A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

Nicola Cibin; Jannik Lucas Sommer; Magnus Mølgard Lund; Michele Albano

doi:10.1109/Blockchain60715.2023.00050

A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

Nicola Cibin, Jannik Lucas Sommer, Magnus Mølgard Lund, Michele Albano

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

Abstract

The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.

Originalsprog	Engelsk
Titel	Proceedings of 6th IEEE International Conference on Blockchain
Udgivelsessted	Haihuadao, China
Forlag	IEEE (Institute of Electrical and Electronics Engineers)
Publikationsdato	17 dec. 2023
Artikelnummer	10411464
ISBN (Trykt)	979-8-3503-1930-9
ISBN (Elektronisk)	979-8-3503-1929-3
DOI	https://doi.org/10.1109/Blockchain60715.2023.00050
Status	Udgivet - 17 dec. 2023
Begivenhed	2023 IEEE International Conference on Blockchain - Dubai, United Arab Emirates Varighed: 17 dec. 2023 → 21 dec. 2023 https://icbc2023.ieee-icbc.org/

Konference

Konference	2023 IEEE International Conference on Blockchain
Land/Område	United Arab Emirates
By	Dubai
Periode	17/12/2023 → 21/12/2023
Internetadresse	https://icbc2023.ieee-icbc.org/

Navn	IEEE International Conference on Blockchain
ISSN	2834-9946

Adgang til dokumentet

10.1109/Blockchain60715.2023.00050Licens: Ikke-specificeret

Automating_Dissemination_and_Discovery_of_Security_Advisories_with_Web3_TechnologiesAccepteret manuskript, 1,25 MB

AUB Link

Søg efter materialet i Aalborg Universitetsbiblioteks søgemaskine

Citationsformater

@inproceedings{c93302667fb04d128310de116a5ce10f,

title = "A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies",

abstract = "The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.",

keywords = "Blockchain, Distributed Storage, Security Advisories, SBOM, CSAF",

author = "Nicola Cibin and Sommer, {Jannik Lucas} and Lund, {Magnus M{\o}lgard} and Michele Albano",

year = "2023",

month = dec,

day = "17",

doi = "10.1109/Blockchain60715.2023.00050",

language = "English",

isbn = "979-8-3503-1930-9",

series = "IEEE International Conference on Blockchain",

publisher = "IEEE (Institute of Electrical and Electronics Engineers)",

booktitle = "Proceedings of 6th IEEE International Conference on Blockchain",

address = "United States",

note = "2023 IEEE International Conference on Blockchain ; Conference date: 17-12-2023 Through 21-12-2023",

url = "https://icbc2023.ieee-icbc.org/",

}

Cibin, N, Sommer, JL, Lund, MM & Albano, M 2023, A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies. i Proceedings of 6th IEEE International Conference on Blockchain., 10411464, IEEE (Institute of Electrical and Electronics Engineers), Haihuadao, China, IEEE International Conference on Blockchain, 2023 IEEE International Conference on Blockchain , Dubai, United Arab Emirates, 17/12/2023. https://doi.org/10.1109/Blockchain60715.2023.00050

A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies. / Cibin, Nicola; Sommer, Jannik Lucas; Lund, Magnus Mølgard et al.
Proceedings of 6th IEEE International Conference on Blockchain. Haihuadao, China: IEEE (Institute of Electrical and Electronics Engineers), 2023. 10411464 (IEEE International Conference on Blockchain).

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

TY - GEN

T1 - A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

AU - Cibin, Nicola

AU - Sommer, Jannik Lucas

AU - Lund, Magnus Mølgard

AU - Albano, Michele

PY - 2023/12/17

Y1 - 2023/12/17

N2 - The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.

AB - The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.

KW - Blockchain

KW - Distributed Storage

KW - Security Advisories

KW - SBOM

KW - CSAF

U2 - 10.1109/Blockchain60715.2023.00050

DO - 10.1109/Blockchain60715.2023.00050

M3 - Article in proceeding

SN - 979-8-3503-1930-9

T3 - IEEE International Conference on Blockchain

BT - Proceedings of 6th IEEE International Conference on Blockchain

PB - IEEE (Institute of Electrical and Electronics Engineers)

CY - Haihuadao, China

T2 - 2023 IEEE International Conference on Blockchain

Y2 - 17 December 2023 through 21 December 2023

ER -

Cibin N, Sommer JL, Lund MM, Albano M. A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies. I Proceedings of 6th IEEE International Conference on Blockchain. Haihuadao, China: IEEE (Institute of Electrical and Electronics Engineers). 2023. 10411464. (IEEE International Conference on Blockchain). doi: 10.1109/Blockchain60715.2023.00050

A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

Abstract

Konference

Adgang til dokumentet

AUB Link

Fingeraftryk

Citationsformater