event
PhD Defense by Feng Xiao
Primary tabs
Title
Understanding and Mitigating Security Threats in Software Supply Chain
Feng Xiao
Ph.D. Candidate in Computer Science
School of Cybersecurity and Privacy
Georgia Institute of Technology
Date/Time: Nov 17, 2023, 2:00 PM to 4:00 PM Eastern Time (US and Canada)
Location: Coda C0915 Atlantic or join with zoom
Committee:
Dr. Wenke Lee (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Brendan Saltaformaggio, School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Saman Zonouz, School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Frank Li, School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Guangliang Yang, School of Computer Science, Fudan University
Abstract:
Modern software heavily relies on the software supply chain ecosystem to boost development efficiency and reduce costs. Unfortunately, the inherent vastness, complexity, and interdependence of the software supply chain often render existing security techniques inadequate. Traditional methods often fall short in thoroughly understanding and validating the software supply chain. They also tend to overlook new risks that emerge.
To tackle the rising threats, I propose novel and efficient program analysis abstractions for the software supply chain, and implement these abstractions into a robust, end-to-end program analysis framework. In the defense, I first present LYNX and JASMINE, which are automatic tools to assist developers in understanding the security-related properties of complex supply chain software. Next, I will present XGuard, a tool designed for developers to implement robust and efficient security protection. This tool utilizes the comprehensive security properties identified by LYNX and JASMINE to automatically generate detailed protection policies. With the policy, XGuard ensures the integrity of data and control flow within the supply chain software.
Groups
Status
- Workflow Status:Published
- Created By:Tatianna Richardson
- Created:11/03/2023
- Modified By:Tatianna Richardson
- Modified:11/03/2023
Categories
Keywords
Target Audience