University of Cambridge > > Computer Laboratory Security Seminar > Securing Supply Chains with Compilers

Securing Supply Chains with Compilers

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Hridoy Sankar Dutta.

In this talk we will present a new technique for identifying software supply chain attacks. Supply chain attacks are particularly powerful due to their ability to affect many victims through the compromise of a single shared dependency. While supply chain attacks are not new, they have received significant industry, government, and research attention following multiple high-profile attacks such as SolarWinds and Log4j. The techniques we will present inject metadata into compiled binaries to track the recursive set of dependencies used in its creation. This information is stored in a highly efficient probabilistic data structure to form the Automatic Bill of Materials, or ABOM . In the talk, we will describe the design of the ABOM and outline our vision for how it could be used to perform faster mitigation in future supply chain attacks.

RECORDING : Please note, this event will be recorded and will be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2024, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity