Protection Mechanism against Software Supply Chain Attacks through Blockchain

Abstract

This research work focuses at the evolving security concerns due to strategic level shift in modern software development process from solo coding practices toward a collaborative worldwide software delivery model known as software supply chain. This conceptual change entails a global cooperative delivery system, similar to a network, having combination of open-source components and inhouse developed components. Although reusing of already developed code speeds up the overall development process, but at the same time it also exposes security holes and rendering firms vulnerable to cyber-attacks, called software supply chain attacks. These attacks become a strong threat when attackers breach repositories and source code management systems by exploiting vulnerabilities and weaknesses. These attacks are distinguished by their extremely harmful, quick distribution and uncomplicated nature, posing hazards to a wide range of organizations. Existing security solutions and protection mechanism, such as honeytokens, Zero Trust Architecture (ZTA), various access list and policy-based procedures are considered obsolete and outdated as these techniques are working in silos and independently, only addressing limited portion of the complete Supply Chain Process for Software Delivery. These conventional methods necessitating the development of a comprehensive and integrated approach that encompasses complete software supply chain systems. Recognizing blockchain technology's disruptive potential, the thesis presents a novel protection mechanism built on the idea of decentralized validity framework in a permissioned environment. This technique makes use of blockchain technology to create an unchangeable and reliable database of payload propagation across supply chain platforms. Proposed framework enables an end-to-end validity platform for all stakeholders i.e., developers, end-users throughout the lifespan of Software Supply Chain Delivery Process. Specially make end-users equipped for playing their role more effectively in the protection mechanism to enhance the trust level and transparency. The ultimate goal is to advocate for flexible solutions that strengthen the global software ecosystem's integrity and security within the dynamic software supply chain environment. Essentially, the thesis tries to highlight the need for a paradigm shift in cybersecurity techniques, supporting resilience and robustness in the ever-changing world of software development and supply chain dynamics.