English
Related papers

Related papers: Finding Software Supply Chain Attack Paths with Lo…

200 papers

An attack graph is a method used to enumerate the possible paths that an attacker can execute in the organization network. MulVAL is a known open-source framework used to automatically generate attack graphs. MulVAL's default modeling has…

Cryptography and Security · Computer Science 2019-06-25 Orly Stan , Ron Bitton , Michal Ezrets , Moran Dadon , Masaki Inokuchi , Yoshinobu Ohta , Yoshiyuki Yamada , Tomohiko Yagyu , Yuval Elovici , Asaf Shabtai

Organizations employ various adversary models in order to assess the risk and potential impact of attacks on their networks. Attack graphs represent vulnerabilities and actions an attacker can take to identify and compromise an…

Cryptography and Security · Computer Science 2022-08-12 David Tayouri , Nick Baum , Asaf Shabtai , Rami Puzis

The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically,…

Cryptography and Security · Computer Science 2023-05-24 Betul Gokkaya , Leonardo Aniello , Basel Halak

Attack graphs are one of the main techniques used to automate the risk assessment process. In order to derive a relevant attack graph, up-to-date information on known attack techniques should be represented as interaction rules. Designing…

Cryptography and Security · Computer Science 2020-08-12 Hodaya Binyamini , Ron Bitton , Masaki Inokuchi , Tomohiko Yagyu , Yuval Elovici , Asaf Shabtai

A system vulnerability analysis technique (SVAT) for complex mission critical systems (CMCS) was developed in response to the need to be able to conduct penetration testing on large industrial systems which cannot be taken offline or risk…

Cryptography and Security · Computer Science 2023-06-08 Matthew Tassava , Cameron Kolodjski , Jeremy Straub

The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network…

Cryptography and Security · Computer Science 2022-06-22 Lukáš Sadlek , Pavel Čeleda , Daniel Tovarňák

Software supply chains (SSCs) are complex systems composed of dynamic, heterogeneous technical and social components which collectively achieve the production and maintenance of software artefacts. Attacks on SSCs are increasing, yet…

Software Engineering · Computer Science 2026-03-30 Thomas Welsh , Kristófer Finnsson , Brynjólfur Stefánsson , Helmut Neukirchen

Cyber supply chain, encompassing digital asserts, software, hardware, has become an essential component of modern Information and Communications Technology (ICT) provisioning. However, the growing inter-dependencies have introduced numerous…

Cryptography and Security · Computer Science 2025-04-04 Zhuoran Tan , Christos Anagnostopoulos , Jeremy Singer

Identifying the impact scope and scale is critical for software supply chain vulnerability assessment. However, existing studies face substantial limitations. First, prior studies either work at coarse package-level granularity, producing…

Software Engineering · Computer Science 2025-10-10 Bonan Ruan , Zhiwei Lin , Jiahao Liu , Chuqi Zhang , Kaihang Ji , Zhenkai Liang

Risk assessment plays a crucial role in ensuring the security and resilience of modern computer systems. Existing methods for conducting risk assessments often suffer from tedious and time-consuming processes, making it challenging to…

Cryptography and Security · Computer Science 2023-07-27 Simon Unger , Ektor Arzoglou , Markus Heinrich , Dirk Scheuermann , Stefan Katzenbeisser

As interconnected systems proliferate, safeguarding complex infrastructures against an escalating array of cyber threats has become an urgent challenge. The increasing number of vulnerabilities, combined with resource constraints, makes…

Cryptography and Security · Computer Science 2025-02-18 Yuning Jiang , Nay Oo , Qiaoran Meng , Hoon Wei Lim , Biplab Sikdar

Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent…

Software Engineering · Computer Science 2026-01-29 Laura Baird , Armin Moin

Malware attacks are a significant part of the new software security threats detected each year. Intel Software Guard Extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are…

Cryptography and Security · Computer Science 2020-09-24 Vlad Crăciun , Pascal Felber , Andrei Mogage , Emanuel Onica , Rafael Pires

Cyberattacks on enterprise networks exploit complex dependencies among infrastructure, services, and applications, which challenge traditional analysis methods that focus on attack paths or network topology in isolation. In this study, we…

Cryptography and Security · Computer Science 2026-05-27 Joni Herttuainen , Vesa Kuikka , Kimmo K. Kaski

Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: (1) software components; (2) the build infrastructure; and (3) humans (a.k.a software practitioners).…

Cryptography and Security · Computer Science 2025-09-11 Laurie Williams , Sammy Migues

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials (SBOM)-based pipelines for security analysis typically…

Software Engineering · Computer Science 2026-04-08 Laura Baird , Armin Moin

Process digitization and integration is an increasing need for enterprises, while cyber-attacks denote a growing threat. Using the Business Process Management Notation (BPMN) is common to handle the digital and integration focus within and…

Cryptography and Security · Computer Science 2022-01-11 Simon Hacks , Robert Lagerström , Daniel Ritter

The ongoing modernization of the power system, involving new equipment installations and upgrades, exposes the power system to the introduction of malware into its operation through supply chain attacks. Supply chain attacks present a…

Signal Processing · Electrical Eng. & Systems 2023-09-13 Amr S. Mohamed , Sumin Lee , Deepa Kundur

Assessing network security is a complex and difficult task. Attack graphs have been proposed as a tool to help network administrators understand the potential weaknesses of their network. However, a problem has not yet been addressed by…

Cryptography and Security · Computer Science 2013-06-21 Jorge Lucangeli Obes , Carlos Sarraute , Gerardo Richarte

This work discusses open-source software supply chain attacks and proposes a general taxonomy describing how attackers conduct them. We then provide a list of safeguards to mitigate such attacks. We present our tool "Risk Explorer for…

Cryptography and Security · Computer Science 2023-04-12 Piergiorgio Ladisa , Serena Elisa Ponta , Antonino Sabetta , Matias Martinez , Olivier Barais
‹ Prev 1 2 3 10 Next ›