NSF and the Defense of the Software Supply Chain: Past, Present and Future
ABSTRACT
In this talk I will discuss the role of the NSF Secure and Trustworthy Cyber Space (SaTC) program in supporting research addressing the defense of the software supply chain, ranging from research on the development of automated approaches to find software vulnerabilities, malware, exploits, dependencies to research on socio-technical aspects of developer practices and behaviors. A closer look at the past five years of SaTC awards shows that while a large number of awards focusing on automated approaches have driven progress on this arena, there is a need for catalyzing more research on socio-technical aspects of the security of the software supply chain, especially on team dynamics, developer trust relationships and ascendancy in projects, code provenance, and social engineering attacks on open-source software (OSS) repositories, which can lead an adversary to become part of the developer team and insert vulnerabilities into popular OSS projects.
BIO
Daniela Oliveira is a Program Director at the NSF Computer and the Directorate of Information Science and Engineering (CISE), Division of Computer and Network Systems (CNS), Secure and Trustworthy Cyberspace (SaTC), where she focuses on the Systems portfolio. She received her B.Sc. and M.Sc. degrees in Computer Science from the Federal University of Minas Gerais in Brazil. She then earned her Ph.D. in Computer Science from the University of California at Davis. She is on rotation from the University of Florida, where she is an Associate Professor at the Department of Electrical and Computer Engineering, where she specializes on socio-technical aspects of cyber security systems research, including malware analysis and detection, cyber social engineering (phishing and mis/disinformation), and developer blindspots while coding. Daniela Oliveira received a National Science Foundation CAREER Award in 2012 for her innovative research into operating systems' defense against attacks using virtual machines, the 2014 Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama, and the 2017 Google Security, Privacy and Anti-Abuse Award. She is a National Academy of Sciences Kavli Fellow and a National Academy of Engineers Frontiers of Engineering Symposium Alumni. Her research has been sponsored by the National Science Foundation (NSF), the Defense Advanced Research Projects Agency (DARPA), the National Institutes of Health (NIH), the MIT Lincoln Laboratory, and Google.