Litcius/Paper detail

SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, James C. Davis

202238 citationsDOIOpen Access PDF

Abstract

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques.

Topics & Concepts

Supply chainTransparency (behavior)Computer scienceSoftware security assuranceComputer securitySoftwareStrengths and weaknessesRisk analysis (engineering)Information securitySecurity serviceBusinessMarketingProgramming languagePhilosophyEpistemologySoftware Engineering ResearchSoftware Engineering Techniques and PracticesAdvanced Malware Detection Techniques
SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties | Litcius