Paper Abstract and Keywords |
Presentation |
2023-07-21 11:00
A tool for vulnerability assessment and checksum verification using SPDX documents Rio Kishimoto, Tetsuya Kanda (Osaka Univ.), Yuki Manabe (The Univ. of Fukuchiyama), Katsuro Inoue (Nanzan Univ.), Yoshiki Higo (Osaka Univ.) SS2023-8 KBSE2023-19 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Libraries are widely used in recent software development, but their management is insufficient, and there are problems such as delays in responding when vulnerabilities are discovered in the libraries. To solve these problems, the use of software bill of materials (SBOM) is recommended. However, there is a lack of tools to support its use. Therefore, in this study, we developed a tool called “Osmy” to support the management of SBOM created in the SPDX format, one of the major formats of SBOM, with the aim of making the appropriate management of software using SPDX documents more labor-saving than using existing tools. Osmy can automatically and periodically perform software vulnerability assessment and software corruption/falsification detection through checksum verification. We have confirmed that Osmy is fast enough to run on a regular basis, and that it reduces the amount of work required to manage SPDX documents. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
SBOM / SPDX / Vulnerability / / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 123, no. 123, SS2023-8, pp. 43-48, July 2023. |
Paper # |
SS2023-8 |
Date of Issue |
2023-07-13 (SS, KBSE) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
SS2023-8 KBSE2023-19 |
Conference Information |
Committee |
SS KBSE IPSJ-SE |
Conference Date |
2023-07-20 - 2023-07-22 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
|
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
|
Paper Information |
Registration To |
SS |
Conference Code |
2023-07-SS-KBSE-SE |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A tool for vulnerability assessment and checksum verification using SPDX documents |
Sub Title (in English) |
|
Keyword(1) |
SBOM |
Keyword(2) |
SPDX |
Keyword(3) |
Vulnerability |
Keyword(4) |
|
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Rio Kishimoto |
1st Author's Affiliation |
Osaka University (Osaka Univ.) |
2nd Author's Name |
Tetsuya Kanda |
2nd Author's Affiliation |
Osaka University (Osaka Univ.) |
3rd Author's Name |
Yuki Manabe |
3rd Author's Affiliation |
The University of Fukuchiyama (The Univ. of Fukuchiyama) |
4th Author's Name |
Katsuro Inoue |
4th Author's Affiliation |
Nanzan University (Nanzan Univ.) |
5th Author's Name |
Yoshiki Higo |
5th Author's Affiliation |
Osaka University (Osaka Univ.) |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2023-07-21 11:00:00 |
Presentation Time |
25 minutes |
Registration for |
SS |
Paper # |
SS2023-8, KBSE2023-19 |
Volume (vol) |
vol.123 |
Number (no) |
no.123(SS), no.124(KBSE) |
Page |
pp.43-48 |
#Pages |
6 |
Date of Issue |
2023-07-13 (SS, KBSE) |
|