{"id":"https://openalex.org/W4385080362","doi":"https://doi.org/10.1109/sp46215.2023.10179471","title":"Continuous Intrusion: Characterizing the Security of Continuous Integration Services","display_name":"Continuous Intrusion: Characterizing the Security of Continuous Integration Services","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4385080362","doi":"https://doi.org/10.1109/sp46215.2023.10179471"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179471","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179471","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101152479","display_name":"Yacong Gu","orcid":"https://orcid.org/0000-0003-2221-5689"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yacong Gu","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100414046","display_name":"Lingyun Ying","orcid":"https://orcid.org/0000-0001-7445-9103"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lingyun Ying","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086425732","display_name":"Huajun Chai","orcid":"https://orcid.org/0000-0001-8067-9129"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Huajun Chai","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100962809","display_name":"Qiao Chu","orcid":"https://orcid.org/0000-0001-7491-310X"},"institutions":[{"id":"https://openalex.org/I86501945","display_name":"University of Delaware","ror":"https://ror.org/01sbq1a82","country_code":"US","type":"education","lineage":["https://openalex.org/I86501945"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chu Qiao","raw_affiliation_strings":["University of Delaware"],"affiliations":[{"raw_affiliation_string":"University of Delaware","institution_ids":["https://openalex.org/I86501945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University","Tsinghua University-QI-ANXIN Group JCNS"],"affiliations":[{"raw_affiliation_string":"Tsinghua University","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Tsinghua University-QI-ANXIN Group JCNS","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100622644","display_name":"Xing Gao","orcid":"https://orcid.org/0000-0002-0401-5125"},"institutions":[{"id":"https://openalex.org/I86501945","display_name":"University of Delaware","ror":"https://ror.org/01sbq1a82","country_code":"US","type":"education","lineage":["https://openalex.org/I86501945"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xing Gao","raw_affiliation_strings":["University of Delaware"],"affiliations":[{"raw_affiliation_string":"University of Delaware","institution_ids":["https://openalex.org/I86501945"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101152479"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.0377,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.87661972,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1561","last_page":"1577"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6956143379211426},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.6906261444091797},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6434586048126221},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5085264444351196},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.5034665465354919},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.45474645495414734},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.4203253984451294},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.41447848081588745},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.41419151425361633},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1738274097442627},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.15770480036735535},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11011788249015808}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6956143379211426},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.6906261444091797},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6434586048126221},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5085264444351196},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.5034665465354919},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.45474645495414734},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.4203253984451294},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.41447848081588745},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.41419151425361633},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1738274097442627},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.15770480036735535},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11011788249015808},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C89423630","wikidata":"https://www.wikidata.org/wiki/Q7193","display_name":"Microbiology","level":1,"score":0.0},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179471","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179471","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":48,"referenced_works":["https://openalex.org/W587329788","https://