An Integrity-Focused Threat Model for Software Development Pipelines
Abstract
In recent years, there has been a growing concern with software integrity, that is, the assurance that software has not been tampered with on the path between developers and users. This path is represented by a software development pipeline and plays a pivotal role in software supply chain security. While there have been efforts to improve the security of development pipelines, there is a lack of a comprehensive view of the threats affecting them. We develop a systematic threat model for a generic software development pipeline using the STRIDE framework and identify possible mitigations for each threat. The pipeline adopted as a reference comprises five stages (integration, continuous integration, infrastructure-as-code, deployment, and release), and we review vulnerabilities and attacks in all stages reported in the literature. We present a case study applying this threat model to a specific pipeline, showing that the adaptation is straightforward and produces a list of relevant threats.
- Publication:
-
arXiv e-prints
- Pub Date:
- November 2022
- DOI:
- 10.48550/arXiv.2211.06249
- arXiv:
- arXiv:2211.06249
- Bibcode:
- 2022arXiv221106249R
- Keywords:
-
- Computer Science - Cryptography and Security;
- Computer Science - Software Engineering;
- D.4.6;
- D.2
- E-Print:
- 36 pages, 5 figures