SENTINEL - Automatic Dissemination and Discovery of Security Advisories with Web3
Authors
Lund, Magnus Mølgaard ; Sommer, Jannik Lucas
Term
4. term
Education
Publication year
2023
Pages
130
Abstract
Angreb mod softwareforsyningskæden—hvor angribere udnytter tredjepartskomponenter, som moderne software er afhængig af—er stigende. I dag offentliggør leverandører sikkerhedsmeddelelser i forskellige centrale databaser eller på egne hjemmesider. Fordi disse meddelelser ofte ikke følger et standardiseret, maskinlæsbart format, må sikkerhedsteams manuelt finde og tolke det, der er relevant for deres systemer. Denne rapport præsenterer SENTINEL, en løsning, der automatiserer deling og opdagelse af sikkerhedsmeddelelser ved hjælp af Web3-teknologier, dvs. decentraliserede, blockchain-baserede netværk. En systemtest på Ethereum-testnettet Sepolia viser, at SENTINEL fungerer som en sikker, fuldt decentral måde at offentliggøre og finde relevante meddelelser.
Software supply chain attacks—where attackers target the third-party components that modern software depends on—are on the rise. Today, vendors publish security advisories in different central databases or on their own websites. Because these advisories are often not provided in a standard, machine-readable format, security teams must manually search for and interpret what is relevant to their systems. This report presents SENTINEL, a solution that automates the sharing and discovery of security advisories using Web3 technologies, meaning decentralized, blockchain-based networks. A system test on the Sepolia Ethereum test network shows that SENTINEL works as a secure, fully decentralized way to publish and find relevant advisories.
[This summary has been rewritten with the help of AI based on the project's original abstract]
Keywords
Web3 ; Cybersecurity ; Blockchain ; SENTINEL ; SBOM ; CSAF
Documents