런타임 타입 SBOM을 이용한 리눅스 시스템 동적 구성요소 명세 방안 연구

Vol. 35, No. 3, pp. 573-584, 6월. 2025
10.13089/JKIISC.2025.35.3.573, Full Text:
Keywords: Runtime-type SBOM, Software Supply Chain Management, Dynamic Component Identification
Abstract

The United States, through Executive Order 14028, has proposed the use of the Software Bill of Materials (SBOM) as a means to enhance software supply chain security by specifying the components used in software development. Major organizations such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Germany’s Federal Office for Information Security (BSI) have classified SBOMs into six types based on the software development lifecycle. Among them, the Runtime-Type SBOM identifies the components of software actively in the execution environment in real-time. This SBOM is particularly useful in detecting malicious libraries that are illegally injected into software during execution and in identifying vulnerabilities in dynamically loaded system libraries. This paper presents the first implementation of a Runtime-Type SBOM, which was proposed at an abstract conceptual level, on a Linux system, demonstrating its effectiveness in detecting attacks on running software.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
손현승, 이만희, 김지민, "Research on Dynamic Component Specification for Linux System by Using Runtime Type SBOM," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 3, pp. 573-584, 2025. DOI: 10.13089/JKIISC.2025.35.3.573.

[ACM Style]
손현승, 이만희, and 김지민. 2025. Research on Dynamic Component Specification for Linux System by Using Runtime Type SBOM. Journal of The Korea Institute of Information Security and Cryptology, 35, 3, (2025), 573-584. DOI: 10.13089/JKIISC.2025.35.3.573.