软件供应链安全综述  被引量：28

作　　者：何熙巽 张玉清 刘奇旭[3] HE Xixun;Zhang Yuqing;Liu Qixu(National Computer Network Intrusion Protection Center,University of Chinese Academy of Sciences,Beijing 101408,China;School of Cyber Engineering,Xidian University,Xi’an 710071,China;Institude of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]中国科学院大学国家计算机网络入侵防范中心,中国北京101408 [2]西安电子科技大学网络与信息安全学院,中国西安710071 [3]中国科学院信息工程研究所,中国北京100093

出　　处：《信息安全学报》2020年第1期57-73,共17页Journal of Cyber Security

基　　金：国家重点研发计划基金资助项目(No.2016YFB0800700);国家自然科学基金资助项目(No.61572460,No.61272481);信息安全国家重点实验室的开放课题基金资助项目(No.2017-ZD-01);国家发改委信息安全专项基金资助项目(No.(2012)1424)资助

摘　　要：随着信息技术产业的发展和软件开发需求的扩展,软件开发的难度与复杂度不断上升,针对软件供应链的重大安全事件时有发生。这些事件展现了软件供应链攻击低成本而高效的特点以及软件供应链管理的复杂性,使得软件供应链的安全问题受到了广泛的关注,相关领域的研究工作也进入了起步阶段。本文从软件供应链安全的定义以及发展历程入手,介绍了软件供应链安全问题的相关背景,并通过对现有研究成果的调研分析,将软件供应链安全问题分为管理问题和技术问题两个方面,从这两个方面入手介绍了软件供应链安全的研究现状,然后结合研究现状总结了软件供应链安全所面临的现实挑战,并提出了未来可能的研究方向。With the development of information technology industry and the expansion of the demand in software development, the difficulty and complexity of software development are rising continuously, and the major events of software supply chain security occur from time to time. These events show the low-cost as well as efficiency of software supply chain attack and the complexity of software supply chain management, which has led to widespread attention on software security issues, and the research in related field has also entered the initial phase. Starting with the definition and development history of software supply chain security, this paper introduces the background of software supply chain security, divides the software supply chain security problem into two aspects of management and technical problems through the survey and analysis of existing researches, and introduces the current status of software supply chain security from these two aspects. Then, based on the current research status, the current challenges faced by software supply chain security are summarized, and the possible future research direction are pointed out.

关 键 词：软件供应链 网络供应链 网络与信息系统安全 软件安全 供应链风险管理 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]