A RISK ANALYSIS OF SOFTWARE DEPENDENCIES FOR THE AI/ML SUPPLY CHAIN
Loading...
Authors
Tum, Alexander S.
Subjects
AI
ML
supply chain
package managers
risk analysis
ML
supply chain
package managers
risk analysis
Advisors
Kroll, Joshua A.
Hale, Britta
Date of Issue
2023-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Artificial intelligence (AI) and machine learning (ML) offer new capabilities for the overall technology ecosystem. As it forms the foundation for new technology, the security of a final software product depends greatly on that of the underlying supply chain, including its software dependencies. This study examines a portion of the supply chain for AI/ML by mapping the dependencies of a select sample of ML libraries for vulnerabilities. We search for a relationship between the depth of a dependency within a sample library's dependency tree and the amount of vulnerabilities discovered within the corresponding library's supply chain. We consider multiple development tools and libraries and their software dependencies, all of which exist as open-source software. Understanding the potential risks, vulnerabilities, and dependency relationships present in the development supply chain will inform further efforts to securely develop AI/ML products and secure its supply chain.
Type
Thesis
Description
Series/Report No
Department
Information Sciences (IS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.