CSAADE: Cryptographically Secure, Automatic Assurance Software Development Environment

pdf
The cyberattacks on the SolarWinds Orion products reinforce concerns about the vulnerability of the U.S. software supply chain and the insufficiency of current cybersecurity solutions in protecting all stages of the software development life cycle [1]. The Cryptographically Secure, Automatic Assurance Development Environment (CSAADE) mitigates the impact of software supply chain attacks by providing evidence-based evaluation of the software supply chain. CSAADE automatically generates evidence of the software and its environment throughout development, packaging, and distribution; CSAADE also provides a logical basis for a software assurance score. Software consumers can use the software assurance score and evidence to make risk-informed deployment decisions in the face of an increasing supply chain threat. 

With CSAADE, we envision a comprehensive toolchain that can generate and evaluate evidence of how software is created, analyzed, tested, and deployed throughout the supply chain. The CSAADE framework implements a generate, evaluate, and score approach to assign an assurance score to unknown software. We integrate a variety of sensors to characterize both software assurance and platform integrity across the software supply chain. CSAADE builds a cryptographically secured chain of evidence to preserve the authenticity and integrity of the software products and analytic results. An assurance case scoring tool evaluates the evidence to provide a quantitative score.  CSAADE enables attestation of the software supply chain and provenance for unknown software so that consumers can make an informed decision on how to use the software in their mission.

The CSAADE approach outperforms existing solutions in several key ways. First, it offers a comprehensive analysis of the software development life cycle, rather than just a targeted analysis of individual stages. In fact, CSAADE can integrate targeted solutions within the framework to span the life cycle. Second, CSAADE provides the user with a quantitative assurance score rather than a binary pass/fail outcome. Many existing tools like Scorecards [2] implement pass/fail checks. CSAADE’s approach offers the user an assurance score and the data trail to support it. This richer assessment gives the user the opportunity to weigh the software assurance score against mission-specific requirements. 

Early results demonstrate that our CSAADE prototype is effective in mitigating software supply chain attacks. We believe that CSAADE’s modularity and flexibility provide a mechanism for continuous improvement by integrating known and emerging software analysis tools. The CSAADE model is extensible, allowing users to incorporate whatever sensors are necessary to address their threat model and to integrate CSAADE into their software development and acquisition processes. 

References

  1. Cybersecurity & Infrastructure Security Agency, "Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations," 2020.
  2. Google Scorecards https://github.com/ossf/scorecard (2022).

 

Leo Babun is currently a Senior Cybersecurity Researcher at the Johns Hopkins University Applied Physics Laboratory. He completed his PhD in Electrical and Computer Engineering at Florida International University in Spring 2020, after he received a CyberCorps Scholarship for Service from the National Science Foundation (NSF) and the Department of Homeland Security (DHS). His research interests are focused on software security, distributed systems security, Cyber-Physical Systems (CPS), and the Internet of Things (IoT) security and privacy.

Tags:
License: CC-BY-NC-3.0
Submitted by Katie Dey on