ShiftLeft: Securing the Software Supply Chain by Code-centric Analysis
The ShiftLeft project seeks to transform the security of Software Supply Chains (SSCs) by introducing a declarative code-centric platform supporting continuous security analysis. It incorporates foundational frameworks, novel abstractions combining static and dynamic techniques, and human-in-the-loop feedback with AI-driven prioritization metrics. The project’s objectives include developing expressive security models, building a scalable security analysis platform, and creating an open-source security dashboard integrated into the software development lifecycle for real-world SSCs.
ShiftLeft is funded by the Wallenberg AI, Autonomous Systems and Software Program (WASP) via the NEST (Novelty, Excellence, Synergy, and Teams) instrument. The project is lead by the PI, Prof. Musard Balliu (KTH Royal Institute of Technology). The co-PIs are Prof. Alexandre Bartel (Umeå University), Prof. Christoph Reichenbach (Lund University), Prof. David Sands and Prof. Rebekka Wohlrab (Chalmers University of Technology). The industrial partners are Cparta Cyber Defense, Debricked, Ericsson, Recorded Futures, and SEB.
News Corner
- We are looking for a PhD student at Lund University. Deadline: 30 April 2024 - Apply now
- We are looking for a PhD student at KTH. Deadline: April 30, 2024 - Apply now
- We are looking for a PhD student at Chalmers. Deadline: April 2, 2024 - Apply now
- ShiftLeft’s PI Rebekka Wohlrab awarded by WASP as Alumni of the Year 2023 for outstanding research in the engineering of self-adaptive systems. Congratulations Rebekka.
- We are recruiting PhD students, postdocs, and research engineers, Get in touch!
Team ShiftLeft
Publications
- Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis Mikhail Shcherbakov, Paul Moosbrugger, Musard Balliu. In Proceedings of the Web Conference (WWW’24), 2024.