The robustness of critical infrastructure systems is contingent upon the integrity and transparency of their software supply chains. A Software Bill of Materials (SBOM) is pivotal in this regard, offering an exhaustive inventory of components and dependencies crucial to software development. However, prevalent challenges in SBOM sharing, such as data tampering risks and vendors' reluctance to fully disclose sensitive information, significantly hinder its effective implementation. These challenges pose a notable threat to the security of critical infrastructure and systems where transparency and trust are paramount, underscoring the need for a more secure and flexible mechanism for SBOM sharing. To bridge the gap, this study introduces a blockchain-empowered architecture for SBOM sharing, leveraging verifiable credentials to allow for selective disclosure. This strategy not only heightens security but also offers flexibility. Furthermore, this paper broadens the remit of SBOM to encompass AI systems, thereby coining the term AI Bill of Materials (AIBOM). The advent of AI and its application in critical infrastructure necessitates a nuanced understanding of AI software components, including their origins and interdependencies. The evaluation of our solution indicates the feasibility and flexibility of the proposed SBOM sharing mechanism, positing a solution for safeguarding (AI) software supply chains, which is essential for the resilience and reliability of modern critical infrastructure systems.

翻译：关键基础设施系统的稳健性取决于其软件供应链的完整性与透明度。软件物料清单（SBOM）在此方面至关重要，它提供了软件开发所需组件及依赖关系的详尽清单。然而，当前SBOM共享面临的数据篡改风险、供应商不愿完全披露敏感信息等普遍挑战，严重阻碍了其有效实施。这些挑战对安全性与信任度至为关键的关键基础设施与系统构成显著威胁，凸显了构建更安全、更灵活的SBOM共享机制的必要性。为填补这一空白，本研究引入了一种基于区块链的SBOM共享架构，利用可验证凭证实现选择性披露。该策略不仅增强了安全性，还提供了灵活性。此外，本文扩展了SBOM的范畴以涵盖人工智能系统，从而提出了“人工智能物料清单”（AIBOM）这一术语。人工智能的兴起及其在关键基础设施中的应用，要求对AI软件组件（包括其来源与相互依赖关系）进行细致理解。对本解决方案的评估表明，所提出的SBOM共享机制具有可行性与灵活性，为保护（AI）软件供应链提供了方案，这对现代关键基础设施系统的韧性与可靠性至关重要。