DTCC-Supply Chain Research (GY)
-
Research into different aspects of Supply Chain risks and where should an organization tangibly focus their security efforts (NIST: Protect, Detect).
Goal:
Conduct research using NYU Academia and Industry knowledge in conjunction with Supply Chain Cyber threat Intelligence and DTCC internal perspective/knowledge to publish a research paper.
- Exploring and drafting a White paper as part of NYU VIP - This whitepaper could consider what are the different use cases that intoto (software attestation tool) could be used to monitor for supply chain intrusions if an environment is compromised- this would help the system admins and SOC/Hunt teams (for us called TMC) understand what to analyze or look for when it comes to supply chain alerts generated from a tool like intoto or any another supply chain tooling/detection)
- As part of NYU VIP engaging in exploratory research (informally known as fishing expedition) topic associated to Supply Chain – Measuring Dependencies and adjacent thoughts:
- Is there a mechanism to identify which code is risky (supply chain angle/context)
- Is there a mechanism to identify which dependencies in a code is Risky (supply chain angle/context)
Outcome:
Publish a joint research/ whitepaper. Possible testing of software attestation and SBOM capabilities of SBOMit in a controlled test environment similar to DTCC prod.
Majors and Areas of Interest:
Someone who willing to explore innovative ways of using AI enabled solutions in real world enterprise developer ecosystem in fintech industry
Research, Design, or Technical Issues Involved or Addressed
- DevOps
- Software Attestation
- Vulnerability Management
- Categorization of supply chain risk management items within the NIST Protect and Detect buckets
Related Grand Challenges
- Research the various Problem Cases associated to Supply Chain from a Software Consumer Perspective and Software Developer Perspective.
- Research and document how to operationalize cybersecurity functions as applicable to the NIST Protect and Defend buckets.
Primary Instructors
- Justin Cappos, NYU Advisor
- Dan Chacko