/Readings

Readings

Software Supply Chain

Type Conference Paper
Security
2022-S&P “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks
2022-NDSS Building Embedded Systems Like It’s 1996
2022-NDSS Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites
2022-NDSS Cross-Language Attacks
2022-S&P Asleep at the Keyboard? Assessing the Security of GitHub Copilot’s Code Contributions
2022-S&P Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects
2022-USENIX How Long Do Vulnerabilities Live in the Code? A Large-Scale Empirical Measurement Study on FOSS Vulnerability Lifetimes
2021-CCS Supply-chain vulnerability elimination via active learning and regeneration
2021-CCS Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction
2021-CCS The Effect of Google Search on Software Security: Unobtrusive Security Interventions via Content Re-ranking
2021-NDSS Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
2021-USENIX Abusing Hidden Properties to Attack the Node.js Ecosystem
2021-USENIX An Investigation of the Android Kernel Patch Ecosystem
2021-ACM-SIGSAC Supply-Chain Vulnerability Elimination via Active Learning and Regeneration
2020-ACM-SIGSAC Towards Using Source Code Repositories to Identify Software Supply Chain Attacks
2020-CCS A Qualitative Study of Dependency Management and Its Security Implications
2020-S&P An Analysis of Pre-installed Android Software
2020-RAID Mininode: Reducing the Attack Surface of Node.js Applications
2019-USENIX Small World with High Risks: A Study of Security Threats in the npm Ecosystem
2019-ASIACCS ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices
2019-NDSS How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories
2019-USENIX Less is More: Quantifying the Security Benefits of Debloating Web Applications
2018-CCS Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost
2018-NDSS BreakApp: Automated, Flexible Application Compartmentalization
2017-NDSS Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
2017-CCS Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android
2016-USENIX On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities
2012-CCS You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
2008-CCS A look in the mirror: attacks on package managers
2003-S&P Poisoning the software supply chain
Software Engineering
2022-ISSTA A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware
2022-WWW Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects
2022-ICSE Demystifying the Vulnerability Propagation and Its Evolution via Dependency Trees in the NPM Ecosystem
2022-ICSE Practical Automated Detection of Malicious npm Packages
2022-TSE Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages
2021-TSE Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite
2021-ICSE Containing Malicious Package Updates in npm with a Lightweight Permission System
2021-ICSE HERO: On the Chaos When PATH Meets Modules
2021-SANER Empirical Analysis of Security Vulnerabilities in Python Packages
2021-ESEC/FSE Detecting Node.js prototype pollution vulnerabilities via object lookup analysis
2021-ASE REPFINDER: Finding Replacements for Missing APIs in Library Update
2021-ESEC/FSE A Longitudinal Analysis of Bloated Java Dependencies
2021-ESEC/FSE LastPyMile: identifying the discrepancy between sources and packages
2021-ESEC/FSE A large-scale empirical study on Java library migrations: prevalence, trends, and rationales
2021-TSE Dependency Smells in JavaScript Projects
2021-TSE Back to the Past -- Analysing Backporting Practices in Package Dependency Networks
2020-ICSME Investigating the reproducibility of npm packages
2020-ICSE Extracting taint specifications for JavaScript libraries
2020-ICSE Watchman: monitoring dependency conflicts for Python library ecosystem
2020-ESEC/FSE Interactive, effort-aware library version harmonization
2019-ICSE Detecting Suspicious Package Updates
2018-ESEC/FSE Do the dependency conflicts in my project matter?
2018-ESEC/FSE The impact of regular expression denial of service (redos) in practice: an empirical study at the ecosystem scale
2017-ICSE How do developers fix cross-project correlated bugs? A case study on the GitHub scientific Python ecosystem
2017-ASE-Workshop Can automated pull requests encourage software developers to upgrade out-of-date dependencies?
2017-ESEC/FSE Why do developers use trivial packages? an empirical case study on npm.
2016-ESEC/FSE How to break an API: cost negotiation and community values in three software ecosystems.
2015-ICSME Impact assessment for vulnerabilities in open-source software libraries
2015-SANER Tracking known security vulnerabilities in proprietary software systems
2015-ASE-Workshop When It Breaks, It Breaks: How Ecosystem Developers Reason about the Stability of Dependencies
2015-ICSW Measuring Dependency Freshness in Software Systems

