skip to main content
10.1145/3560835.3564550acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Exorcist: Automated Differential Analysis to Detect Compromises in Closed-Source Software Supply Chains

Published: 08 November 2022 Publication History

Abstract

The insertion of trojanised binaries into supply chains are a particularly subtle form of cyber-attack that require a multi-staged and complex deployment methodology to implement and execute. In the years preceding this research there has been a spike in closed-source software supply chain attacks used to attack downstream clients or users of a company. To detect this attack type, we present an approach to detecting the insertion of malicious functionality in supply chains via differential analysis of binaries. This approach determines whether malicious functionality has been inserted in a particular build by looking for indicators of maliciousness. We accomplish this via automated comparison of a known benign build to successive potentially malicious versions. To substantiate this approach we present a system, Exorcist, that we have designed, developed and evaluated as capable of detecting trojanised binaries in Windows software supply chains. In evaluating this system we analyse 12 samples from high-profile APT attacks conducted via the software supply chain.

References

[1]
Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, and Christopher Kruegel. 2020. When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. In Network and Distributed System Security (NDSS) Symposium. Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2020.24310
[2]
Jia-Ju Bai, Julia Lawall, Qiu-Liang Chen, and Shi-Min Hu. 2019. Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, 255--268. https://www.usenix.org/conference/atc19/presentation/bai
[3]
Eric Baize. 2012. Developing Secure Products in the Age of Advanced Persistent Threats. IEEE Security Privacy, Vol. 10, 3 (2012), 88--92. https://doi.org/10.1109/MSP.2012.65
[4]
Sebastian Banescu, Christian Collberg, Vijay Ganesh, Zack Newsham, and Alexander Pretschner. 2016. Code Obfuscation against Symbolic Execution Attacks. In Annual Computer Security Applications Conference (ACSAC). Los Angeles, CA, USA.
[5]
Sebastian Banescu and Alexander Pretschner. 2018. A Tutorial on Software Obfuscation. Advances in Computers, Vol. 108 (2018), 283--353.
[6]
F Barr-Smith, X Ugarte-Pedrero, M Graziano, R Spolaor, and I Martinovic. 2021. Survivalism: Systematic Analysis of Windows Malware Living-Off-the-Land. In 2021 2021 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 806--823. https://doi.org/10.1109/SP40001.2021.00047
[7]
Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, and Engin Kirda. 2009a. Scalable, behavior-based malware clustering. In NDSS 2009, 16th Annual Network and Distributed System Security Symposium, February 8--11, 2009, San Diego, USA, ISOC (Ed.). San Diego.
[8]
Ulrich Bayer, Imam Habibi, Davide Balzarotti, Engin Kirda, and Christopher Kruegel. 2009b. A View on Current Malware Behaviors. In Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (Boston, MA) (LEET'09). USENIX Association, USA.
[9]
Tim Blazytko. 2021a. Automated Detection of Control-flow Flattening. https://synthesis.to/2021/03/03/flattening_detection.html.
[10]
Tim Blazytko. 2021b. Automated Detection of Obfuscated Code. https://synthesis.to/2021/08/10/obfuscation_detection.htmll.
[11]
Juriaan Bremer. 2022. ignore.c @ github.com. https://github.com/cuckoosandbox/monitor/blob/master/src/ignore.c
[12]
Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf Philipp Weinmann, Eric Rescorla, and Hovav Shacham. 2016. A systematic analysis of the Juniper Dual EC incident. Proceedings of the ACM Conference on Computer and Communications Security, Vol. 24--28-Octo (2016), 468--479. https://doi.org/10.1145/2976749.2978395
[13]
Binlin Cheng, Jiang Ming, Jianmin Fu, Guojun Peng, Ting Chen, Xiaosong Zhang, and Jean-Yves Marion. 2018. Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS '18). Association for Computing Machinery, Toronto, Canada, 395--411. https://doi.org/10.1145/3243734.3243771
[14]
Binlin Cheng, Jiang Ming, Erika A Leal, Haotian Zhang, Jianming Fu, Guojun Peng, and Jean-Yves Marion. 2021. Obfuscation-Resilient Executable Payload Extraction From Packed Malware. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3451--3468. https://www.usenix.org/conference/usenixsecurity21/presentation/cheng-binlin
[15]
Christian Collberg, Sam Martin, Jonathan Myers, and Bill Zimmerman. 2014. The Tigress diversifying C virtualizer. http://tigress.cs.arizona.edu/
[16]
Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A Taxonomy of Obfuscating Transformations. Technical Report 148. Department of Computer Sciences, The University of Auckland. http://www.cs.auckland.ac.nz/$sim$collberg/Research/Publications/CollbergThomborsonLow97a/index.html
[17]
Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In Proceedings of the 23rd USENIX Conference on Security Symposium (San Diego, CA) (SEC'14). USENIX Association, USA, 95--110.
[18]
Johannes Dahse and Thorsten Holz. 2014a. Simulation of Built-in PHP Features for Precise Static Code Analysis. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23--26, 2014. The Internet Society. https://www.ndss-symposium.org/ndss2014/simulation-built-php-features-precise-static-code-analysis
[19]
Johannes Dahse and Thorsten Holz. 2014b. Static detection of second-order vulnerabilities in web applications. Proceedings of the 23rd USENIX Security Symposium (2014), 989--1003. https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-dahse.pdf
[20]
Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2021. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21--25, 2021. The Internet Society. https://www.ndss-symposium.org/ndss-paper/towards-measuring-supply-chain-attacks-on-package-managers-for-interpreted-languages/