openalex.org/W1600184236","https://openalex.org/W1637101047","https://openalex.org/W1979848034","https://openalex.org/W1984816986","https://openalex.org/W2012921353","https://openalex.org/W2077836579","https://openalex.org/W2165109377","https://openalex.org/W2229250518","https://openalex.org/W2283736639","https://openalex.org/W2487444527","https://openalex.org/W2591793539","https://openalex.org/W2603119212","https://openalex.org/W2740295334","https://openalex.org/W2752531342","https://openalex.org/W2768067395","https://openalex.org/W2789570312","https://openalex.org/W2803395207","https://openalex.org/W2806253293","https://openalex.org/W2889480272","https://openalex.org/W2901668404","https://openalex.org/W2915997584","https://openalex.org/W2946009361","https://openalex.org/W2947593054","https://openalex.org/W2954449342","https://openalex.org/W2955656327","https://openalex.org/W2963559715","https://openalex.org/W2980907292","https://openalex.org/W3000554390","https://openalex.org/W3011047213","https://openalex.org/W3106063118","https://openalex.org/W3124882526","https://openalex.org/W3138230581","https://openalex.org/W3162570939","https://openalex.org/W3184379011","https://openalex.org/W4220682629","https://openalex.org/W4226410005","https://openalex.org/W4284676680","https://openalex.org/W4288057763","https://openalex.org/W4288057810","https://openalex.org/W4306406241","https://openalex.org/W6636783225","https://openalex.org/W6669890588","https://openalex.org/W6722750451","https://openalex.org/W6743754206","https://openalex.org/W6752006691","https://openalex.org/W6754216381","https://openalex.org/W6759246942"],"related_works":["https://openalex.org/W2789663798","https://openalex.org/W2375896275","https://openalex.org/W4230913293","https://openalex.org/W2166943775","https://openalex.org/W2775236000","https://openalex.org/W2073762068","https://openalex.org/W4388925690","https://openalex.org/W3160929777","https://openalex.org/W4386875494","https://openalex.org/W2728977822"],"abstract_inverted_index":{"Continuous":[0],"Integration":[1],"(CI)":[2],"is":[3],"a":[4,52,58,80,185,190,200],"widely-adopted":[5],"software":[6,77],"development":[7,38],"practice":[8],"for":[9],"automated":[10],"code":[11,22,49,74,182,188],"integration.":[12],"A":[13],"typical":[14],"CI":[15,26,34,53,63,81,103,191],"workflow":[16],"involves":[17],"multiple":[18,106],"independent":[19],"stakeholders,":[20],"including":[21],"hosting":[23],"platforms":[24,27],"(CHPs),":[25],"(CPs),":[28],"and":[29,108,115,151,153,178,222,239],"third":[30],"party":[31],"services.":[32],"While":[33],"can":[35,87],"significantly":[36],"improve":[37],"efficiency,":[39],"unfortunately,":[40],"it":[41],"also":[42],"exposes":[43],"new":[44],"attack":[45,169],"surfaces.":[46],"As":[47],"the":[48,90,141,195,204,234],"executed":[50],"by":[51,78,147,183,227],"task":[54],"may":[55],"come":[56],"from":[57],"less-trusted":[59],"user,":[60],"improperly":[61],"configured":[62],"with":[64,105,131,160],"weak":[65],"isolation":[66],"mechanisms":[67],"might":[68],"enable":[69],"attackers":[70,173],"to":[71,121,174,237],"inject":[72,180],"malicious":[73,181],"into":[75],"victim":[76],"triggering":[79],"task.":[82,192],"Also,":[83],"one":[84],"insecure":[85],"stakeholder":[86],"potentially":[88],"affect":[89],"whole":[91],"process.":[92],"In":[93],"this":[94],"paper,":[95],"we":[96,198],"systematically":[97],"study":[98],"potential":[99,123,196],"security":[100],"threats":[101],"in":[102,125,189],"workflows":[104],"stakeholders":[107],"major":[109],"CP":[110],"components":[111],"considered.":[112],"We":[113,135,164,230],"design":[114],"develop":[116],"an":[117],"analysis":[118,215],"tool,":[119],"CInspector,":[120],"investigate":[122],"vulnerabilities":[124,236],"seven":[126],"popular":[127,220],"CPs,":[128],"when":[129],"integrated":[130],"three":[132,205],"mainstream":[133,206],"CHPs.":[134],"find":[136],"that":[137,171,217],"all":[138],"CPs":[139,238],"have":[140,231],"risk":[142],"of":[143,155,187],"token":[144],"leakage":[145],"caused":[146],"improper":[148,161],"resource":[149],"sharing":[150],"isolation,":[152],"many":[154],"them":[156],"utilize":[157],"over-privileged":[158],"tokens":[159],"validity":[162],"periods.":[163],"further":[165],"reveal":[166],"four":[167],"novel":[168],"vectors":[170],"allow":[172],"escalate":[175],"their":[176],"privileges":[177],"stealthy":[179],"executing":[184],"piece":[186],"To":[193],"understand":[194],"impact,":[197],"conduct":[199],"large-scale":[201],"measurement":[202],"on":[203],"CHPs,":[207],"scrutinizing":[208],"over":[209],"1.69":[210],"million":[211],"repositories.":[212],"Our":[213],"quantitative":[214],"demonstrates":[216],"some":[218],"very":[219],"repositories":[221],"large":[223],"organizations":[224],"are":[225],"affected":[226],"these":[228],"attacks.":[229],"duly":[232],"reported":[233],"identified":[235],"received":[240],"positive":[241],"responses.":[242]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}