{"id":"https://openalex.org/W4308562555","doi":"https://doi.org/10.1145/3560835.3564556","title":"SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties","display_name":"SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties","publication_year":2022,"publication_date":"2022-11-08","ids":{"openalex":"https://openalex.org/W4308562555","doi":"https://doi.org/10.1145/3560835.3564556"},"language":"en","primary_location":{"id":"doi:10.1145/3560835.3564556","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564556","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564556","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564556","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108726166","display_name":"Chinenye Okafor","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Chinenye Okafor","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058699162","display_name":"Taylor R. Schorlemmer","orcid":"https://orcid.org/0000-0003-2181-5527"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Taylor R. Schorlemmer","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025546105","display_name":"Santiago Torres-Arias","orcid":"https://orcid.org/0000-0002-9283-3557"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Santiago Torres-Arias","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013948143","display_name":"James C. Davis","orcid":"https://orcid.org/0000-0003-2495-686X"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James C. Davis","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5108726166"],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":10.5231,"has_fulltext":true,"cited_by_count":36,"citation_normalized_percentile":{"value":0.98319898,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"15","last_page":"24"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.7515736818313599},{"id":"https://openalex.org/keywords/transparency","display_name":"Transparency (behavior)","score":0.6556609869003296},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6105287671089172},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5939768552780151},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5612873435020447},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5340553522109985},{"id":"https://openalex.org/keywords/strengths-and-weaknesses","display_name":"Strengths and weaknesses","score":0.4750102460384369},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.421405553817749},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.335781455039978},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2973490059375763},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2532044053077698},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.06452840566635132}],"concepts":[{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.7515736818313599},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.6556609869003296},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6105287671089172},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5939768552780151},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5612873435020447},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5340553522109985},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.4750102460384369},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.421405553817749},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.335781455039978},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2973490059375763},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2532044053077698},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.06452840566635132},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3560835.3564556","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564556","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564556","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:docs.lib.purdue.edu:ecepubs-1177","is_oa":false,"landing_page_url":"https://docs.lib.purdue.edu/ecepubs/160","pdf_url":null,"source":{"id":"https://openalex.org/S4377196310","display_name":"Purdue e-Pubs (Purdue University System)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2801333002","host_organization_name":"Purdue University System","host_organization_lineage":["https://openalex.org/I2801333002"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Department of Electrical and Computer Engineering Faculty Publications","raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3560835.3564556","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3560835.3564556","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3560835.3564556","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5494311034","display_name":null,"funder_award_id":"2229703","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4308562555.pdf","grobid_xml":"https://content.openalex.org/works/W4308562555.grobid-xml"},"referenced_works_count":36,"referenced_works":["https://openalex.org/W109452506","https://openalex.org/W176366034","https://openalex.org/W1971991620","https://openalex.org/W1972181392","https://openalex.org/W2096249199","https://openalex.org/W2107249747","https://openalex.org/W2120525070","https://openalex.org/W2350778671","https://openalex.org/W2352444199","https://openalex.org/W2495611832","https://openalex.org/W2789570312","https://openalex.org/W2792952820","https://openalex.org/W2892759841","https://openalex.org/W2915997584","https://openalex.org/W3022734214","https://openalex.org/W3046453918","https://openalex.org/W3155859537","https://openalex.org/W3156903202","https://openalex.org/W3157178205","https://openalex.org/W3159300567","https://openalex.org/W3172189288","https://openalex.org/W3196277935","https://openalex.org/W3214874403","https://openalex.org/W4221145571","https://openalex.org/W4223897634","https://openalex.org/W4226416841","https://openalex.org/W4234065838","https://openalex.org/W4246788636","https://openalex.org/W4283012911","https://openalex.org/W4283076946","https://openalex.org/W4284693477","https://openalex.org/W4308469411","https://openalex.org/W4377235553","https://openalex.org/W6604335577","https://openalex.org/W6778208108","https://openalex.org/W6811284660"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W4295769391","https://openalex.org/W2972220648","https://openalex.org/W2332667808","https://openalex.org/W3081288631","https://openalex.org/W1997921863","https://openalex.org/W3152382318","https://openalex.org/W3004686567","https://openalex.org/W2738656338","https://openalex.org/W3111143909"],"abstract_inverted_index":{"This":[0],"paper":[1,36,92],"systematizes":[2],"knowledge":[3],"about":[4],"secure":[5],"software":[6,16,87],"supply":[7,17,29,56,88,100],"chain":[8,18,101],"patterns.":[9],"It":[10,60],"identifies":[11],"four":[12],"stages":[13],"of":[14,55,66,85],"a":[15,27],"attack":[19],"and":[20,33,41,52,64,73,98],"proposes":[21],"three":[22],"security":[23,39,47,77,84,102],"properties":[24],"crucial":[25],"for":[26],"secured":[28],"chain:":[30],"transparency,":[31],"validity,":[32],"separation.":[34],"The":[35],"describes":[37],"current":[38,67],"approaches":[40,68],"maps":[42],"them":[43],"to":[44,70,81],"the":[45,62,75,83,86,91],"proposed":[46],"properties,":[48],"including":[49],"research":[50],"ideas":[51],"case":[53],"studies":[54],"chains":[57],"in":[58,96],"practice.":[59],"discusses":[61],"strengths":[63],"weaknesses":[65],"relative":[69],"known":[71],"attacks":[72],"details":[74],"various":[76],"frameworks":[78],"put":[79],"out":[80],"ensure":[82],"chain.":[89],"Finally,":[90],"highlights":[93],"potential":[94],"gaps":[95],"actor":[97],"operation-centered":[99],"techniques.":[103]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":11}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}