Finding Software Supply Chain Attack Paths with Logical Attack Graphs

TL;DR

This paper extends the MulVal attack graph tool to include software supply chain threat propagation, enabling detailed analysis of modern supply chain attacks within network security models.

Contribution

The paper introduces a novel extension to MulVal that incorporates SSC threat propagation analysis using new predicates and rules, addressing a key limitation in existing attack graph tools.

Findings

Extended MulVal to model SSC assets and dependencies

Demonstrated practical application of SSC threat analysis

Enhanced detection of complex supply chain attack paths

Abstract

Cyberattacks are becoming increasingly frequent and sophisticated, often exploiting the software supply chain (SSC) as an attack vector. Attack graphs provide a detailed representation of the sequence of events and vulnerabilities that could lead to a successful security breach in a system. MulVal is a widely used open-source tool for logical attack graph generation in networked systems. However, its current lack of support for capturing and reasoning about SSC threat propagation makes it unsuitable for addressing modern SSC attacks, such as the XZ compromise or the 3CX double SSC attack. To address this limitation, we propose an extension to MulVal that integrates SSC threat propagation analysis with existing network-based threat analysis. This extension introduces a new set of predicates within the familiar MulVal syntax, enabling seamless integration. The new facts and interaction rules model SSC assets, their dependencies, interactions, compromises, additional security mechanisms, initial system states, and known threats. We explain how this integration operates in both directions and demonstrate the practical application of the extension.