Construction of Software Supply Chain Threat Portrait Based on Chain Perspective-Reference-Cited by-同舟云学术

Construction of Software Supply Chain Threat Portrait Based on Chain Perspective

Published:2023-12-02 Issue:23 Volume:11 Page:4856
ISSN:2227-7390
Container-title:Mathematics
language:en
Short-container-title:Mathematics

Author:

Wang Maoyang¹,Wu Peng²,Luo Qin¹

Affiliation:

1. School of Computer Science, Southwest Petroleum University, Chengdu 610500, China

2. School of Information and Engineering, Sichuan Tourism University, Chengdu 610100, China

Abstract

With the rapid growth of the software industry, the software supply chain (SSC) has become the most intricate system in the complete software life cycle, and the security threat situation is becoming increasingly severe. For the description of the SSC, the relevant research mainly focuses on the perspective of developers, lacking a comprehensive understanding of the SSC. This paper proposes a chain portrait framework of the SSC based on a resource perspective, which comprehensively depicts the threat model and threat surface indicator system of the SSC. The portrait model includes an SSC threat model and an SSC threat indicator matrix. The threat model has 3 levels and 32 dimensions and is based on a generative artificial intelligence model. The threat indicator matrix is constructed using the Attack Net model comprising 14-dimensional attack strategies and 113-dimensional attack techniques. The proposed portrait model’s effectiveness is verified through existing SSC security events, domain experts, and event visualization based on security analysis models.

Funder

National Natural Science Foundation of China 589 underGrant

Publisher

MDPI AG

Subject

General Mathematics,Engineering (miscellaneous),Computer Science (miscellaneous)

Link

https://www.mdpi.com/2227-7390/11/23/4856/pdf

Reference66 articles.

1. Perspectives on the SolarWinds incident;Peisert;IEEE Secur. Priv.,2021

2. (2023, March 15). In-Depth Aanalysis of the Supply Chain Attack Case of CCleaner Backdoor Code-Compilation Environment Pollution. Available online: https://ti.qianxin.com/blog/articles/in-depth-analysis-of-ccleaner-malware/.

3. (2023, March 15). The State of Software Supply Chain Security. Available online: https://www.reversinglabs.com/resources/the-state-of-software-supply-chain-security.

4. (2023, March 01). How Software Engineering Leaders Can Mitigate Software Supply Chain Security Risks. Available online: https://www.gartner.com/en/documents/4003625.

5. Zhenfei, Z. (2018). Research on Pollution Mechanism and Defense of Software Supply Chain. [Master’s Thesis, Beijing University of Posts and Telecommunications].