Construction of Software Supply Chain Threat Portrait Based on Chain Perspective

Maoyang Wang; Peng Wu; Qin Luo

doi:10.3390/math11234856

Mathematics (Dec 2023)

Construction of Software Supply Chain Threat Portrait Based on Chain Perspective

Maoyang Wang,
Peng Wu,
Qin Luo

Affiliations

Maoyang Wang: School of Computer Science, Southwest Petroleum University, Chengdu 610500, China
Peng Wu: School of Information and Engineering, Sichuan Tourism University, Chengdu 610100, China
Qin Luo: School of Computer Science, Southwest Petroleum University, Chengdu 610500, China

DOI: https://doi.org/10.3390/math11234856
Journal volume & issue: Vol. 11, no. 23
p. 4856

Abstract

Read online

With the rapid growth of the software industry, the software supply chain (SSC) has become the most intricate system in the complete software life cycle, and the security threat situation is becoming increasingly severe. For the description of the SSC, the relevant research mainly focuses on the perspective of developers, lacking a comprehensive understanding of the SSC. This paper proposes a chain portrait framework of the SSC based on a resource perspective, which comprehensively depicts the threat model and threat surface indicator system of the SSC. The portrait model includes an SSC threat model and an SSC threat indicator matrix. The threat model has 3 levels and 32 dimensions and is based on a generative artificial intelligence model. The threat indicator matrix is constructed using the Attack Net model comprising 14-dimensional attack strategies and 113-dimensional attack techniques. The proposed portrait model’s effectiveness is verified through existing SSC security events, domain experts, and event visualization based on security analysis models.

Published in Mathematics

ISSN: 2227-7390 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Science: Mathematics
Website: http://www.mdpi.com/journal/mathematics

About the journal

Abstract

Keywords