English
Related papers

Related papers: Building a Secure Software Supply Chain with GNU G…

200 papers

The ability to verify research results and to experiment with methodologies are core tenets of science. As research results are increasingly the outcome of computational processes, software plays a central role. GNU Guix is a software…

Software Engineering · Computer Science 2024-05-27 Ludovic Courtès , Timothy Sample , Simon Tournier , Stefano Zacchiroli

The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically,…

Cryptography and Security · Computer Science 2023-05-24 Betul Gokkaya , Leonardo Aniello , Basel Halak

The software supply chain involves a multitude of tools and processes that enable software developers to write, build, and ship applications. Recently, security compromises of tools or processes has led to a surge in proposals to address…

Cryptography and Security · Computer Science 2022-09-12 Marcela S. Melara , Mic Bowman

Software systems have grown as an indispensable commodity used across various industries, and almost all essential services depend on them for effective operation. The software is no longer an independent or stand-alone piece of code…

Software Engineering · Computer Science 2025-05-29 Ritwik Murali , Akash Ravi

This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in…

Cryptography and Security · Computer Science 2024-07-22 Ahmed Akinsola , Abdullah Akinde

Although it is possible to increase confidence in Free and Open Source Software (FOSS) by reviewing its source code, trusting code is not the same as trusting its executable counterparts. These are typically built and distributed by…

Software Engineering · Computer Science 2021-04-14 Chris Lamb , Stefano Zacchiroli

Malware attacks are a significant part of the new software security threats detected each year. Intel Software Guard Extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are…

Cryptography and Security · Computer Science 2020-09-24 Vlad Crăciun , Pascal Felber , Andrei Mogage , Emanuel Onica , Rafael Pires

A software supply chain attack is characterized by the injection of malicious code into a software package in order to compromise dependent systems further down the chain. Recent years saw a number of supply chain attacks that leverage the…

Cryptography and Security · Computer Science 2020-05-20 Marc Ohm , Henrik Plate , Arnold Sykosch , Michael Meier

Support teams of high-performance computing (HPC) systems often find themselves between a rock and a hard place: on one hand, they understandably administrate these large systems in a conservative way, but on the other hand, they try to…

Distributed, Parallel, and Cluster Computing · Computer Science 2015-07-28 Ludovic Courtès , Ricardo Wurmus

We describe the design and implementation of GNU Guix, a purely functional package manager designed to support a complete GNU/Linux distribution. Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user…

Programming Languages · Computer Science 2013-05-21 Ludovic Courtès

This work discusses open-source software supply chain attacks and proposes a general taxonomy describing how attackers conduct them. We then provide a list of safeguards to mitigate such attacks. We present our tool "Risk Explorer for…

Cryptography and Security · Computer Science 2023-04-12 Piergiorgio Ladisa , Serena Elisa Ponta , Antonino Sabetta , Matias Martinez , Olivier Barais

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity,…

Cryptography and Security · Computer Science 2024-06-17 Chinenye Okafor , Taylor R. Schorlemmer , Santiago Torres-Arias , James C. Davis

Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially…

Cryptography and Security · Computer Science 2025-05-21 Carmine Cesarano , Martin Monperrus , Roberto Natella

The widespread dependency on open-source software makes it a fruitful target for malicious actors, as demonstrated by recurring attacks. The complexity of today's open-source supply chains results in a significant attack surface, giving…

Cryptography and Security · Computer Science 2023-07-19 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais

Supply chain security is extremely important for modern applications running at scale in the cloud. In fact, they involve a large number of heterogeneous microservices that also include third-party software. As a result, security…

Cryptography and Security · Computer Science 2025-10-08 Jacopo Bufalino , Mario Di Francesco , Agathe Blaise , Stefano Secci

Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: (1) software components; (2) the build infrastructure; and (3) humans (a.k.a software practitioners).…

Cryptography and Security · Computer Science 2025-09-11 Laurie Williams , Sammy Migues

In Go, the widespread adoption of open-source software has led to a flourishing ecosystem of third-party dependencies, which are often integrated into critical systems. However, the reuse of dependencies introduces significant supply chain…

Cryptography and Security · Computer Science 2025-09-05 Carmine Cesarano , Vivi Andersson , Roberto Natella , Martin Monperrus

The demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this…

Cryptography and Security · Computer Science 2022-11-11 Giacomo Benedetti , Luca Verderame , Alessio Merlo

Software supply chains (SSCs) are complex systems composed of dynamic, heterogeneous technical and social components which collectively achieve the production and maintenance of software artefacts. Attacks on SSCs are increasing, yet…

Software Engineering · Computer Science 2026-03-30 Thomas Welsh , Kristófer Finnsson , Brynjólfur Stefánsson , Helmut Neukirchen

The liberalization of software licensing has led to unprecedented re-use of software. Alongside drastically increasing productivity and arguably quality of derivative works, it has also introduced multiple attack vectors. The management of…

Software Engineering · Computer Science 2023-02-20 Aarnav M. Bos
‹ Prev 1 2 3 10 Next ›