Supply Chain Security

In the computer science field, security has generally been piecemeal in nature, rather than a holistic operation that can guarantee the security of a project from end to end. Faculty and students at the Center for Cybersecurity have been actively engaged in changing this perspective by developing and implementing both software and hardware supply chain defenses. These strategies include identifying flaws in microchips, ensuring consistency and quality control in digitally-manufactured products, adding transparency and accountability to each step in the software supply chain, and utilizing financial incentives as a defensive strategy.

Relevant Faculty

1. Justin Cappos
2. Brendan Dolan-Gavitt
3. Nikhil Gupta
4. Nasir Memon

Lab/Center Links

1. MESS Lab
2. Secure Systems Lab

Sample Projects/Papers/Programs

1. In-toto
2. The Update Framework (TUF)
3. Uptane
4. The Archive Framework
5. “Cyber Insurance Against Cyberattacks on Electric Vehicle Charging Stations”
6. “Computational Sensor Fingerprints”
7. “On omitting commits and committing omissions: Preventing git metadata tampering that (re) introduces software vulnerabilities”
8. A Python toolbox for modeling and optimization of photo acquisition & distribution pipelines

Grants

1. Reducing Container Kernel Attack Surface with TRACKS-NSF 
2. NSF SaTC: TTP: Medium: Securing Python’s Software Supply Chain
3. NSF SaTC: TTP: Medium: Collaborative: Securing the Software Supply Chain
4. 2022 NSF CAREER Award (to Brendan Dolan-Gavitt to support improved ways to assess vulnerability discovery tools)