Ιδρυματικό Αποθετήριο [SANDBOX]
Πολυτεχνείο Κρήτης
EN  |  EL

Αναζήτηση

Πλοήγηση

Ο Χώρος μου

Demo: detecting third-party library problems with combined program analysis

Ntousakis Grigorios, Ioannidis Sotirios, Vasilakis Nikos

Απλή Εγγραφή


URIhttp://purl.tuc.gr/dl/dias/3398BD41-2621-42BB-87C0-A2B613D46E81-
Αναγνωριστικόhttps://doi.org/10.1145/3460120.3485351-
Αναγνωριστικόhttps://dl.acm.org/doi/10.1145/3460120.3485351-
Γλώσσαen-
Μέγεθος3 pagesen
ΤίτλοςDemo: detecting third-party library problems with combined program analysisen
ΔημιουργόςNtousakis Grigoriosen
ΔημιουργόςΝτουσακης Γρηγοριοςel
ΔημιουργόςIoannidis Sotiriosen
ΔημιουργόςΙωαννιδης Σωτηριοςel
ΔημιουργόςVasilakis Nikosen
ΕκδότηςAssociation for Computing Machinery (ACM)en
ΠερίληψηThird-party libraries ease the software development process and thus have become an integral part of modern software engineering. Unfortunately, they are not usually vetted by human developers and thus are often responsible for introducing bugs, vulnerabilities, or attacks to programs that will eventually reach end-users. In this demonstration, we present a combined static and dynamic program analysis for inferring and enforcing third-party library permissions in server-side JavaScript. This analysis is centered around a RWX permission system across library boundaries. We demonstrate that our tools can detect zero-day vulnerabilities injected into popular libraries and often missed by state-of-the-art tools such as snyk test and npm audit.en
ΤύποςConference Demonstrationen
ΤύποςΕπίδειξη σε Συνέδριοel
Άδεια Χρήσηςhttp://creativecommons.org/licenses/by/4.0/en
Ημερομηνία2023-06-01-
Ημερομηνία Δημοσίευσης2021-
Θεματική ΚατηγορίαDynamic program analysisen
Θεματική ΚατηγορίαStatic program analysisen
Βιβλιογραφική ΑναφοράG. Ntousakis, S. Ioannidis and N. Vasilakis, “Demo: detecting third-party library problems with combined program analysis,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS 2021), virtual event, 2021, pp. 2429–2431, doi: 10.1145/3460120.3485351.en

Διαθέσιμα αρχεία

Υπηρεσίες

Στατιστικά