{"title":"On the Feasibility of Detecting Software Supply Chain Attacks","authors":"Xinyuan Wang","doi":"10.1109/MILCOM52596.2021.9652901","DOIUrl":null,"url":null,"abstract":"The Supply chain attack is the stealthy and sophisticated cyberattack that aims to compromise a target by exploiting weaknesses and vulnerabilities in its supply chain. Recent supply chain attacks (e.g., SolarWinds attack) have compromised some of the most secured IT infrastructures of government agencies and enterprises. The European Union Agency for Cybersecurity, ENISA, has predicted that there will be 3 times more supply chain attacks in 2021 than in 2020. In this paper, we look into the problem of supply chain attacks, the challenges of defending software supply chain attacks. We analyze what it takes to effectively prevent software supply chain attacks, and show that it is indeed feasible and practical for the customers to detect certain software supply chain attacks. We propose an information flow based detection approach that enables end users to detect many software supply chain attacks without dealing with any of the underlying software suppliers.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM52596.2021.9652901","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
The Supply chain attack is the stealthy and sophisticated cyberattack that aims to compromise a target by exploiting weaknesses and vulnerabilities in its supply chain. Recent supply chain attacks (e.g., SolarWinds attack) have compromised some of the most secured IT infrastructures of government agencies and enterprises. The European Union Agency for Cybersecurity, ENISA, has predicted that there will be 3 times more supply chain attacks in 2021 than in 2020. In this paper, we look into the problem of supply chain attacks, the challenges of defending software supply chain attacks. We analyze what it takes to effectively prevent software supply chain attacks, and show that it is indeed feasible and practical for the customers to detect certain software supply chain attacks. We propose an information flow based detection approach that enables end users to detect many software supply chain attacks without dealing with any of the underlying software suppliers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
