Risk Explorer for Software Supply Chains

Piergiorgio Ladisa; Henrik Plate; Matias Martinez; Olivier Barais; Serena Elisa Ponta

doi:10.1145/3560835.3564546

Communication Dans Un Congrès Année : 2022

Risk Explorer for Software Supply Chains

(1, 2) , (2) , (3) , (1) , (2)

1
2
3

Piergiorgio Ladisa

Fonction : Auteur

Diversity-centric Software Engineering

SAP Research

Henrik Plate

Fonction : Auteur

SAP Research

Matias Martinez

Fonction : Auteur
PersonId : 1164245
IdHAL : martinezmatias
ORCID : 0000-0002-2945-866X
IdRef : 183691199

Laboratoire d'Automatique, de Mécanique et d'Informatique industrielles et Humaines - UMR 8201

Olivier Barais

Fonction : Auteur
PersonId : 1972
IdHAL : olivierbarais
ORCID : 0000-0002-4551-8562
IdRef : 094608946

Diversity-centric Software Engineering

Serena Elisa Ponta

Fonction : Auteur
PersonId : 1211374

SAP Research

Résumé

Supply chain attacks on open-source projects aim at injecting and spreading malicious code such that it is executed by direct and indirect downstream users. Recent work systematized the knowledge about such attacks and proposed a taxonomy in the form of an attack tree. We propose a visualization tool called Risk Explorer for Software Supply Chains, which allows inspecting the taxonomy of attack vectors, their descriptions, references to real-world incidents and other literature, as well as information about associated safeguards. Being open-source itself, the community can easily reference new attacks, accommodate for entirely new attack vectors or reflect the development of new safeguards.

Mots clés

Open-Source Security Supply Chain Attacks Malware Detection

Domaines

Informatique et langage [cs.CL]

Fichier principal

3560835.3564546.pdf (995.96 Ko)

Origine : Fichiers produits par l'(les) auteur(s)

Olivier Barais : Connectez-vous pour contacter le contributeur

https://inria.hal.science/hal-03921373

Soumis le : mardi 3 janvier 2023-18:28:13

Dernière modification le : vendredi 22 mars 2024-09:32:39

Dates et versions

hal-03921373 , version 1 (03-01-2023)

Licence

Paternité

Identifiants

HAL Id : hal-03921373 , version 1
DOI : 10.1145/3560835.3564546

Citer

Piergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais, Serena Elisa Ponta. Risk Explorer for Software Supply Chains. CCS 2022 - ACM SIGSAC Conference on Computer and Communications Security, Nov 2022, Los Angeles, United States. pp.35-36, ⟨10.1145/3560835.3564546⟩. ⟨hal-03921373⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-RENNES1 CNRS INRIA UNIV-VALENCIENNES INSA-RENNES IRISA CENTRALESUPELEC INRIA2 UR1-MATH-STIC UR1-UFR-ISTIC UNIV-RENNES INSA-GROUPE UR1-MATH-NUM LAMIH CYBERSCHOOL INSA-HAUTS-DE-FRANCE

62 Consultations

96 Téléchargements

Risk Explorer for Software Supply Chains

Résumé

Mots clés

Domaines

Dates et versions

Licence

Identifiants

Citer

Exporter

Collections

Altmetric

Partager