A new class of vulnerabilities, called trojan source, has been recently discovered by Boucher and Anderson. This work describes the state of the art of known trojan source attacks, illustrates two new attack variants involving configuration files and Java code, and describes practical preventive measures.

Invisible Supply Chain Attacks Based on Trojan Source

Emanuele Buchicchio;Luca Grilli;Salvatore Cipriano;
2022

Abstract

A new class of vulnerabilities, called trojan source, has been recently discovered by Boucher and Anderson. This work describes the state of the art of known trojan source attacks, illustrates two new attack variants involving configuration files and Java code, and describes practical preventive measures.
2022
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11391/1546013
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact