Detection of software supply chain attacks in code repositories
| Main Author: | |
|---|---|
| Publication Date: | 2022 |
| Format: | Master thesis |
| Language: | eng |
| Source: | Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| Download full: | http://hdl.handle.net/10773/38716 |
Summary: | Nowadays, the supply chain concept is something intrinsically deep-rooted in the software development life cycle; from the source code and dependencies that are inserted into the software, to its release. With the growing need to shift security left in the development, every step, and material that influences software needs to be secured. However, not all phases within the software supply chain are protected, and malicious actors exploit this lack of security to insert malicious code in the software code repositories. Through account takeovers, attackers can introduce themselves in the code repositories, and with meticulous planning create trojanized software. The 2019 SolarWinds attack is a perfect example that shows the extent that supply chain attacks can have. This dissertation is presented how malicious actions in the repositories can be classified as anomalies within the developers’ behaviours. From the users’ actions in the repositories, metrics are calculated and utilized to create behaviour profiles that are then used to detect anomalous behaviours. |
| id |
RCAP_640e4dcc2b361d98f50b9f601d618f7f |
|---|---|
| oai_identifier_str |
oai:ria.ua.pt:10773/38716 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository_id_str |
https://opendoar.ac.uk/repository/7160 |
| spelling |
Detection of software supply chain attacks in code repositoriesSupply chainAnomaly detectionRepositoriesMalicious codeSupport vector machinesSimulationsNowadays, the supply chain concept is something intrinsically deep-rooted in the software development life cycle; from the source code and dependencies that are inserted into the software, to its release. With the growing need to shift security left in the development, every step, and material that influences software needs to be secured. However, not all phases within the software supply chain are protected, and malicious actors exploit this lack of security to insert malicious code in the software code repositories. Through account takeovers, attackers can introduce themselves in the code repositories, and with meticulous planning create trojanized software. The 2019 SolarWinds attack is a perfect example that shows the extent that supply chain attacks can have. This dissertation is presented how malicious actions in the repositories can be classified as anomalies within the developers’ behaviours. From the users’ actions in the repositories, metrics are calculated and utilized to create behaviour profiles that are then used to detect anomalous behaviours.Actualmente, o conceito de cadeia de desenvolvimento é algo intrinsecamente vinculado no ciclo de vida do desenvolvimento de software; desde o código fonte e dependências que são inseridas no software, até o software estar disponível a ser distribuído e usado. Com a crescente necessidade de integrar práticas de segurança na cadeia de desenvolvimento, cada etapa e material que influencia o software precisa de ser protegido. No entanto, nem todas as fases da cadeia de fornecimento de software são protegidas e os agentes mal-intencionados exploram essa falta de segurança para inserir código malicioso nos repositórios de código. Depois de obterem acesso ilícito a uma conta de um contribuidor, os atacantes inserem-se nos repositórios de código e, com um plano meticuloso, criam software "trojanizado". O ataque que ocorreu em 2019 à empresa SolarWinds, é um exemplo perfeito que mostra a dimensão que os ataques na cadeia de desenvolvimento podem ter. Nesta dissertação é apresentado como acções maliciosas nos repositórios podem ser classificadas como anomalias nos comportamentos dos contribuidores. A partir das acções dos utilizadores nos repositórios, métricas são calculadas e utilizadas para criar perfis de comportamento que são usados para detectar comportamentos anómalos.2023-07-17T13:22:22Z2022-12-19T00:00:00Z2022-12-19info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/38716engCorreia, Miguel Luís Pereirainfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-05-06T04:47:30Zoai:ria.ua.pt:10773/38716Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T14:20:27.048582Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse |
| dc.title.none.fl_str_mv |
Detection of software supply chain attacks in code repositories |
| title |
Detection of software supply chain attacks in code repositories |
| spellingShingle |
Detection of software supply chain attacks in code repositories Correia, Miguel Luís Pereira Supply chain Anomaly detection Repositories Malicious code Support vector machines Simulations |
| title_short |
Detection of software supply chain attacks in code repositories |
| title_full |
Detection of software supply chain attacks in code repositories |
| title_fullStr |
Detection of software supply chain attacks in code repositories |
| title_full_unstemmed |
Detection of software supply chain attacks in code repositories |
| title_sort |
Detection of software supply chain attacks in code repositories |
| author |
Correia, Miguel Luís Pereira |
| author_facet |
Correia, Miguel Luís Pereira |
| author_role |
author |
| dc.contributor.author.fl_str_mv |
Correia, Miguel Luís Pereira |
| dc.subject.por.fl_str_mv |
Supply chain Anomaly detection Repositories Malicious code Support vector machines Simulations |
| topic |
Supply chain Anomaly detection Repositories Malicious code Support vector machines Simulations |
| description |
Nowadays, the supply chain concept is something intrinsically deep-rooted in the software development life cycle; from the source code and dependencies that are inserted into the software, to its release. With the growing need to shift security left in the development, every step, and material that influences software needs to be secured. However, not all phases within the software supply chain are protected, and malicious actors exploit this lack of security to insert malicious code in the software code repositories. Through account takeovers, attackers can introduce themselves in the code repositories, and with meticulous planning create trojanized software. The 2019 SolarWinds attack is a perfect example that shows the extent that supply chain attacks can have. This dissertation is presented how malicious actions in the repositories can be classified as anomalies within the developers’ behaviours. From the users’ actions in the repositories, metrics are calculated and utilized to create behaviour profiles that are then used to detect anomalous behaviours. |
| publishDate |
2022 |
| dc.date.none.fl_str_mv |
2022-12-19T00:00:00Z 2022-12-19 2023-07-17T13:22:22Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10773/38716 |
| url |
http://hdl.handle.net/10773/38716 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP |
| instname_str |
FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| collection |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository.name.fl_str_mv |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| repository.mail.fl_str_mv |
info@rcaap.pt |
| _version_ |
1833594512476209152 |