Pulse of Truth

1303 readers

64 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement (arxiv.org)

submitted 1 month ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

0 comments fedilink hide all child comments

arXiv:2505.11016v1 Announce Type: new Abstract: Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially concerning for the Go language ecosystem, which is extensively used in critical cloud infrastructures. We present GoLeash, a novel system that applies the principle of least privilege at the package-level granularity, by enforcing distinct security policies for each package in the supply chain. This finer granularity enables GoLeash to detect malicious packages more precisely than traditional sandboxing that handles security policies at process- or container-level. Moreover, GoLeash remains effective under obfuscation, can overcome the limitations of static analysis, and incurs acceptable runtime overhead.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here