The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Knowledge Graph Construction for Resilient, Trustworthy, and Secure Software Supply Chains

Research Areas: End System Security

Principal Investigator: Tianyi Zhang

This project will develop a unified knowledge graph that captures rich, up-to-date information about software components in heterogeneous software ecosystems. Building upon our prior work on noise-robust open knowledge extraction, we will develop a new neural knowledge acquisition pipeline that (1) extracts software information from various information sources, including but not limited to official documentation, software release notes, bug reports, CVEs, and online discussions, (2) consolidates the extracted information via an array of quality control and fact-checking mechanisms, and (3) constantly updates the knowledge graph by tracking new information from various sources. The resulting knowledge graph will empower us to further develop a novel multi-modal query interface for knowledge dissemination, as well as new risk mitigation approaches that perform deep scans on software systems, detect potential risks, and automatically repair them.

Personnel

Other PIs: Xiangyu Zhang

Students: Bonan Kou Yifeng Di

Representative Publications

Keywords: Knowledge Graph, security, Software Supply Chains, Vulnerabilities