CERIAS Weekly Security Seminar - Purdue University artwork

Levi Lloyd, Securing the Software Supply Chain

CERIAS Weekly Security Seminar - Purdue University

English - February 10, 2021 21:30 - 51 minutes - 248 MB Video - ★★★★ - 6 ratings
Technology Education Courses infosec security video seminar cerias purdue information sfs research education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Steve Lipner, "Lessons Learned – Fifty Years of Mistakes in Cybersecurity"
Next Episode: Cory Doctorow, "Technology, Self-Determination, and the Future of the Future"

In December 2020, FireEye discovered a supply chain attack against the SolarWinds Orion network management system.  The impact of this event has caused the cybersecurity community to reevaluate how we think about threats coming from the software supply chain.  At Lawrence Livermore National Laboratory we have been developing software assurance tools for many years to automate the analysis of software to enable asset owners and operators to make sound decisions about the software in their environments.  In this presentation, I will describe this effort, talk about some of our tools, and discuss ways to mitigate future supply chain attacks. About the speaker: Levi Lloyd is a cybersecurity researcher at Lawrence Livermore National Laboratory where he works in the Cyber and Infrastructure Resilience program.  His interests include software assurance, binary analysis and reverse engineering, malware analysis, and network traffic analysis and defense.  He has been involved in the creation of several frameworks aimed at doing cybersecurity analyses at scale.