DTCC-Supply Chain Research (GY)

  • Research into different aspects of Supply Chain risks and where should an organization tangibly focus their security efforts (NIST: Protect, Detect).

DTCC: Advancing Financial Markets. Together.

Goal:

Conduct research using NYU Academia and Industry knowledge in conjunction with Supply Chain Cyber threat Intelligence and DTCC internal perspective/knowledge to publish a research paper. 

  1. Exploring and drafting a White paper as part of NYU VIP - This whitepaper could consider what are the different use cases that intoto (software attestation tool) could be used to monitor for supply chain intrusions if an environment is compromised- this would help the system admins and  SOC/Hunt teams (for us called TMC) understand what to analyze or look for when it comes to supply chain alerts generated from a tool like intoto or any another supply chain tooling/detection) 
  2. As part of NYU VIP engaging in exploratory research (informally known as fishing expedition) topic associated to Supply Chain – Measuring Dependencies and adjacent thoughts:
    1. Is there a mechanism to identify which code is risky (supply chain angle/context)
    2. Is there a mechanism to identify which dependencies in a code is Risky (supply chain angle/context) 

Outcome: 

Publish a joint research/ whitepaper. Possible testing of software attestation and SBOM capabilities of SBOMit in a controlled test environment similar to DTCC prod.

Majors and Areas of Interest: 

Someone who willing to explore innovative ways of using AI enabled solutions in real world enterprise developer ecosystem in fintech industry

Research, Design, or Technical Issues Involved or Addressed

  • DevOps
  • Software Attestation
  • Vulnerability Management
  • Categorization of supply chain risk management items within the NIST Protect and Detect buckets

Related Grand Challenges

  • Research the various Problem Cases associated to Supply Chain from a Software Consumer Perspective and Software Developer Perspective.
  • Research and document how to operationalize cybersecurity functions as applicable to the NIST Protect and Defend buckets.

Primary Instructors