[21]
Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin. 2020. DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23--26, 2020. The Internet Society. https://www.ndss-symposium.org/ndss-paper/deepbindiff-learning-program-wide-code-representations-for-binary-diffing/
[22]
Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams. 2017. CCleanup: A Vast Number of Machines at Risk. Cisco's Talos Intelligence Group Blog (2017). http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
[23]
Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley. 2014. Blanket execution: Dynamic similarity testing for program binaries and components. Proceedings of the 23rd USENIX Security Symposium, 303--317. https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-egele.pdf
[24]
W Enck and L Williams. 2022. Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations. IEEE Security & Privacy, Vol. 20, 02 (mar 2022), 96--100. https://doi.org/10.1109/MSEC.2022.3142338
[25]
FireEye. 2021. M-Trends 2021 Report. Technical Report. https://content.fireeye.com/m-trends/rpt-m-trends-2021
[26]
Dan Geer, Bentz Tozer, and John Speed Meyers. 2020. For Good Measure: Counting Broken Links: A Quant's View of Software Supply Chain Security. login Usenix Mag., Vol. 45, 4 (2020). https://www.usenix.org/publications/login/winter2020/geer
[27]
Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and Davide Balzarotti. 2015. Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence. Proceedings of the 24th USENIX Security Symposium (2015), 1057--1072. http://www.s3.eurecom.fr/docs/usenixsec15_graziano.pdf
[28]
Andy Greenberg. 2018. The Untold Story of NotPetya, the Most Devastating Cyberattack in History.
[29]
Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Auré lien Francillon, Davide Balzarotti, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2019. Toward the analysis of embedded firmware through automated re-hosting. RAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses (2019), 135--150. https://www.usenix.org/system/files/raid2019-gustafson.pdf
[30]
Xueyuan Han, Thomas F. J.-M. Pasquier, Adam Bates 0001, James Mickens, and Margo Seltzer. 2020. Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23--26, 2020. The Internet Society. https://www.ndss-symposium.org/ndss-paper/unicorn-runtime-provenance-based-detector-for-advanced-persistent-threats/
[31]
Wajih Ul Hassan, Adam Bates, and Daniel Marino. 2020. Tactical Provenance Analysis for Endpoint Detection and Response Systems. In 2020 IEEE Symposium on Security and Privacy (SP). 1172--1189. https://doi.org/10.1109/SP40000.2020.00096
[32]
Danny Hendler, Shay Kels, and Amir Rubin. 2018. Detecting Malicious PowerShell Commands Using Deep Neural Networks. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (Incheon, Republic of Korea) (ASIACCS '18). Association for Computing Machinery, New York, NY, USA, 187--197. https://doi.org/10.1145/3196494.3196511
[33]
Benjamin Hof and Georg Carle. 2017. Software Distribution Transparency and Auditability. CoRR, Vol. abs/1711.07278 (2017). showeprint[arXiv]1711.07278 http://arxiv.org/abs/1711.07278
[34]
Doowon Kim, Bum Jun Kwon, and Tudor Dumitras. 2017. Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 1435--1448. https://doi.org/10.1145/3133956.3133958
[35]
Doowon Kim, Bum Jun Kwon, Kristiá n Kozá k, Christopher Gates, and Tudor Dumitra?. 2018. The broken Shield: Measuring revocation effectiveness in the windows code-signing PKI. Proceedings of the 27th USENIX Security Symposium (2018), 851--868. https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kim.pdf
[36]
Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and Xiao Feng Wang. 2009. Effective and efficient malware detection at the end host. Proceedings of the 18th USENIX Security Symposium (2009), 351--366. https://static.usenix.org/event/sec09/tech/full_papers/sec09_malware.pdf
[37]
Eugene Kolodenker, William Koch, Gianluca Stringhini, and Manuel Egele. 2017. PayBreak : Defense against cryptographic ransomware. ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security (2017), 599--611. https://doi.org/10.1145/3052973.3053035
[38]
Ralph Langner and Bruce Schneier. 2013. To Kill a Centrifuge. The Langner Group November (2013), 1--37. www.langner.com
[39]
Robert Lyda and James Hamrock. 2007. Using entropy analysis to find encrypted and packed malware. IEEE Security & Privacy, Vol. 5, 2 (2007), 40--45.
[40]
Mandiant. 2014. Tracking Malware with Import Hashing. https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html
[41]
Alessandro Mantovani, Simone Aonzo, Xabier Ugarte-Pedrero, Alessio Merlo, and Davide Balzarotti. 2020. Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23--26, 2020. https://www.ndss-symposium.org/ndss-paper/prevalence-and-impact-of-low-entropy-packing-schemes-in-the-malware-ecosystem/
[42]
Microsoft Threat Intelligence Center. 2021. HAFNIUM targeting Exchange Servers with 0-day exploits. https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
[43]
Jiang Ming, Dongpeng Xu, Yufei Jiang, and Dinghao Wu. 2017. BinSIM: Trace-based semantic binary diffing via system call sliced segment equivalence checking. Proceedings of the 26th USENIX Security Symposium (2017), 253--270. https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-ming.pdf
[44]
A Moser, C Kruegel, and E Kirda. 2007. Limits of Static Analysis for Malware Detection. In Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007). 421--430. https://doi.org/10.1109/ACSAC.2007.21
[45]
Dario Nisi, Mariano Graziano, Yanick Fratantonio, and Davide Balzarotti. 2021. Lost in the Loader:The Many Faces of the Windows PE File Format. In 24th International Symposium on Research in Attacks, Intrusions and Defenses (San Sebastian, Spain) (RAID '21). Association for Computing Machinery, New York, NY, USA, 177--192. https://doi.org/10.1145/3471621.3471848
