A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

Nicola Cibin; Jannik Lucas Sommer; Magnus Mølgard Lund; Michele Albano

doi:10.1109/Blockchain60715.2023.00050

A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

Nicola Cibin, Jannik Lucas Sommer, Magnus Mølgard Lund, Michele Albano

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

9 Downloads (Pure)

Abstract

The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.

Original language	English
Title of host publication	Proceedings of 6th IEEE International Conference on Blockchain
Place of Publication	Haihuadao, China
Publisher	IEEE (Institute of Electrical and Electronics Engineers)
Publication date	17 Dec 2023
Article number	10411464
ISBN (Print)	979-8-3503-1930-9
ISBN (Electronic)	979-8-3503-1929-3
DOIs	https://doi.org/10.1109/Blockchain60715.2023.00050
Publication status	Published - 17 Dec 2023
Event	2023 IEEE International Conference on Blockchain - Dubai, United Arab Emirates Duration: 17 Dec 2023 → 21 Dec 2023 https://icbc2023.ieee-icbc.org/

Conference

Conference	2023 IEEE International Conference on Blockchain
Country/Territory	United Arab Emirates
City	Dubai
Period	17/12/2023 → 21/12/2023
Internet address	https://icbc2023.ieee-icbc.org/

Series	IEEE International Conference on Blockchain
ISSN	2834-9946

Keywords

Blockchain
Distributed Storage
Security Advisories
SBOM
CSAF

Access to Document

10.1109/Blockchain60715.2023.00050Licence: Unspecified

Automating_Dissemination_and_Discovery_of_Security_Advisories_with_Web3_TechnologiesAccepted author manuscript, 1.25 MB

AUB Link

Search for the material in Aalborg University Library's search engine

Cite this

@inproceedings{c93302667fb04d128310de116a5ce10f,

title = "A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies",

abstract = "The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.",

keywords = "Blockchain, Distributed Storage, Security Advisories, SBOM, CSAF",

author = "Nicola Cibin and Sommer, {Jannik Lucas} and Lund, {Magnus M{\o}lgard} and Michele Albano",

year = "2023",

month = dec,

day = "17",

doi = "10.1109/Blockchain60715.2023.00050",

language = "English",

isbn = "979-8-3503-1930-9",

series = "IEEE International Conference on Blockchain",

publisher = "IEEE (Institute of Electrical and Electronics Engineers)",

booktitle = "Proceedings of 6th IEEE International Conference on Blockchain",

address = "United States",

note = "2023 IEEE International Conference on Blockchain ; Conference date: 17-12-2023 Through 21-12-2023",

url = "https://icbc2023.ieee-icbc.org/",

}

Cibin, N, Sommer, JL, Lund, MM & Albano, M 2023, A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies. in Proceedings of 6th IEEE International Conference on Blockchain., 10411464, IEEE (Institute of Electrical and Electronics Engineers), Haihuadao, China, IEEE International Conference on Blockchain, 2023 IEEE International Conference on Blockchain , Dubai, United Arab Emirates, 17/12/2023. https://doi.org/10.1109/Blockchain60715.2023.00050

A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies. / Cibin, Nicola; Sommer, Jannik Lucas; Lund, Magnus Mølgard et al.
Proceedings of 6th IEEE International Conference on Blockchain. Haihuadao, China: IEEE (Institute of Electrical and Electronics Engineers), 2023. 10411464 (IEEE International Conference on Blockchain).

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

TY - GEN

T1 - A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

AU - Cibin, Nicola

AU - Sommer, Jannik Lucas

AU - Lund, Magnus Mølgard

AU - Albano, Michele

PY - 2023/12/17

Y1 - 2023/12/17

N2 - The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.

AB - The frequency of software supply chain attacks has reached unprecedented levels, primarily due to the increasing reliance on huge numbers of software and hardware dependencies, and the inherent vulnerabilities they harbor. Currently, vendors providing these software and hardware components share security advisories to centralized databases or post them on proprietary websites, which security engineers have to search manually to find vulnerabilities relevant for their systems. Furthermore, the security advisories often do not follow a standard machine-readable format, which results in the engineers having to manually analyze the documents. In this paper, {\em SENTINEL}, a novel solution for automating dissemination and discovery of security advisories leveraging Web3 technologies, is presented. In particular, the Ethereum blockchain is used by vendors to notify asset owners of novel vulnerabilities in their systems in a reliable and accountable manner. Evaluation tests conducted on the Ethereum Sepolia Testnet confirm that our proposal is a functional and functioning solution for securely disseminating and discovering security advisories utilizing a fully decentralized infrastructure. {\em SENTINEL}'s source code is released as open source software on GitHub.

KW - Blockchain

KW - Distributed Storage

KW - Security Advisories

KW - SBOM

KW - CSAF

U2 - 10.1109/Blockchain60715.2023.00050

DO - 10.1109/Blockchain60715.2023.00050

M3 - Article in proceeding

SN - 979-8-3503-1930-9

T3 - IEEE International Conference on Blockchain

BT - Proceedings of 6th IEEE International Conference on Blockchain

PB - IEEE (Institute of Electrical and Electronics Engineers)

CY - Haihuadao, China

T2 - 2023 IEEE International Conference on Blockchain

Y2 - 17 December 2023 through 21 December 2023

ER -

Cibin N, Sommer JL, Lund MM, Albano M. A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies. In Proceedings of 6th IEEE International Conference on Blockchain. Haihuadao, China: IEEE (Institute of Electrical and Electronics Engineers). 2023. 10411464. (IEEE International Conference on Blockchain). doi: 10.1109/Blockchain60715.2023.00050

A Method and Platform for Security Advisory Dissemination Leveraging Web3 Technologies

Abstract

Conference

Keywords

Access to Document

AUB Link

Fingerprint

Cite this