Finding Software Supply Chain Attack Paths with Logical Attack Graphs

• URL: http://arxiv.org/abs/2511.11171v1
• Date: Fri, 14 Nov 2025 11:13:04 GMT
• Title: Finding Software Supply Chain Attack Paths with Logical Attack Graphs
• Authors: Luıs Soeiro, Thomas Robert, Stefano Zacchiroli,
• Abstract summary: We propose an extension to MulVal that integrates SSC threat propagation analysis with network-based threat analysis.<n>New facts and interaction rules model SSC assets, their dependencies, interactions, compromises, additional security mechanisms, initial system states, and known threats.
• Score: 4.076153126389202
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Cyberattacks are becoming increasingly frequent and sophisticated, often exploiting the software supply chain (SSC) as an attack vector. Attack graphs provide a detailed representation of the sequence of events and vulnerabilities that could lead to a successful security breach in a system. MulVal is a widely used open-source tool for logical attack graph generation in networked systems. However, its current lack of support for capturing and reasoning about SSC threat propagation makes it unsuitable for addressing modern SSC attacks, such as the XZ compromise or the 3CX double SSC attack. To address this limitation, we propose an extension to MulVal that integrates SSC threat propagation analysis with existing network-based threat analysis. This extension introduces a new set of predicates within the familiar MulVal syntax, enabling seamless integration. The new facts and interaction rules model SSC assets, their dependencies, interactions, compromises, additional security mechanisms, initial system states, and known threats. We explain how this integration operates in both directions and demonstrate the practical application of the extension.

Related papers

• ORCA -- An Automated Threat Analysis Pipeline for O-RAN Continuous Development [57.61878484176942]
  Open-Radio Access Network (O-RAN) integrates numerous software components in a cloud-like deployment, opening the radio access network to previously unconsidered security threats.<n>Current vulnerability assessment practices often rely on manual, labor-intensive, and subjective investigations, leading to inconsistencies in the threat analysis.<n>We propose an automated pipeline that leverages Natural Language Processing (NLP) to minimize human intervention and associated biases.
  arXiv  Detail & Related papers  (2026-01-20T07:31:59Z)
• The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware [6.5249834967502744]
  Large language model (LLM)-based systems have created a new attack surface that existing security frameworks inadequately address.<n>We propose that attacks targeting LLM-based applications constitute a distinct class of malware, which we term textitpromptware, and introduce a five-step kill chain model for analyzing these threats.
  arXiv  Detail & Related papers  (2026-01-14T16:57:04Z)
• Investigating Security Implications of Automatically Generated Code on the Software Supply Chain [4.3754423452518205]
  Software supply chain (SSC) attacks pose significant risks to the global community.<n>Code generation techniques, such as large language models (LLMs), have been widely utilized in the developer community.<n>LLMs suffer from inherent issues when generating code, including fabrication, misinformation, and reliance on outdated training data.
  arXiv  Detail & Related papers  (2025-09-24T16:15:17Z)
• Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
  Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
  arXiv  Detail & Related papers  (2025-09-19T04:10:52Z)
• CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization [73.13843039509386]
  This paper presents CyGATE, a game-theoretic framework modeling attacker-defender interactions.<n>CyGATE frames cyber conflicts as a partially observable game (POSG) across Cyber Kill Chain stages.<n>The framework's flexible architecture enables extension to multi-agent scenarios.
  arXiv  Detail & Related papers  (2025-08-01T09:53:06Z)
• A Systematization of Security Vulnerabilities in Computer Use Agents [1.3560089220432787]
  We conduct a systematic threat analysis and testing of real-world CUAs under adversarial conditions.<n>We identify seven classes of risks unique to the CUA paradigm, and analyze three concrete exploit scenarios in depth.<n>These case studies reveal deeper architectural flaws across current CUA implementations.
  arXiv  Detail & Related papers  (2025-07-07T19:50:21Z)
• Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
  We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
  arXiv  Detail & Related papers  (2024-09-24T03:17:51Z)
• It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation [50.06412862964449]
  Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks. Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete. This paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime.
  arXiv  Detail & Related papers  (2023-12-27T10:44:58Z)
• Assessing the Threat Level of Software Supply Chains with the Log Model [4.1920378271058425]
  The use of free and open source software (FOSS) components in all software systems is estimated to be above 90%. This work presents a novel approach of assessing threat levels in FOSS supply chains with the log model.
  arXiv  Detail & Related papers  (2023-11-20T12:44:37Z)
• Software supply chain: review of attacks, risk assessment strategies and security controls [0.13812010983144798]
  The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks. This study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.
  arXiv  Detail & Related papers  (2023-05-23T15:25:39Z)
• Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI [3.871148938060281]
  LADDER is a framework that can extract text-based attack patterns from cyberthreat intelligence reports at scale. We present several use cases to demonstrate the application of LADDER in real-world scenarios.
  arXiv  Detail & Related papers  (2022-11-01T12:16:30Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence [78.23170229258162]
  We build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI. ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, and (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors.
  arXiv  Detail & Related papers  (2021-01-17T19:44:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.