Using blockchain to secure the software supply chain

Code: DAP/22-03

Active

Funding: Defence Funded Research

Start: August 2023

End: August 2027

When developing software, developers and companies usually rely on numerous external libraries. According to GitHub State of the Octoverse Report 2019 [1], open-source projects have an average of 180 package dependencies. The same goes for commercial and closed-source software, although no official numbers are available.

For an attacker, it is enough to compromise one of these dependencies to break into the network or data of the final user of the software [3]. This technique has proven extremely effective, and hence is increasingly used by attackers [2].

This supply chain attack technique can be applied to any programming language and dependency management tool: PHP/composer, Python/PIP, DotNET/NuGet, Java/Maven. All these dependency management systems rely on a central system storing the details of available libraries.

In this project, we plan to study how these central systems can be replaced by a distributed system relying on blockchain. A blockchain system is often compared to a distributed ledger. It allows to guarantee the integrity of stored data: no record can be inserted or modified in the database of libraries without being detected by the users of the database. This property would allow to create a software supply chain that would be protected against supply chain attacks.

References

  1. GitHub State of the Octoverse Report, 2019 https://github.blog/2019-11-06-the-state-of-the-octoverse-2019/
  2. Microsoft Digital Defense Report, September 2020 https://www.microsoft.com/en-us/download/details.aspx?id=101738
Ethereum under the hood

Blockchain Ethereum

If you have already looked at blockchain technology, you might have noticed that two different names are often opposed:

Read
Deploy smart contract to a local blockchain

Blockchain Smart Contract Ethereum

When starting to develop a smart contract it can sometimes be difficult and confusing how to deploy them and test them. You have the well known online tools like remix but sometimes you prefer to do stuff locally.

Read
BeMilCIS2019 : Blockchain for dummies

Blockchain

Today we are proud to present a paper at BeMilCIS conference entitled Blockchain for dummies.

Read
A simple java implementation of Blockchain

Blockchain

Blockchain is currently a very hot research topic. To understand how it works and what it can achieve, here is a simple java implementation.

Read
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept