English
Related papers

Related papers: SBOM.EXE: Countering Dynamic Code Injection based …

200 papers

This work discusses open-source software supply chain attacks and proposes a general taxonomy describing how attackers conduct them. We then provide a list of safeguards to mitigate such attacks. We present our tool "Risk Explorer for…

Cryptography and Security · Computer Science 2023-04-12 Piergiorgio Ladisa , Serena Elisa Ponta , Antonino Sabetta , Matias Martinez , Olivier Barais

This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in…

Cryptography and Security · Computer Science 2024-07-22 Ahmed Akinsola , Abdullah Akinde

Third-party libraries like Log4j accelerate software application development but introduce substantial risk. Vulnerabilities in these libraries have led to Software Supply Chain (SSC) attacks that compromised resources within the host…

Cryptography and Security · Computer Science 2024-12-23 Paschal C. Amusuo , Kyle A. Robinson , Tanmay Singla , Huiyun Peng , Aravind Machiry , Santiago Torres-Arias , Laurent Simon , James C. Davis

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the…

Cryptography and Security · Computer Science 2023-08-15 William Enck , Yasemin Acar , Michel Cukier , Alexandros Kapravelos , Christian Kästner , Laurie Williams

In modern software development workflows, the open-source software supply chain contributes significantly to efficient and convenient engineering practices. With increasing system complexity, using open-source software as third-party…

Software Engineering · Computer Science 2025-11-18 Zihe Yan , Kai Luo , Haoyu Yang , Yang Yu , Zhuosheng Zhang , Guancheng Li

Software Bills of Material (SBOMs) have emerged as an important technology for vulnerability management amid rising supply-chain attacks. They represent component relationships within a software product and support software composition…

Software Engineering · Computer Science 2026-04-24 Shawn Rasheed , Max McPhee , Lisa Patterson , Stephen MacDonell , Jens Dietrich

The Software Supply Chain (SSC) security is a critical concern for both users and developers. Recent incidents, like the SolarWinds Orion compromise, proved the widespread impact resulting from the distribution of compromised software. The…

Cryptography and Security · Computer Science 2024-09-11 Giacomo Benedetti , Serena Cofano , Alessandro Brighente , Mauro Conti

Malware attacks are a significant part of the new software security threats detected each year. Intel Software Guard Extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are…

Cryptography and Security · Computer Science 2020-09-24 Vlad Crăciun , Pascal Felber , Andrei Mogage , Emanuel Onica , Rafael Pires

Software supply chain attacks, which exploit the build process or artifacts used in the process of building a software product, are increasingly of concern. To combat these attacks, one must be able to check that every artifact that a…

Software Engineering · Computer Science 2024-02-15 Bharathi Seshadri , Yongkui Han , Chris Olson , David Pollak , Vojislav Tomasevic

Software supply-chain attacks are an important and ongoing concern in the open source software ecosystem. These attacks maintain the standard functionality that a component implements, but additionally hide malicious functionality activated…

Cryptography and Security · Computer Science 2025-12-17 Evangelos Lamprou , Julian Dai , Grigoris Ntousakis , Martin C. Rinard , Nikos Vasilakis

Software Bills of Material (SBOMs) are becoming a consolidated, often enforced by governmental regulations, way to describe software composition. However, based on recent studies, SBOMs suffer from limited support for their consumption and…

Software Engineering · Computer Science 2025-05-29 Davide Fucci , Massimiliano Di Penta , Simone Romano , Giuseppe Scanniello

In recent years, there has been a growing concern with software integrity, that is, the assurance that software has not been tampered with on the path between developers and users. This path is represented by a software development pipeline…

Cryptography and Security · Computer Science 2022-11-14 B. M. Reichert , R. R. Obelheiro

Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence…

Software Engineering · Computer Science 2018-05-03 Roberto Baldoni , Emilio Coppa , Daniele Cono D'Elia , Camil Demetrescu , Irene Finocchi

Software reuse may result in software bloat when significant portions of application dependencies are effectively unused. Several tools exist to remove unused (byte)code from an application or its dependencies, thus producing smaller…

Software Engineering · Computer Science 2021-08-12 Serena Elisa Ponta , Wolfram Fischer , Henrik Plate , Antonino Sabetta

According to experts, one third of all IT vulnerabilities today are due to inadequate software verification. Internal program processes are not sufficiently secured against manipulation by attackers, especially if access has been gained.…

Cryptography and Security · Computer Science 2022-11-22 Erik Heiland , Peter Hillmann

Modern networked systems rely on complex software stacks, which often conceal vulnerabilities arising from intricate interdependencies. A Software Bill of Materials (SBOM) is effective for identifying dependencies and mitigating security…

Software Engineering · Computer Science 2025-12-01 Vadim Safronov , Ionut Bostan , Nicholas Allott , Andrew Martin

The Log4j-Core vulnerability, known as Log4Shell, exposed significant challenges to dependency management in software ecosystems. When a critical vulnerability is disclosed, it is imperative that dependent packages quickly adopt patched…

Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially…

Cryptography and Security · Computer Science 2025-05-21 Carmine Cesarano , Martin Monperrus , Roberto Natella

Open-source software (OSS) is a critical component of modern software systems, yet supply chain security remains challenging in practice due to unavailable or obfuscated source code. Consequently, security teams often rely on runtime…

Cryptography and Security · Computer Science 2026-05-27 Zhuoran Tan , Ke Xiao , Jeremy Singer , Christos Anagnostopoulos

Open-source software serves as a foundation for the internet and the cyber supply chain, but its exploitation is becoming increasingly prevalent. While advances in vulnerability detection for OSS have been significant, prior research has…

Cryptography and Security · Computer Science 2024-12-02 Zhuoran Tan , Christos Anagnosstopoulos , Jeremy Singer