当前位置: X-MOL 学术ACM Trans. Internet Technol. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Fine-Grained Network Analysis for Modern Software Ecosystems
ACM Transactions on Internet Technology ( IF 3.9 ) Pub Date : 2020-12-17 , DOI: 10.1145/3418209
Paolo Boldi 1 , Georgios Gousios 2
Affiliation  

Modern software development is increasingly dependent on components, libraries, and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges ). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services that modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.

中文翻译:

现代软件生态系统的细粒度网络分析

现代软件开发越来越依赖来自第三方供应商或开源供应商的组件、库和框架,并通过多个平台(或锻造)。这种编写软件的方式强调重用和组合,将现代应用程序所需的服务商品化。另一方面,存在于这样一个生态系统中的单个库中的错误和漏洞会直接或通过传递性影响大量其他库和应用程序。目前,仅使用有关库依赖关系的产品级信息来包含这种危险,但这种知识往往表明其本身过于不精确,无法导致有效(并且可能是自动化的)处理策略。我们将讨论细粒度的函数级依赖关系如何极大地提高可靠性并减少漏洞对整个软件生态系统的影响。
更新日期:2020-12-17
down
wechat
bug