Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM Future
Boming Xia1, Dawen Zhang2, Yue Liu1, Qinghua Lu1, Zhenchang Xing2, Liming Zhu1. 1: CSIRO’s Data61 & University of New South Wales; 2: CSIRO’s Data61 & Australian National University.
Abstract:
The robustness of critical infrastructure systems is contingent upon the integrity and transparency of their software supply chains. A Software Bill of Materials (SBOM) is pivotal in this regard, offering an exhaustive inventory of components and dependencies crucial to software development. However, prevalent challenges in SBOM sharing, such as data tampering risks and vendors’ reluctance to fully disclose sensitive information, significantly hinder its effective implementation. These challenges pose a notable threat to the security of critical infrastructure and systems where transparency and trust are paramount, underscoring the need for a more secure and flexible mechanism for SBOM sharing. To bridge the gap, this study introduces a blockchain-empowered architecture for SBOM sharing, leveraging verifiable credentials to allow for selective disclosure. This strategy not only heightens security but also offers flexibility. Furthermore, this paper broadens the remit of SBOM to encompass AI systems, thereby coining the term AI Bill of Materials (AIBOM). The advent of AI and its application in critical infrastructure necessitates a nuanced understanding of AI software components, including their origins and interdependencies. The evaluation of our solution indicates the feasibility and flexibility of the proposed SBOM sharing mechanism, positing a solution for safeguarding (AI) software supply chains, which is essential for the resilience and reliability of modern critical infrastructure systems.
Mon 15 AprDisplayed time zone: Lisbon change
11:00 - 12:30 | Developing secure software and Industrial ChallengesEnCyCriS/SVM at Amadeo de Souza-Cardoso Chair(s): Awais Rashid University of Bristol, UK, John Eidar Simensen IFE | ||
11:00 20mFull-paper | Trust in Software Supply Chains: Blockchain-Enabled SBOM and the AIBOM Future EnCyCriS/SVM A: Boming Xia CSIRO's Data61 & University of New South Wales, A: Dawen (David) Zhang CSIRO's Data61, A: Yue Liu , A: Qinghua Lu Data61, CSIRO, A: Zhenchang Xing CSIRO’s Data61; Australian National University, A: Liming Zhu CSIRO’s Data61 | ||
11:20 20mFull-paper | Interplay of Digital Twins and Cyber Deception: Unraveling Paths for Technological Advancements EnCyCriS/SVM A: Jessica Heluany Norwegian University of Science and Technology NTNU, A: Ahmed Amro Norwegian University of Science and Technology NTNU, A: Vasileios Gkioulos NTNU, A: Sokratis Katsikas Norwegian University of Science and Technology (NTNU) | ||
11:40 45mKeynote | Keynote: Current threats and challenges for securing OT/IoT systems EnCyCriS/SVM |