Abstract

In this talk we will present a new technique for identifying software supply chain attacks. Supply chain attacks are particularly powerful due to their ability to affect many victims through the compromise of a single shared dependency. While supply chain attacks are not new, they have received significant industry, government, and research attention following multiple high-profile attacks such as SolarWinds and Log4j. The techniques we will present inject metadata into compiled binaries to track the recursive set of dependencies used in its creation. This information is stored in a highly efficient probabilistic data structure to form the Automatic Bill of Materials, or ABOM . In the talk, we will describe the design of the ABOM and outline our vision for how it could be used to perform faster mitigation in future supply chain attacks.

RECORDING : Please note, this event will be recorded and will be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.