Industrial applications heavily integrate open-source software libraries nowadays.<n>I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities.
  arXiv  Detail & Related papers  (2023-06-09T16:51:25Z)
• Will bots take over the supply chain? Revisiting Agent-based supply chain automation [71.77396882936951]
  Agent-based supply chains have been proposed since early 2000; industrial uptake has been lagging. We find that agent-based technology has matured, and other supporting technologies that are penetrating supply chains are filling in gaps. For example, the ubiquity of IoT technology helps agents "sense" the state of affairs in a supply chain and opens up new possibilities for automation.
  arXiv  Detail & Related papers  (2021-09-03T18:44:26Z)
• Decentralizing Supply Chain Anti-Counterfeiting Systems Using Blockchain Technology [0.0]
  This research proposes the Decentralized NFC-Enabled Anti-Counterfeiting System (dNAS) dNAS is proposed and developed to facilitate trustworthy data retrieval, verification and management. It provides a secure and immutable scientific data tracking and management platform on which provenance records are validated.
  arXiv  Detail & Related papers  (2021-02-02T12:17:10Z)
• Toward Blockchain-Enabled Supply Chain Anti-Counterfeiting and Traceability [0.0]
  Development of autonomous and decentralized solution for supply chain anti-counterfeiting and traceability. Vulnerabilities of centralized product anti-counterfeiting solutions could possibly lead to system failure. Key areas of decentralization and feasible mechanisms of developing decentralized and distributed product anti-counterfeiting and traceability ecosystems.
  arXiv  Detail & Related papers  (2021-01-31T14:18:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.