COMING SOON! PQDT Open is getting a new home!

ProQuest Open Access Dissertations & Theses will remain freely available as part of a new and enhanced search experience at

Questions? Please refer to this FAQ.

Dissertation/Thesis Abstract

In-toto: Practical Software Supply Chain Security
by Torres-Arias, Santiago, Ph.D., New York University Tandon School of Engineering, 2020, 128; 27963570
Abstract (Summary)

The software development process, or software supply chain, is quite complex and involves a number of independent actors throughout various organizations and jurisdictions. In most modern supply chains, developers check source code into version control systems, which is in turn compiled into binaries at a build farm, and multiple tests such as dynamic and static analysis, licensing and compliance, security audits, vulnerability scanning among a myriad of other operations are performed. Once all the required actions are carried out, the software is packaged and published for distribution into a delivered product to be consumed by end users.

Unfortunately, software supply chain compromises are common and impactful. An attacker that is able to compromise any single step in the process can maliciously modify the software and harm any of this software’s users. According to the Symantec Internet Threat Security Report (ISTR), Software Supply Chain compromise is the fastest growing threat to internet users—which rose 438% from 2017 to 2019. High and low profile companies are affected alike, and the affected includes companies like Docker, NBC news, Microsoft, and RedHat. Protecting against attacks on the software supply chain presents a complicated challenge because, as mentioned above, the ecosystems in which software are made are incredibly varied and a compromise of a simple node in the pipeline often produces a complete subversion of the deliveredproduct.

To tackle this challenge, we took a two-pronged approach: to secure every single operation within this chain (i.e., to build strong links) and build an expressive framework to cryptographically tie ever single step together (i.e., to build a chain out of these links). To do the former, we identified fundamental principles for trustworthy artifact transfer and ensured popular software can provide these principles by fixing vulnerabilities in them. For the latter, we designed in-toto, a framework that cryptographically ensures the integrity of the software supply chain. To do this, in-toto grants the end user the ability to verify the software supply chain from the project’s inception to its deployment and enforce compliance of the security policies of each individual step.

This work drives the arc between identifying software supply chain compromises all the way to creating all the principles to prevent these compromises from taking place. The work on securing individual links has crystallized into increasing the security stance of applications such as git, Pacman and the tor browser. In addition, in-toto has been widely used by the time of this publication, as thousands of companies and various open source projects are using in-toto to secure their deployments used by millions of users.

Indexing (document details)
Advisor: Cappos, Justin
Commitee: Curtmola, Reza, McCoy, Damon, Karri, Ramesh
School: New York University Tandon School of Engineering
Department: Computer Science and Engineering
School Location: United States -- New York
Source: DAI-B 82/1(E), Dissertation Abstracts International
Subjects: Computer science
Keywords: Continuous delivery, Cryptography, Security, Software supply chain
Publication Number: 27963570
ISBN: 9798662407565
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy