The software development process, or software supply chain, is quite complex and involves a number of independent actors throughout various organizations and jurisdictions. In most modern supply chains, developers check source code into version control systems, which is in turn compiled into binaries at a build farm, and multiple tests such as dynamic and static analysis, licensing and compliance, security audits, vulnerability scanning among a myriad of other operations are performed. Once all the required actions are carried out, the software is packaged and published for distribution into a delivered product to be consumed by end users.
Unfortunately, software supply chain compromises are common and impactful. An attacker that is able to compromise any single step in the process can maliciously modify the software and harm any of this software’s users. According to the Symantec Internet Threat Security Report (ISTR), Software Supply Chain compromise is the fastest growing threat to internet users—which rose 438% from 2017 to 2019. High and low profile companies are affected alike, and the affected includes companies like Docker, NBC news, Microsoft, and RedHat. Protecting against attacks on the software supply chain presents a complicated challenge because, as mentioned above, the ecosystems in which software are made are incredibly varied and a compromise of a simple node in the pipeline often produces a complete subversion of the deliveredproduct.
To tackle this challenge, we took a two-pronged approach: to secure every single operation within this chain (i.e., to build strong links) and build an expressive framework to cryptographically tie ever single step together (i.e., to build a chain out of these links). To do the former, we identified fundamental principles for trustworthy artifact transfer and ensured popular software can provide these principles by fixing vulnerabilities in them. For the latter, we designed in-toto, a framework that cryptographically ensures the integrity of the software supply chain. To do this, in-toto grants the end user the ability to verify the software supply chain from the project’s inception to its deployment and enforce compliance of the security policies of each individual step.
This work drives the arc between identifying software supply chain compromises all the way to creating all the principles to prevent these compromises from taking place. The work on securing individual links has crystallized into increasing the security stance of applications such as git, Pacman and the tor browser. In addition, in-toto has been widely used by the time of this publication, as thousands of companies and various open source projects are using in-toto to secure their deployments used by millions of users.
|Commitee:||Curtmola, Reza, McCoy, Damon, Karri, Ramesh|
|School:||New York University Tandon School of Engineering|
|Department:||Computer Science and Engineering|
|School Location:||United States -- New York|
|Source:||DAI-B 82/1(E), Dissertation Abstracts International|
|Keywords:||Continuous delivery, Cryptography, Security, Software supply chain|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be