Protection Mechanism against Software Supply Chain Attacks through Blockchain

2023 International Conference on Communication Technologies (ComTech) Pub Date : 2023-03-15 DOI:10.1109/ComTech57708.2023.10164932

Muhammad Zeeshan Malik, Syed Zain Ali Bukhari

{"title":"Protection Mechanism against Software Supply Chain Attacks through Blockchain","authors":"Muhammad Zeeshan Malik, Syed Zain Ali Bukhari","doi":"10.1109/ComTech57708.2023.10164932","DOIUrl":null,"url":null,"abstract":"Software supply chain attack is exceptionally fatal, overwhelmingly rapid, and almost effortless on the part of the attacker. A single compromise or hack can lead to multiple businesses sufferings because suppliers and providers have a vast user network. Protection against software supply chain attacks is being achieved through some outdated concepts like honeytokens and privileged pathway, but an integrated and proper mechanism is still lacking. In recent years, blockchain technology represents a fundamental shift that can replace conventional business models that rely on third parties for trust. This paper proposes a protection mechanism through validity concept with the implementation of blockchain to retain an immutable and trustworthy record of propagating payload (i.e., official update) that is transmitted across the supply chain systems. Blockchain can be used to circumvent these supply chain attacks by keeping a digital log of all propagating information. Each block contains the information regarding validity of propagating data, based on this an official update can be accepted or rejected.","PeriodicalId":203804,"journal":{"name":"2023 International Conference on Communication Technologies (ComTech)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 International Conference on Communication Technologies (ComTech)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ComTech57708.2023.10164932","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Software supply chain attack is exceptionally fatal, overwhelmingly rapid, and almost effortless on the part of the attacker. A single compromise or hack can lead to multiple businesses sufferings because suppliers and providers have a vast user network. Protection against software supply chain attacks is being achieved through some outdated concepts like honeytokens and privileged pathway, but an integrated and proper mechanism is still lacking. In recent years, blockchain technology represents a fundamental shift that can replace conventional business models that rely on third parties for trust. This paper proposes a protection mechanism through validity concept with the implementation of blockchain to retain an immutable and trustworthy record of propagating payload (i.e., official update) that is transmitted across the supply chain systems. Blockchain can be used to circumvent these supply chain attacks by keeping a digital log of all propagating information. Each block contains the information regarding validity of propagating data, based on this an official update can be accepted or rejected.

查看原文本刊更多论文

基于区块链的软件供应链攻击防护机制

软件供应链攻击是异常致命的，极其迅速，而且攻击者几乎毫不费力。由于供应商和供应商拥有庞大的用户网络，一个单一的妥协或黑客攻击可能会导致多个企业遭受损失。针对软件供应链攻击的防护是通过一些过时的概念来实现的，比如蜂蜜令牌(honeytoken)和特权路径(privileged pathway)，但仍然缺乏一个完整和适当的机制。近年来，区块链技术代表了一种根本性的转变，可以取代依赖第三方获得信任的传统商业模式。本文通过有效性概念提出了一种保护机制，通过区块链的实现来保留在整个供应链系统中传输的传播有效载荷(即官方更新)的不可变和可信记录。区块链可以通过保存所有传播信息的数字日志来规避这些供应链攻击。每个块包含有关传播数据有效性的信息，基于此可以接受或拒绝官方更新。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 International Conference on Communication Technologies (ComTech)

自引率

0.00%

发文量