Proto-OKN Theme 1: Knowledge Graph Construction for Resilient, Trustworthy, and Secure Software Supply Chains
Purdue University, West Lafayette IN
Investigators
Abstract
This project aims to create a comprehensive knowledge graph detailing software components across diverse software ecosystems to increase their overall security. Using a neural knowledge acquisition pipeline, it will extract and continually update software data from varied sources, then consolidate this information using quality control methods. This knowledge graph will facilitate a unique multi-modal query system and risk mitigation tools that can detect and automatically fix software vulnerabilities. Collaborations with industrial partners and government agencies will ensure the real-world applicability and effectiveness of the developed knowledge graph. The project will feature activities to broaden participation in computing and initiatives to educate and involve the next generation of software programmers. The project will advance research on software supply chain management and risk mitigation by creating the first large-scale knowledge graph for software supply chains. Compared to the existing techniques, this approach will provide real-time, comprehensive data for supply chain management across diverse platforms and languages. To achieve this, the team will develop advanced Natural Language Processing methods to comprehend and extract intricate software knowledge from free-form text. While enhancing the utility of the Software Bill of Materials, the proposed effort will reduce the attack surface of software systems developed with open-source software components. The project team is dedicated to sharing their findings widely through tutorials, publications, and open-source tools. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →