.d8888b.  888    888        d8888 8888888 888b    888  .d8888b.  
d88P  Y88b 888    888       d88888   888   8888b   888 d88P  Y88b 
888    888 888    888      d88P888   888   88888b  888 Y88b.      
888        8888888888     d88P 888   888   888Y88b 888  "Y888b.   
888        888    888    d88P  888   888   888 Y88b888     "Y88b. 
888    888 888    888   d88P   888   888   888  Y88888       "888 
Y88b  d88P 888    888  d8888888888   888   888   Y8888 Y88b  d88P 
 "Y8888P"  888    888 d88P     888 8888888 888    Y888  "Y8888P"  

Consistent Hardening and Analysis of Software Supply Chains

Software research for hardening the software supply chain, incl. reproducible, bootstrappable and verifiable builds and SBOMs. The project is funded by the Swedish Foundation for Strategic research (SSF). We are recruiting PhD students, software engineers, postdocs, and interns, get in touch!

    <dependency>
      <groupId>com.martiansoftware</groupId>
      <artifactId>jsap</artifactId>
      <version>2.1</version>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
      <version>1.7.36</version>
    </dependency>
    <dependency>
      <groupId>commons-io</groupId>
      <artifactId>commons-io</artifactId>
      <version>2.11.0</version>
    </dependency>

Papers and Theses

• Challenges of Producing Software Bill Of Materials for Java, arXiv March 2023
• Diverse Double-Compiling to Harden Cryptocurrency Software, Master’s thesis Niklas Rosencrantz, 2023
• The Multibillion Dollar Software Supply Chain of Ethereum, IEEE Computer, 2022
• Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js, Usenix Security 2023

Posts

• Software supply chain attacks on crypto infrastructure
• NixCon 2022 summary

Team

• Musard Balliu
• Benoit Baudry
• Sofia Bobadilla
• Mathias Ekstedt
• Martin Monperrus
• Javier Ron
• Aman Sharma
• Mikhail Shcherbakov
• César Soto-Valero
• Liu Yuxin
• Long Zhang
• Gabriel Skoglund
• Arvid Siberov
• Linus Östlund
• Martin Wittlinger
• Frank Reyes

Events & Talks

• Apr 21 2023: 2nd Workshop on the Software Supply Chain @ KTH. Keynote Speakers: Christian Collberg, Stefano Zacchiroli
• Mar 08 2023: SBOM for Alpine Linux. Speaker: Hans Thorsen Lamm.
• Jan 19 2023: Talk: The software supply chain of crypto Decentralization meetup Stockholm, Speaker: Martin Monperrus
• Dec 08 2022: Software bloat in PyPI. Speaker: Georgios Drosos (Athens University of Economics and Business)
• Nov 15 2022: Building Robust Software Supply Chains at STEW’22. Speaker: Benoit Baudry
• Sep 30 2022: 1st Workshop on the Software Supply Chain @ KTH
• Sep 20 2022: Open-source security analysis @SAP. Speakers: Henrik Plate (SAP), Serena Elisa Ponta (SAP)
• Jun 14 2022: Building Robust Software Supply Chains at XP’22. Speaker: Benoit Baudry

Press

• June 17 2022: Framtidens Forskning (In Swedish)

Repositories

See https://github.com/chains-project/

Master / Internship topics

• https://www.kth.se/profile/musard/page/master-thesis-in-security-and-privacy?l=en
• https://softwarediversity.eu/topics/
• https://www.monperrus.net/martin/topics.

This site is open source. Improve this page.