Logo des Repositoriums

Auflistung nach Schlagwort "Supply Chain Security"

1 - 3 von 3
  • Konferenzbeitrag
    MANTRA: A Graph-based Unified Information Aggregation Foundation for Enhancing Cybersecurity Management in Critical Infrastructures
    (Open Identity Summit 2023, 2023) Fuxen, Philipp; Hackenberg, Rudolf; Heinl, Michael P.; Ross, Mirko; Roßnagel, Heiko; Schunck, Christian H.; Yahalom, Raphael
    The digitization of almost all sectors of life and the quickly growing complexity of interrelationships between actors in this digital world leads to a dramatically increasing attack surface regarding both direct and also indirect attacks over the supply chain. These supply chain attacks can have different characters, e.g., vulnerabilities and backdoors in hardware and software, illegitimate access by compromised service providers, or trust relationships to suppliers and customers exploited in the course of business email compromise. To address this challenge and create visibility along these supply chains, threat-related data needs to be rapidly exchanged and correlated over organizational borders. The publicly funded project MANTRA is meant to create a secure and resilient framework for real-time exchange of cyberattack patterns and automated, contextualized risk management. The novel graph-based approach provides benefits for automation regarding cybersecurity management, especially when it comes to prioriization of measures for risk reduction and during active defense against cyberattacks. In this paper, we outline MANTRA’s scope, objectives, envisioned scientific approach, and challenges.
  • Konferenzbeitrag
    MINERVA: Secure Collaborative Machine Tool Data Utilization Leveraging Confidentiality-Protecting Technologies
    (Open Identity Summit 2024, 2024) Ludwig, Andy; Heinl, Michael P.; Giehl, Alexander
    The digitization of shop floors opens up opportunities for innovative applications and business models due to the vast amount of generated data. However, a lot of this potential is currently not utilized because companies consider the risk of data sharing as too high compared to the corresponding benefit. Focusing on the machine tool sector, the research project MINERVA addresses these concerns by experimentally repurposing privacy-enhancing technologies as confidentialityprotecting technologies and applying them to the use case of condition monitoring to protect intellectual property and other information deemed critical by machine tool operators. Thereby, MINERVA’s goal is to reduce the risk of data sharing and support the establishment of data-driven business models in the machine tool sector in the long term.
  • Konferenzbeitrag
    Reproducible Builds and Insights from an Independent Verifier for Arch Linux
    (Sicherheit 2024, 2024) Drexel, Joshua; Hänggi, Esther; Veiga, Iyán Méndez
    Supply chain attacks have emerged as a prominent cybersecurity threat in recent years. Reproducible and bootstrappable builds have the potential to reduce such attacks significantly. In combination with independent, exhaustive and periodic source code audits, these measures can effectively eradicate compromises in the building process. In this paper we introduce both concepts, we analyze the achievements over the last ten years and explain the remaining challenges. We contribute to the reproducible builds effort by setting up a rebuilder and verifier instance to test the reproducibility of Arch Linux packages. Using the results from this instance, we uncover an unnoticed and security-relevant packaging issue affecting 16 packages related to Certbot, the recommended software to install TLS certificates from Let’s Encrypt, making them unreproducible. Additionally, we find the root cause of unreproduciblity in the source code of fwupd, a critical software used to update device firmware on Linux devices, and submit an upstream patch to fix it.