{"id":"https://openalex.org/W3211608049","doi":"https://doi.org/10.1145/3460120.3484736","title":"Supply-Chain Vulnerability Elimination via Active Learning and Regeneration","display_name":"Supply-Chain Vulnerability Elimination via Active Learning and Regeneration","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3211608049","doi":"https://doi.org/10.1145/3460120.3484736","mag":"3211608049"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3484736","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3484736","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484736","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484736","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034441711","display_name":"Nikos Vasilakis","orcid":"https://orcid.org/0000-0001-7347-298X"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nikos Vasilakis","raw_affiliation_strings":["Massachusetts Institute of Technology, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Massachusetts Institute of Technology, Cambridge, MA, USA","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088327563","display_name":"Achilles Benetopoulos","orcid":null},"institutions":[{"id":"https://openalex.org/I185103710","display_name":"University of California, Santa Cruz","ror":"https://ror.org/03s65by71","country_code":"US","type":"education","lineage":["https://openalex.org/I185103710"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Achilles Benetopoulos","raw_affiliation_strings":["University of California, Santa Cruz, Santa Cruz, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Santa Cruz, Santa Cruz, CA, USA","institution_ids":["https://openalex.org/I185103710"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087871590","display_name":"Shivam Handa","orcid":null},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shivam Handa","raw_affiliation_strings":["Massachusetts Institute of Technology, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Massachusetts Institute of Technology, Cambridge, MA, USA","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074503335","display_name":"Alizee Schoen","orcid":null},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alizee Schoen","raw_affiliation_strings":["Massachusetts Institute of Technology, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Massachusetts Institute of Technology, Cambridge, MA, USA","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024117197","display_name":"Jiasi Shen","orcid":"https://orcid.org/0000-0002-5904-3641"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiasi Shen","raw_affiliation_strings":["Massachusetts Institute of Technology, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Massachusetts Institute of Technology, Cambridge, MA, USA","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5045127387","display_name":"Martin Rinard","orcid":"https://orcid.org/0000-0001-8095-8523"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Martin C. Rinard","raw_affiliation_strings":["Massachusetts Institute of Technology, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"Massachusetts Institute of Technology, Cambridge, MA, USA","institution_ids":["https://openalex.org/I63966007"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5034441711"],"corresponding_institution_ids":["https://openalex.org/I63966007"],"apc_list":null,"apc_paid":null,"fwci":2.6229,"has_fulltext":true,"cited_by_count":22,"citation_normalized_percentile":{"value":0.90744332,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1755","last_page":"1770"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.785981297492981},{"id":"https://openalex.org/keywords/harp","display_name":"HARP","score":0.7715835571289062},{"id":"https://openalex.org/keywords/string","display_name":"String (physics)","score":0.7287036180496216},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.7262798547744751},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.5930452346801758},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5644084811210632},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5118981599807739},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.4632602334022522},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.31964296102523804},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.19806963205337524}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.785981297492981},{"id":"https://openalex.org/C2776030095","wikidata":"https://www.wikidata.org/wiki/Q5628954","display_name":"HARP","level":2,"score":0.7715835571289062},{"id":"https://openalex.org/C157486923","wikidata":"https://www.wikidata.org/wiki/Q1376436","display_name":"String (physics)","level":2,"score":0.7287036180496216},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.7262798547744751},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.5930452346801758},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5644084811210632},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5118981599807739},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.4632602334022522},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.31964296102523804},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.19806963205337524},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3460120.3484736","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3484736","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484736","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:dspace.mit.edu:1721.1/146310","is_oa":true,"landing_page_url":"https://hdl.handle.net/1721.1/146310","pdf_url":null,"source":{"id":"https://openalex.org/S4306400425","display_name":"DSpace@MIT (Massachusetts Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I63966007","host_organization_name":"Massachusetts Institute of Technology","host_organization_lineage":["https://openalex.org/I63966007"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM|Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"http://purl.org/eprint/type/ConferencePaper"},{"id":"pmh:oai:repository.hkust.edu.hk:1783.1-123616","is_oa":false,"landing_page_url":"http://www.scopus.com/record/display.url?eid=2-s2.0-85119327215&origin=inward","pdf_url":null,"source":{"id":"https://openalex.org/S4306401796","display_name":"Rare & Special e-Zone (The Hong Kong University of Science and Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200769079","host_organization_name":"Hong Kong University of Science and Technology","host_organization_lineage":["https://openalex.org/I200769079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference paper"}],"best_oa_location":{"id":"doi:10.1145/3460120.3484736","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3460120.3484736","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3460120.3484736","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1692276411","display_name":null,"funder_award_id":"HR001120C0191","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3211608049.pdf","grobid_xml":"https://content.openalex.org/works/W3211608049.grobid-xml"},"referenced_works_count":41,"referenced_works":["https://openalex.org/W63895107","https://openalex.org/W431566009","https://openalex.org/W1858945639","https://openalex.org/W2039999720","https://openalex.org/W2085925880","https://openalex.org/W2093535699","https://openalex.org/W2101678831","https://openalex.org/W2115733813","https://openalex.org/W2123582298","https://openalex.org/W2127456326","https://openalex.org/W2134734244","https://openalex.org/W2138346871","https://openalex.org/W2151135920","https://openalex.org/W2153943889","https://openalex.org/W2294912735","https://openalex.org/W2496170334","https://openalex.org/W2561055248","https://openalex.org/W2591793539","https://openalex.org/W2602111867","https://openalex.org/W2614073125","https://openalex.org/W2765284675","https://openalex.org/W2768517636","https://openalex.org/W2785774944","https://openalex.org/W2792952820","https://openalex.org/W2891688103","https://openalex.org/W2895585783","https://openalex.org/W2898334666","https://openalex.org/W2899590559","https://openalex.org/W2921892740","https://openalex.org/W2945710818","https://openalex.org/W2970323597","https://openalex.org/W2980042801","https://openalex.org/W2987470874","https://openalex.org/W3104970816","https://openalex.org/W3105239039","https://openalex.org/W3123182306","https://openalex.org/W3123214346","https://openalex.org/W3204945378","https://openalex.org/W4234087688","https://openalex.org/W4237412827","https://openalex.org/W4298112463"],"related_works":["https://openalex.org/W2091083843","https://openalex.org/W424580262","https://openalex.org/W2597835809","https://openalex.org/W4300904561","https://openalex.org/W619121476","https://openalex.org/W2807944126","https://openalex.org/W4248186805","https://openalex.org/W605528597","https://openalex.org/W2808146244","https://openalex.org/W4387762656"],"abstract_inverted_index":{"Software":[0],"supply-chain":[1],"attacks":[2,12],"target":[3,14],"components":[4,118],"that":[5,31,40,160],"are":[6],"integrated":[7],"into":[8],"client":[9,42],"applications.":[10],"Such":[11],"often":[13],"widely-used":[15],"components,":[16],"with":[17,145,166],"the":[18,41,58,77,81,89,129,135,146,154],"attack":[19],"taking":[20],"place":[21],"via":[22],"operations":[23],"(for":[24],"example,":[25],"file":[26],"system":[27,104],"or":[28],"network":[29],"accesses)":[30],"do":[32],"not":[33],"affect":[34],"those":[35],"aspects":[36],"of":[37,61,68,88,131],"component":[38],"behavior":[39,60,91],"observes.":[43],"We":[44,99,109,157],"propose":[45],"new":[46],"active":[47],"library":[48],"learning":[49],"and":[50,56,79,115,122,149,178],"regeneration":[51,136],"(ALR)":[52],"techniques":[53],"for":[54,105],"inferring":[55],"regenerating":[57],"client-observable":[59],"software":[62],"components.":[63,108],"Using":[64],"increasingly":[65],"sophisticated":[66],"rounds":[67],"exploration,":[69],"ALR":[70,103],"generates":[71],"inputs,":[72],"provides":[73],"these":[74],"inputs":[75],"to":[76,84,112],"component,":[78],"observes":[80],"resulting":[82],"outputs":[83],"infer":[85,114],"a":[86,93,96,140],"model":[87],"component's":[90],"as":[92],"program":[94],"in":[95,120,128,137,169],"domain-specific":[97],"language.":[98],"present":[100],"Harp,":[101],"an":[102],"string":[106],"processing":[107],"apply":[110],"Harp":[111,133,161],"successfully":[113],"regenerate":[116],"string-processing":[117],"written":[119],"JavaScript":[121],"C/C++.":[123],"Our":[124],"results":[125],"indicate":[126],"that,":[127],"majority":[130],"cases,":[132],"completes":[134],"less":[138],"than":[139],"minute,":[141],"remains":[142],"fully":[143],"compatible":[144],"original":[147,155],"library,":[148],"delivers":[150],"performance":[151],"indistinguishable":[152],"from":[153],"library.":[156],"also":[158],"demonstrate":[159],"can":[162],"eliminate":[163],"vulnerabilities":[164],"associated":[165],"libraries":[167],"targeted":[168],"several":[170],"highly":[171],"visible":[172],"security":[173],"incidents,":[174],"specifically":[175],"event-stream,":[176],"left-pad,":[177],"string-compare.":[179]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}