Zobrazeno 1 - 10
of 2 851
pro vyhledávání: '"Arias, Santiago"'
Autor:
Schorlemmer, Taylor R., Burmane, Ethan H., Kalu, Kelechi G., Torres-Arias, Santiago, Davis, James C.
Software engineers integrate third-party components into their applications. The resulting software supply chain is vulnerable. To reduce the attack surface, we can verify the origin of components (provenance) before adding them. Cryptographic signat
Externí odkaz:
http://arxiv.org/abs/2407.03949
Code signing enables software developers to digitally sign their code using cryptographic keys, thereby associating the code to their identity. This allows users to verify the authenticity and integrity of the software, ensuring it has not been tampe
Externí odkaz:
http://arxiv.org/abs/2406.15596
This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separati
Externí odkaz:
http://arxiv.org/abs/2406.10109
Many software products are composed by the recursive integration of components from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve suppl
Externí odkaz:
http://arxiv.org/abs/2406.08198
The software supply chain comprises a highly complex set of operations, processes, tools, institutions and human factors involved in creating a piece of software. A number of high-profile attacks that exploit a weakness in this complex ecosystem have
Externí odkaz:
http://arxiv.org/abs/2405.14993
Autor:
Schorlemmer, Taylor R, Kalu, Kelechi G, Chigges, Luke, Ko, Kyung Myung, Isghair, Eman Abu, Baghi, Saurabh, Torres-Arias, Santiago, Davis, James C
Many software applications incorporate open-source third-party packages distributed by public package registries. Guaranteeing authorship along this supply chain is a challenge. Package maintainers can guarantee package authorship through software si
Externí odkaz:
http://arxiv.org/abs/2401.14635
Embedded software is used in safety-critical systems such as medical devices and autonomous vehicles, where software defects, including security vulnerabilities, have severe consequences. Most embedded codebases are developed in unsafe languages, spe
Externí odkaz:
http://arxiv.org/abs/2311.05063
Autor:
Amusuo, Paschal C., Robinson, Kyle A., Singla, Tanmay, Peng, Huiyun, Machiry, Aravind, Torres-Arias, Santiago, Simon, Laurent, Davis, James C.
Third-party software components like Log4J accelerate software application development but introduce substantial risk. These components have led to many software supply chain attacks. These attacks succeed because third-party software components are
Externí odkaz:
http://arxiv.org/abs/2310.14117
Software repositories, used for wide-scale open software distribution, are a significant vector for security attacks. Software signing provides authenticity, mitigating many such attacks. Developer-managed signing keys pose usability challenges, but
Externí odkaz:
http://arxiv.org/abs/2305.06463
Autor:
Quiñones-Vico MI, Ubago-Rodríguez A, Fernández-González A, Sanabria-de la Torre R, Sierra-Sánchez Á, Montero-Vilchez T, Sánchez-Díaz M, Arias JL, Arias-Santiago S
Publikováno v:
International Journal of Nanomedicine, Vol Volume 19, Pp 7895-7926 (2024)
María I Quiñones-Vico,1– 4,* Ana Ubago-Rodríguez,1– 3,* Ana Fernández-González,1– 3 Raquel Sanabria-de la Torre,2,5 Álvaro Sierra-Sánchez,1– 3,5 Trinidad Montero-Vilchez,2,6 Manuel Sánchez-Díaz,2,6 José L Arias,2,7,8 Salvado
Externí odkaz:
https://doaj.org/article/08df6379acdf4ea48060c4c32d9c1659
