Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Finding Software Supply Chain Attack Paths with Logical Attack Graphs

Luıs Soeiro, Thomas Robert, Stefano Zacchiroli

TL;DR

The paper tackles the challenge of modeling Software Supply Chain (SSC) attacks within Logical Attack Graphs generated by MulVal. It introduces an extension that adds SSC-specific predicates and inference rules to bridge SSC threat propagation with existing network-based analysis, including build-environment isolation and artifact authenticity. By modeling SSC assets, their dependencies, malicious artifacts, and security controls, the approach enables inference of complex, interleaved attack paths that neither traditional MulVal nor SSC analyses alone could reveal. The resulting attack graphs support targeted investigation and mitigation of real-world SSC attacks, with replication materials and scenarios illustrating the approach and its practical impact.

Abstract

Cyberattacks are becoming increasingly frequent and sophisticated, often exploiting the software supply chain (SSC) as an attack vector. Attack graphs provide a detailed representation of the sequence of events and vulnerabilities that could lead to a successful security breach in a system. MulVal is a widely used open-source tool for logical attack graph generation in networked systems. However, its current lack of support for capturing and reasoning about SSC threat propagation makes it unsuitable for addressing modern SSC attacks, such as the XZ compromise or the 3CX double SSC attack. To address this limitation, we propose an extension to MulVal that integrates SSC threat propagation analysis with existing network-based threat analysis. This extension introduces a new set of predicates within the familiar MulVal syntax, enabling seamless integration. The new facts and interaction rules model SSC assets, their dependencies, interactions, compromises, additional security mechanisms, initial system states, and known threats. We explain how this integration operates in both directions and demonstrate the practical application of the extension.

Finding Software Supply Chain Attack Paths with Logical Attack Graphs

TL;DR

The paper tackles the challenge of modeling Software Supply Chain (SSC) attacks within Logical Attack Graphs generated by MulVal. It introduces an extension that adds SSC-specific predicates and inference rules to bridge SSC threat propagation with existing network-based analysis, including build-environment isolation and artifact authenticity. By modeling SSC assets, their dependencies, malicious artifacts, and security controls, the approach enables inference of complex, interleaved attack paths that neither traditional MulVal nor SSC analyses alone could reveal. The resulting attack graphs support targeted investigation and mitigation of real-world SSC attacks, with replication materials and scenarios illustrating the approach and its practical impact.

Abstract

Cyberattacks are becoming increasingly frequent and sophisticated, often exploiting the software supply chain (SSC) as an attack vector. Attack graphs provide a detailed representation of the sequence of events and vulnerabilities that could lead to a successful security breach in a system. MulVal is a widely used open-source tool for logical attack graph generation in networked systems. However, its current lack of support for capturing and reasoning about SSC threat propagation makes it unsuitable for addressing modern SSC attacks, such as the XZ compromise or the 3CX double SSC attack. To address this limitation, we propose an extension to MulVal that integrates SSC threat propagation analysis with existing network-based threat analysis. This extension introduces a new set of predicates within the familiar MulVal syntax, enabling seamless integration. The new facts and interaction rules model SSC assets, their dependencies, interactions, compromises, additional security mechanisms, initial system states, and known threats. We explain how this integration operates in both directions and demonstrate the practical application of the extension.

Paper Structure

This paper contains 17 sections, 3 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related work
  3. Background
  4. A MulVal extension for SSC
  5. Approach
  6. Modeling SSC assets and their interactions
  7. Malicious software artifacts
  8. Modeling security mechanisms in SSC
  9. Isolation of build environments
  10. Authenticity of software artifacts
  11. Integration of SSC threat propagation with MulVal
  12. Vulnerable software propagation
  13. Propagation of malicious software and asset compromises
  14. Detecting real-world SSC attacks
  15. Discussion
  16. ...and 2 more sections

Figures (3)

  • Figure 1: The software supply chain for software artifacts sa5 e sa6
  • Figure 2: A pruned attack graph generated for the SSC of $sa5$.
  • Figure 3: Intertwined rules (orange and purple) for the 3CX attack graph