Visualizing Comparisons of Bill of Materials

Abstract

The complexity of distributed manufacturing and software development coupled with the increasing prevalence of cyber and supply chain attacks necessitates a greater understanding of the hardware and software components that comprise equipment in critical infrastructure. When a vulnerability in a single software library can have disastrous consequences, being able to identify where that library may exist in equipment or software becomes a prerequisite for protecting the overall infrastructure. This need has sparked a large effort around the development and incorporation of bill-of-materials(BOM) into security, asset management, and procurement practices to aid in mitigating, and responding to future attacks. While much of the current research is devoted to creating BOMs, it is equally important to develop methods for comparing them to answer questions, such as: How has my software changed? Are two pieces of equipment equivalent? Does this piece of equipment that just arrived match my historical information? In this work, we demonstrate how BOMs can be represented by graph structures. We then describe how these structures can be fed into a graph comparison algorithm to produce a novel interactive visualization that allows us to not only identify differences in BOMs but show exactly where they are in the product.