引用本文
  • 何熙巽,张玉清,刘奇旭.软件供应链安全综述[J].信息安全学报,2020,5(1):57-73    [点击复制]
  • HE Xixun,Zhang Yuqing,Liu Qixu.Survey of Software Supply Chain Security[J].Journal of Cyber Security,2020,5(1):57-73   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 10675次   下载 10843 本文二维码信息
码上扫一扫!
软件供应链安全综述
何熙巽1, 张玉清1,2, 刘奇旭3
0
(1.中国科学院大学 国家计算机网络入侵防范中心 北京 中国 101408;2.西安电子科技大学 网络与信息安全学院 西安 中国 710071;3.中国科学院信息工程研究所 北京 中国 100093)
摘要:
随着信息技术产业的发展和软件开发需求的扩展,软件开发的难度与复杂度不断上升,针对软件供应链的重大安全事件时有发生。这些事件展现了软件供应链攻击低成本而高效的特点以及软件供应链管理的复杂性,使得软件供应链的安全问题受到了广泛的关注,相关领域的研究工作也进入了起步阶段。本文从软件供应链安全的定义以及发展历程入手,介绍了软件供应链安全问题的相关背景,并通过对现有研究成果的调研分析,将软件供应链安全问题分为管理问题和技术问题两个方面,从这两个方面入手介绍了软件供应链安全的研究现状,然后结合研究现状总结了软件供应链安全所面临的现实挑战,并提出了未来可能的研究方向。
关键词:  软件供应链  网络供应链  网络与信息系统安全  软件安全  供应链风险管理
DOI:10.19363/J.cnki.cn10-1380/tn.2020.01.06
投稿时间:2019-05-30修订日期:2019-09-23
基金项目:本课题得到国家重点研发计划基金资助项目(No.2016YFB0800700),国家自然科学基金资助项目(No.61572460,No.61272481),信息安全国家重点实验室的开放课题基金资助项目(No.2017-ZD-01),国家发改委信息安全专项基金资助项目(No.(2012)1424)资助。
Survey of Software Supply Chain Security
HE Xixun1, Zhang Yuqing1,2, Liu Qixu3
(1.National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China;2.School of Cyber Engineering, Xidian University, Xi'an 710071, China;3.Institude of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China)
Abstract:
With the development of information technology industry and the expansion of the demand in software development, the difficulty and complexity of software development are rising continuously, and the major events of software supply chain security occur from time to time. These events show the low-cost as well as efficiency of software supply chain attack and the complexity of software supply chain management, which has led to widespread attention on software security issues, and the research in related field has also entered the initial phase. Starting with the definition and development history of software supply chain security, this paper introduces the background of software supply chain security, divides the software supply chain security problem into two aspects of management and technical problems through the survey and analysis of existing researches, and introduces the current status of software supply chain security from these two aspects. Then, based on the current research status, the current challenges faced by software supply chain security are summarized, and the possible future research direction are pointed out.
Key words:  software supply chain  cyber supply chain  network and information system security  software security  supply chain risk management