[46]
Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020a. Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment, Clé mentine Maurice, Leyla Bilge, Gianluca Stringhini, and Nuno Neves (Eds.). Springer International Publishing, Cham, 23--43.
[47]
Marc Ohm, Arnold Sykosch, and Michael Meier. 2020b. Towards Detection of Software Supply Chain Attacks by Forensic Artifacts. In Proceedings of the 15th International Conference on Availability, Reliability and Security (Virtual Event, Ireland) (ARES '20). Association for Computing Machinery, New York, NY, USA, Article 65, 6 pages. https://doi.org/10.1145/3407023.3409183
[48]
Sean Peisert, Bruce Schneier, Hamed Okhravi, Fabio Massacci, Terry Benzel, Carl Landwehr, Mohammad Mannan, Jelena Mirkovic, Atul Prakash, and James Bret Michael. 2021. Perspectives on the SolarWinds Incident. IEEE Security & Privacy, Vol. 19, 2 (2021), 7--13. https://doi.org/10.1109/MSEC.2021.3051235
[49]
Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp, Fabian Yamaguchi, Konrad Rieck, Sascha Fahl, and Yasemin Acar. 2015. VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15). Association for Computing Machinery, New York, NY, USA, 426--437. https://doi.org/10.1145/2810103.2813604
[50]
Daniel Plohmann. 2022. Top 100 Windows API functions / DLLs observed (413 families, .NET excluded). https://malpedia.caad.fkie.fraunhofer.de/stats/api_dll_frequencies
[51]
Ramin Nafisi. 2021. FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor. https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
[52]
Paul Rascagneres. 2017. Disassembler and Runtime Analysis. https://blog.talosintelligence.com/2017/10/disassembler-and-runtime-analysis.html
[53]
Rolf Rolles. 2009. Unpacking Virtualization Obfuscators. In Proceedings of the 3rd USENIX Conference on Offensive Technologies (Montreal, Canada) (WOOT'09). USENIX Association, USA, 1.
[54]
Moritz Schloegel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz, and Ali Abbasi. 2022. Loki: Hardening Code Obfuscation Against Automated Attacks. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 3055--3073. https://www.usenix.org/conference/usenixsecurity22/presentation/schloegel
[55]
C. E. Shannon. 1948. A Mathematical Theory of Communication. Bell System Technical Journal, Vol. 27, 3 (1948), 379--423. https://doi.org/10.1002/j.1538--7305.1948.tb01338.x
[56]
Hao Shi, Jelena Mirkovic, and Abdulla Alwabel. 2017. Handling anti-virtual machine techniques in malicious software. ACM Transactions on Privacy and Security (TOPS), Vol. 21, 1 (2017), 1--31.
[57]
Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. (2015). https://www.ndss-symposium.org/ndss2015/firmalice-automatic-detection-authentication-bypass-vulnerabilities-binary-firmware
[58]
Microsoft 365 Defender Research Team. 2020. Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers. https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
[59]
Sam L Thomas and Auré lien Francillon. 2018. Backdoors: Definition, Deniability and Detection. In Research in Attacks, Intrusions, and Defenses, Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis (Eds.). Springer International Publishing, Cham, 92--113.
[60]
Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, and Pablo Bringas. 2015. SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163053
[61]
Daniel Uroz and Ricardo J. Rodrí guez. 2020. On Challenges in Verifying Trusted Executable Files in Memory Forensics. Forensic Science International: Digital Investigation, Vol. 32 (2020), 300917. https://doi.org/10.1016/j.fsidi.2020.300917
[62]
Adam Waksman and Simha Sethumadhavan. 2011. Silencing Hardware Backdoors. In 2011 IEEE Symposium on Security and Privacy. 49--63. https://doi.org/10.1109/SP.2011.27
[63]
Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen. 2020. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23--26, 2020. The Internet Society. https://www.ndss-symposium.org/ndss-paper/you-are-what-you-do-hunting-stealthy-malware-via-data-provenance-analysis/
[64]
Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. 2020. MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1165--1182. https://www.usenix.org/conference/usenixsecurity20/presentation/xiao
[65]
Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, and Stefan Savage. 2009. When Private Keys Are Public: Results from the 2008 Debian OpenSSL Vulnerability. In Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement (IMC '09). Association for Computing Machinery, New York, NY, USA, 15--27. https://doi.org/10.1145/1644893.1644896
[66]
Jonas Zaddach, Anil Kurmus, Davide Balzarotti, Erik-Oliver Blass, Aurélien Francillon, Travis Goodspeed, Moitrayee Gupta, and Ioannis Koltsidas. 2013. Implementation and Implications of a Stealth Hard-Drive Backdoor. In Proceedings of the 29th Annual Computer Security Applications Conference (New Orleans, Louisiana, USA) (ACSAC '13). Association for Computing Machinery, New York, NY, USA, 279--288. https://doi.org/10.1145/2523649.2523661
[67]
Yongxin Zhou, Alec Main, Yuan X. Gu, and Harold Johnson. 2007. Information Hiding in Software with Mixed Boolean-Arithmetic Transforms. In Proceedings of the 8th International Conference on Information Security Applications (Jeju Island, Korea) (WISA'07). Springer-Verlag, Berlin, Heidelberg, 61--75.
[68]
Shuofei Zhu, Jianjun Shi, Limin Yang, Boqin Qin, Ziyi Zhang, Linhai Song, and Gang Wang. 2020. Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2361--2378. https://www.usenix.org/conference/usenixsecurity20/presentation/zhu
[69]
Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small World with High Risks: A Study of Security Threats in the npm Ecosystem. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 995--1010. https://www.usenix.org/conference/usenixsecurity19/presentation/zimmerman