Kernel Static Analysis

Latest Static Analysis Technique

Detecting UB Bugs in Kernel

Detecting Logical Bugs in Kernel

Research Trends of Kernel Static Analysis

Kernel Code and Page Table Protection

x86

ARM

RISCV

MISC

Kernel Code/PageTable Protect Summary

Type Date Paper
KLAT - PageTable
2017-NDSS PT-Rand: Practical Mitigation of Data-only Attacks against Page TablesPT-Rand
2010-ACSEC Analyzing and Improving Linux Kernel Memory Protection: A Model Checking Approach
KLAT - Code
2017-EuroSys kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse
2016-CNS Preventing Kernel Code-Reuse Attacks Through Disclosure Resistant Code Diversification
2015-SP Readactor: Practical Code Randomization Resilient to Memory Disclosure
2015-ASPLOS Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation
2014-SIGSAC You Can Run but You Can’t Read: Preventing Disclosure Exploits in Executable Code
1999-ICDCS Efficient Kernel Support of Fine-Grained Protection Domains for Mobile Code
SLAT - PageTable
2020-SP xMP: Selective Memory Protection for Kernel and User Space
2017-EUROP On the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms
2016-ATC SecPod: SecPod: a Framework for Virtualization-based Security Systems
2007-SOSP SecVisor : A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes
USENIX-2018 EPTI: Efficient Defence against Meltdown Attack for Unpatched VMs
VEE-2020 Lightweight Kernel Isolation with Virtualization and VM Functions
SLAT - Code
2011-NDSS Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions
2010-SP TrustVisor: Efficient TCB Reduction and Attestation
2009-CCS Countering kernel rootkits with lightweight hook protection
2009-ACSEC Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System
2008-RAID Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
Other Hardwares - PageTable
2014-CCS Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World
Other Hardwares - Code
2019-DATE RiskiM: Toward Complete Kernel Protection with Hardware Support
2016-HPCC TZ-KPM Kernel Protection Mechanism on Embedded Devices on Hardware-assisted Isolated Environment
2016-NDSS SKEE: A lightweight Secure Kernel-level Execution Environment for ARM
2016-HASP Architectural Supports to Protect OS Kernels from Code-Injection Attacks

Kernel Fuzzing

Type Date Paper
SYSCALL
SOSP 2021 HEALER: Relation Learning Guided Kernel Fuzzing
CCS 2021 SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers
NDSS 2020 HFL: Hybrid Fuzzing on the Linux Kernel
EuroSec 2020 X-AFL: A Kernel fuzzer combining passive and active fuzzing
USENIX 2018 MoonShine: Optimizing OS fuzzer seed selection with trace distillation
INPUT
NDSS 2022 EMS : History-Driven Mutation for Coverage-based Fuzzing
USENIX 2021 SYZVEGAS : Beating Kernel Fuzzing Odds with Reinforcement Learning
DRIVER & FILESYSTEM
NDSS 2022 Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators
USENIX 2020 USBFuzz: A framework for fuzzing USB drivers by device emulation
SP 2020 Ex-vivo dynamic analysis framework for android device drivers
ACM Transactions on Storage 2020 Finding Bugs in File Systems with an Extensible Fuzzing Framework
SP 2020 KRACE : Data Race Fuzzing for Kernel File Systems
SP 2019 Fuzzing File Systems via Two-Dimensional Input Space Exploration
SOSP 2019 Finding semantic bugs in file systems with an extensible fuzzing framework
CCS 17 Difuze: Interface aware fuzzing for kernel drivers
PERFORMANCE
CCS 2021 Hardware Support to Improve Fuzzing Performance and Precision
USENIX 2021 Undo Workarounds for Kernel Bugs
USENIX 2020 Agamotto : Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
USENIX 2017 KAFL: Hardware-assisted feedback fuzzing for OS kernels
STATE
CCS 2021 HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs
SP 2019 Razzer: Finding kernel race bugs through fuzzing
WOOT 2019 Unicorefuzz: On the viability of emulation for kernelspace fuzzing
OTHER
USENIX 2022 SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel