Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, James C. Davis

TL;DR

The paper addresses software supply chain vulnerability by formalizing a four-stage attack model and three security properties—transparency, validity, and separation. It then develops a framework to map diverse security practices to these properties and analyzes major approaches, including end-to-end systems (in-toto, Sigstore) and security frameworks (SCIM, SLSA, CNCF). Through case studies, it reveals an artifacts-focused bias and highlights gaps in addressing operations and actors, advocating defense-in-depth and integrated solutions. The work provides a practical reference to help system integrators, researchers, and vendors compare security postures and design more robust software supply chains. It emphasizes cohesive application of all three properties to reduce exploitation risk in real-world pipelines.

Abstract

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques

SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

TL;DR

The paper addresses software supply chain vulnerability by formalizing a four-stage attack model and three security properties—transparency, validity, and separation. It then develops a framework to map diverse security practices to these properties and analyzes major approaches, including end-to-end systems (in-toto, Sigstore) and security frameworks (SCIM, SLSA, CNCF). Through case studies, it reveals an artifacts-focused bias and highlights gaps in addressing operations and actors, advocating defense-in-depth and integrated solutions. The work provides a practical reference to help system integrators, researchers, and vendors compare security postures and design more robust software supply chains. It emphasizes cohesive application of all three properties to reduce exploitation risk in real-world pipelines.

Abstract

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques
Paper Structure (17 sections, 2 figures, 2 tables)

This paper contains 17 sections, 2 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Supply Chain Attacks and Security Properties
  4. Supply Chain Attacks
  5. Security Properties for Software Supply Chains
  6. Analysis of Security Properties
  7. Mapping Proposals to Security Properties
  8. Promoting Transparency
  9. Promoting Validity
  10. Promoting Separation
  11. Mapping Embodiments to Security Properties
  12. Package Repositories
  13. Development Environments
  14. End-to-end Solutions
  15. Security Frameworks
  16. ...and 2 more sections

Figures (2)

  • Figure 1: A software supply chain with focus on a single link. Actors manage components and connections within and between links. Therefore, actors manage security. Security depends on upstream and downstream transparency, link validity via component integrity and actor authentication, and logical separation between components and links.
  • Figure 2: Four stage software supply chain attack pattern. Attackers begin with an initial compromise before making some malicious alteration to the supply chain. This change then propagates down the supply chain where attackers exploit the introduced weakness(es).