Cited By

View all
  • (2024)Software supply chain security: a systematic literature reviewInternational Journal of Computers and Applications10.1080/1206212X.2024.239097846:10(853-867)Online publication date: 19-Aug-2024
  • (2024)On the Role of Similarity in Detecting Masquerading FilesMachine Learning for Cyber Security10.1007/978-981-97-2458-1_4(44-55)Online publication date: 23-Apr-2024
  • (2023)SoK: Practical Detection of Software Supply Chain AttacksProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600162(1-11)Online publication date: 29-Aug-2023

Index Terms

  1. Exorcist: Automated Differential Analysis to Detect Compromises in Closed-Source Software Supply Chains

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses
      November 2022
      121 pages
      ISBN:9781450398855
      DOI:10.1145/3560835
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 08 November 2022

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. advanced persistent threat
      2. binary analysis
      3. code signing
      4. differential analysis
      5. malware
      6. obfuscation
      7. supply chain security

      Qualifiers

      • Research-article

      Funding Sources

      Conference

      CCS '22
      Sponsor:

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)83
      • Downloads (Last 6 weeks)8
      Reflects downloads up to 23 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Software supply chain security: a systematic literature reviewInternational Journal of Computers and Applications10.1080/1206212X.2024.239097846:10(853-867)Online publication date: 19-Aug-2024
      • (2024)On the Role of Similarity in Detecting Masquerading FilesMachine Learning for Cyber Security10.1007/978-981-97-2458-1_4(44-55)Online publication date: 23-Apr-2024
      • (2023)SoK: Practical Detection of Software Supply Chain AttacksProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600162(1-11)Online publication date: 29-Aug-2023

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media