Graph Metrics for Improving Cybersecurity on Software Dependency Networks

Yao, Darren Z.

Author(s)

Yao, Darren Z.

DownloadThesis PDF (488.6Kb)

Advisor

Pal, Ranjan

Siegel, Michael D.

Terms of use

In Copyright - Educational Use Permitted Copyright retained by author(s) https://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

Modern software ecosystems are deeply interconnected, allowing a vulnerability in a single component to propagate and affect many others. In this thesis, we model software ecosystems as directed graphs, and apply various graph-theoretic metrics to quantify security risk. We compare two deep learning frameworks (PyTorch and TensorFlow) with two traditional software frameworks (npm and PyPI), identifying critical properties of their dependency structures, which motivates several recommendations for improving software supply chain security.

Date issued

2025-05

URI

https://hdl.handle.net/1721.1/162980

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses