Yuta Shimamoto (Okayama University, Okayama, Japan), Hiroyuki Uekawa (NTT Social Informatics Laboratories, Tokyo, Japan), Mitsuaki Akiyama (NTT Social Informatics Laboratories, Tokyo, Japan), Toshihiro Yamauchi (Okayama University, Okayama, Japan)

A Software Bill of Materials (SBOM) enables rapid understanding of software composition and improves the efficiency of vulnerability management. However, inconsistencies between the components described in the SBOM and those that actually exist on a device can result in missed detections or false positives during SBOM-based vulnerability analysis, thereby increasing the risk of executing unknown threats. This study proposes SBOM-based Access Control (SBOM-AC), a mechanism that determines whether a program may be executed by enforcing access control policies derived from the SBOM. By denying the execution of programs that do not match the SBOM, SBOMAC reduces security risks arising from the runtime execution of unmanaged programs. Denial logs can also be used to improve the completeness and accuracy of the SBOM, thereby reducing missed detections and false positives in SBOM-based vulnerability management and enabling the identification of unexpected execution attempts. SBOM-AC can be implemented as a Linux Security Module (LSM), making it suitable for deployment on Linux-based IoT devices and compatible with existing Mandatory Access Control systems. Experimental results show that SBOMAC introduces a maximum latency of only 0.14 ms. Based on this measurement, the estimated performance impact of SBOM-AC on device services is negligible.

View More Papers

UAVConfigFuzzer: Detecting Incorrect Configurations in Unmanned Aerial Vehicles via...

Yingnan Zhou (Nankai University), Yuhao Liu (Nankai University), Hanfeng Zhang (Nankai University), Yan Jia (Nankai University), Sihan Xu (Nankai University), Zhiyuan Jiang (National University of Defense Technology), Zheli Liu (Nankai University)

Read More

An LLM-Driven Fuzzing Framework for Detecting Logic Instruction Bugs...

Jiaxing Cheng (Institute of Information Engineering, CAS; SCS, UCAS Beijing, China), Ming Zhou (SCS, Nanjing University of Science and Technology Nanjing, Jiangsu, China), Haining Wang (ECE Virginia Tech Arlington, VA, USA), Xin Chen (Institute of Information Engineering, CAS; SCS, UCAS Beijing, China), Yuncheng Wang (Institute of Information Engineering CAS; SCS, UCAS Beijing, China), Yibo Qu…

Read More

Janus: Enabling Expressive and Efficient ACLs in High-speed RDMA...

Ziteng Chen (Southeast University), Menghao Zhang (Beihang University), Jiahao Cao (Tsinghua University & Quan Cheng Laboratory), Xuzheng Chen (Zhejiang University), Qiyang Peng (Beihang University), Shicheng Wang (Unaffiliated), Guanyu Li (Unaffiliated), Mingwei Xu (Quan Cheng Laboratory & Tsinghua University & Southeast University)

Read More