Login

seminars

Detail

Publication date: 19 de February, 2025

Providing Privacy, Integrity and Transparency for Next Generation Software Supply Chains

Most modern software relies on a large amount of third party software, tools, platforms and libraries – this is also called a software supply chain. Given the large scale modern supply chains, attackers – cyber-criminals and state-sponsored APTs alike – are able to break into major software products by targeting such third party components. As such, new techniques to secure the software supply chain are needed.

However, given the heterogeneity of needs in the software world, providing security guarantees for the supply chain often requires a balance between privacy, integrity and transparency for all stakeholders involved. In this talk, Prof. Torres-Arias will provide an overview of software supply chain attack vectors, outline systems used to protect against these, and showcase existing applications of these systems to protect modern software applications.

Presenter

Santiago Torres Arias (Purdue University, USA)
URL https://videoconf-colibri.zoom.us/j/92950889155?pwd=YXN6MFNwaDVxbGh4RHQ5d3N0VWhLUT09
Date 26/02/2025 2:00 pm
Host Bio Dr. Torres-Arias is an Assistant Professor at Purdue's Electrical and Computer Engineering Department. His interests include binary analysis, cryptography, distributed systems, and security-oriented software engineering. His current research focuses on securing the software development lifecycle, cloud security, and developer privacy. Dr. Torres-Arias is also a regular contributor to open source, is a member of the Arch Linux security and has contributed patches to F/OSS projects of various degrees of scale, including Git, the Linux Kernel, Reproducible Builds, among others. Through his continued contribution to open source, his projects are often practice-oriented and quickly translated into large-scale practical deployments deployments. Current efforts include the development of Graph for Understanding Artifact Composition (GUAC) as well as the lead of the in-toto (USENIX Security '19, used by Google, GitHub, Lockheed Martin, and others) and Sigstore (CCS '22, '23, used by NPM, Verizon, and Autodesk, among others) projects.