2,000+ Free Courses with Certificates: Coding, AI, SQL, and More
UC San Diego Product Management Certificate — AI-Powered PM Training
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore the critical security challenges in software compilation processes and learn about innovative solutions for establishing trust in build environments. Discover why existing CNCF projects like in-toto and Sigstore, while securing upper supply chain layers, fall short of verifying the integrity of underlying OS stacks, leaving vulnerabilities exposed as demonstrated by attacks like SolarWinds. Examine the complexities of modern software stacks with their deep layers and interdependencies that make comprehensive component verification nearly impossible. Understand a groundbreaking approach that rethinks trust establishment in software builds through build environment verifiability, utilizing SGX enclaves to enclose the entire compilation process within a non-interactive secure environment and leveraging in-toto attestation to ensure verifiable builds. Gain insights into how this security enhancement can strengthen the CNCF ecosystem and protect against sophisticated supply chain attacks targeting the compilation process itself.
Syllabus
You Can Sign It, But Can You Trust It? Securing the Compilation Process - Yaxuan (Alice) Wen, NYU
Taught by
OpenSSF