Skip to main content
Conference ProceedingsOPEN ACCESS

Demo: Detecting Third-Party Library Problems with Combined Program Analysis

Proceedings of the ACM Conference on Computer and Communications Security (2021) 2429-2431
DOI: 10.1145/3460120.3485351
7Citations
Citations of this article
15Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Third-party libraries ease the software development process and thus have become an integral part of modern software engineering. Unfortunately, they are not usually vetted by human developers and thus are often responsible for introducing bugs, vulnerabilities, or attacks to programs that will eventually reach end-users. In this demonstration, we present a combined static and dynamic program analysis for inferring and enforcing third-party library permissions in server-side JavaScript. This analysis is centered around a RWX permission system across library boundaries. We demonstrate that our tools can detect zero-day vulnerabilities injected into popular libraries and often missed by state-of-the-art tools such as snyk test and npm audit.

Author supplied keywords

Cite

CITATION STYLE

APA

Ntousakis, G., Ioannidis, S., & Vasilakis, N. (2021). Demo: Detecting Third-Party Library Problems with Combined Program Analysis. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 2429–2431). Association for Computing Machinery. https://doi.org/10.1145/3460120.3485351

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free