Related papers: Trustworthy and Confidential SBOM Exchange

Trustworthy and Confidential SBOM Exchange

URL: http://arxiv.org/abs/2509.13217v1
Date: Tue, 16 Sep 2025 16:21:27 GMT
Title: Trustworthy and Confidential SBOM Exchange
Authors: Eman Abu Ishgair, Chinenye Okafor, Marcela S. Melara, Santiago Torres-Arias,
Abstract summary: Petra is an SBOM exchange system that empowers software vendors to interoperably compose and distribute redacted SBOM data using selective encryption.<n>Petra enables software consumers to search redacted SBOMs for answers to specific security questions without revealing information they are not authorized to access.
Score: 9.785054308335138
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Software Bills of Materials (SBOMs) have become a regulatory requirement for improving software supply chain security and trust by means of transparency regarding components that make up software artifacts. However, enterprise and regulated software vendors commonly wish to restrict who can view confidential software metadata recorded in their SBOMs due to intellectual property or security vulnerability information. To address this tension between transparency and confidentiality, we propose Petra, an SBOM exchange system that empowers software vendors to interoperably compose and distribute redacted SBOM data using selective encryption. Petra enables software consumers to search redacted SBOMs for answers to specific security questions without revealing information they are not authorized to access. Petra leverages a format-agnostic, tamper-evident SBOM representation to generate efficient and confidentiality-preserving integrity proofs, allowing interested parties to cryptographically audit and establish trust in redacted SBOMs. Exchanging redacted SBOMs in our Petra prototype requires less than 1 extra KB per SBOM, and SBOM decryption account for at most 1% of the performance overhead during an SBOM query.

Related papers

VeriSBOM: Secure and Verifiable SBOM Sharing Via Zero-Knowledge Proofs [1.0896567381206717]
A Software Bill of Materials (SBOM) is a structured inventory of the components, dependencies, and associated metadata of a software artifact.<n>We present VeriSBOM, a framework that provides cryptographic verifiability of SBOMs using zero-knowledge proofs.
arXiv Detail & Related papers (2026-02-14T09:07:14Z)
SBOMproof: Beyond Alleged SBOM Compliance for Supply Chain Security of Container Images [3.101218489580587]
Governments have recently introduced cybersecurity regulations that require vendors to share a software bill of material with end users or regulators.<n>An SBOM can be employed to identify the security vulnerabilities of a software component even without access to its source code.<n>This work evaluates this issue through a comprehensive study of tools for SBOM generation and vulnerability scanning.
arXiv Detail & Related papers (2025-10-07T11:17:51Z)
CoTGuard: Using Chain-of-Thought Triggering for Copyright Protection in Multi-Agent LLM Systems [55.57181090183713]
We introduce CoTGuard, a novel framework for copyright protection that leverages trigger-based detection within Chain-of-Thought reasoning.<n>Specifically, we can activate specific CoT segments and monitor intermediate reasoning steps for unauthorized content reproduction by embedding specific trigger queries into agent prompts.<n>This approach enables fine-grained, interpretable detection of copyright violations in collaborative agent scenarios.
arXiv Detail & Related papers (2025-05-26T01:42:37Z)
Encrypted Federated Search Using Homomorphic Encryption [0.0]
This paper introduces a privacy-preserving federated search system that allows law enforcement agencies to conduct queries on encrypted criminal databases.<n>The key innovation here is the ability to execute encrypted queries across distributed databases, without the decryption of the data.
arXiv Detail & Related papers (2025-05-05T07:03:30Z)
Secure Semantic Communication With Homomorphic Encryption [52.5344514499035]
This paper explores the feasibility of applying homomorphic encryption to SemCom.<n>We propose a task-oriented SemCom scheme secured through homomorphic encryption.
arXiv Detail & Related papers (2025-01-17T13:26:14Z)
Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [43.253676241213626]
We propose an architecture for blockchain-based PAISs to preserve confidentiality and transparency.<n>Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.<n>We assess the security of our solution through a systematic threat model analysis and evaluate its practical feasibility.
arXiv Detail & Related papers (2024-12-07T20:18:36Z)
Supply Chain Insecurity: The Lack of Integrity Protection in SBOM Solutions [0.0]
The Software Bill of Materials (SBOM) is paramount in ensuring software supply chain security.<n>Under the Executive Order issued by President Biden, the adoption of the SBOM has become obligatory within the United States.<n>We present an in-depth and systematic investigation of the trust that can be put into the output of SBOMs.
arXiv Detail & Related papers (2024-12-06T15:52:12Z)
The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach [56.4040698609393]
Software Bill of Materials (SBOM) has been promoted as a tool to increase transparency and verifiability in software composition. Current SBOM generation tools often suffer from inaccuracies in identifying components and dependencies. We propose PIP-sbom, a novel pip-inspired solution that addresses their shortcomings.
arXiv Detail & Related papers (2024-09-10T10:12:37Z)
Practical Privacy-Preserving Identity Verification using Third-Party Cloud Services and FHE (Role of Data Encoding in Circuit Depth Management) [0.0]
Governments seek to outsource national digital identity verification systems to third-party cloud services. This leads to increased concerns regarding the privacy of users' personal data. We propose a privacy-preserving digital identity (ID) verification protocol where the third-party cloud services process the identity data encrypted.
arXiv Detail & Related papers (2024-08-15T08:12:07Z)
Enc2DB: A Hybrid and Adaptive Encrypted Query Processing Framework [47.11111145443189]
We introduce Enc2DB, a novel secure database system following a hybrid strategy on and openGauss. We present a micro-benchmarking test and self-adaptive mode switch strategy that can choose the best execution path (cryptography or TEE) to answer a given query. We also design and implement a ciphertext index compatible with native cost model and querys to accelerate query processing.
arXiv Detail & Related papers (2024-04-10T08:11:12Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
Software services place implicit trust in the cloud provider, without an explicit trust relationship. There is currently no cloud provider that exposes Trusted Platform Module capabilities. We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
arXiv Detail & Related papers (2023-10-05T13:13:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.