{"id":"https://openalex.org/W3212536037","doi":"https://doi.org/10.1145/3460120.3485351","title":"Demo: Detecting Third-Party Library Problems with Combined Program Analysis","display_name":"Demo: Detecting Third-Party Library Problems with Combined Program Analysis","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3212536037","doi":"https://doi.org/10.1145/3460120.3485351","mag":"3212536037"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3485351","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485351","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073682091","display_name":"Grigoris Ntousakis","orcid":"https://orcid.org/0000-0003-1158-3056"},"institutions":[{"id":"https://openalex.org/I55741626","display_name":"Technical University of Crete","ror":"https://ror.org/03f8bz564","country_code":"GR","type":"education","lineage":["https://openalex.org/I55741626"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"Grigoris Ntousakis","raw_affiliation_strings":["TU Crete, Chania, Greece"],"affiliations":[{"raw_affiliation_string":"TU Crete, Chania, Greece","institution_ids":["https://openalex.org/I55741626"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022073151","display_name":"Sotiris Ioannidis","orcid":"https://orcid.org/0000-0001-9340-2241"},"institutions":[{"id":"https://openalex.org/I55741626","display_name":"Technical University of Crete","ror":"https://ror.org/03f8bz564","country_code":"GR","type":"education","lineage":["https://openalex.org/I55741626"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Sotiris Ioannidis","raw_affiliation_strings":["TU Crete, Chania, Greece"],"affiliations":[{"raw_affiliation_string":"TU Crete, Chania, Greece","institution_ids":["https://openalex.org/I55741626"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034441711","display_name":"Nikos Vasilakis","orcid":"https://orcid.org/0000-0001-7347-298X"},"institutions":[{"id":"https://openalex.org/I4210110987","display_name":"IIT@MIT","ror":"https://ror.org/01wp8zh54","country_code":"US","type":"facility","lineage":["https://openalex.org/I30771326","https://openalex.org/I4210110987"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nikos Vasilakis","raw_affiliation_strings":["MIT, Cambridge, MA, USA"],"affiliations":[{"raw_affiliation_string":"MIT, Cambridge, MA, USA","institution_ids":["https://openalex.org/I4210110987"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5073682091"],"corresponding_institution_ids":["https://openalex.org/I55741626"],"apc_list":null,"apc_paid":null,"fwci":0.7618,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.71798513,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"2429","last_page":"2431"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8051357865333557},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.7092691659927368},{"id":"https://openalex.org/keywords/third-party","display_name":"Third party","score":0.6724991202354431},{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.6116617918014526},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5045202970504761},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4701521396636963},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.4674544930458069},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.43946000933647156},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4145324230194092},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4069119393825531},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.28812915086746216},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.11214101314544678}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8051357865333557},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.7092691659927368},{"id":"https://openalex.org/C2983583741","wikidata":"https://www.wikidata.org/wiki/Q16785388","display_name":"Third party","level":2,"score":0.6724991202354431},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.6116617918014526},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5045202970504761},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4701521396636963},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.4674544930458069},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.43946000933647156},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4145324230194092},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4069119393825531},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.28812915086746216},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.11214101314544678},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3460120.3485351","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485351","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5400000214576721,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1482627336","display_name":null,"funder_award_id":"HR00112020013,HR001120C0191,HR001120C0155","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G1530063340","display_name":null,"funder_award_id":"830927,952690","funder_id":"https://openalex.org/F4320337663","funder_display_name":"H2020 Industrial Leadership"}],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320337663","display_name":"H2020 Industrial Leadership","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W175329226","https://openalex.org/W1975852176","https://openalex.org/W1987647365","https://openalex.org/W2101678831","https://openalex.org/W2223370306","https://openalex.org/W2614073125","https://openalex.org/W2758513221","https://openalex.org/W2788565238","https://openalex.org/W2792952820","https://openalex.org/W3003638206","https://openalex.org/W3104970816","https://openalex.org/W3194460284","https://openalex.org/W3204945378","https://openalex.org/W3211608049"],"related_works":["https://openalex.org/W2374086689","https://openalex.org/W3176279093","https://openalex.org/W2373945265","https://openalex.org/W2370203001","https://openalex.org/W1912565424","https://openalex.org/W4246410201","https://openalex.org/W2959939328","https://openalex.org/W2385081216","https://openalex.org/W2392327727","https://openalex.org/W2352529713"],"abstract_inverted_index":{"Third-party":[0],"libraries":[1,91],"ease":[2],"the":[3],"software":[4,16],"development":[5],"process":[6],"and":[7,27,53,59,92,102],"thus":[8,28],"have":[9],"become":[10],"an":[11],"integral":[12],"part":[13],"of":[14],"modern":[15],"engineering.":[17],"Unfortunately,":[18],"they":[19],"are":[20,29],"not":[21],"usually":[22],"vetted":[23],"by":[24,95],"human":[25],"developers":[26],"often":[30,93],"responsible":[31],"for":[32,57],"introducing":[33],"bugs,":[34],"vulnerabilities,":[35],"or":[36],"attacks":[37],"to":[38],"programs":[39],"that":[40,81],"will":[41],"eventually":[42],"reach":[43],"end-users.":[44],"In":[45],"this":[46],"demonstration,":[47],"we":[48],"present":[49],"a":[50,72],"combined":[51],"static":[52],"dynamic":[54],"program":[55],"analysis":[56,68],"inferring":[58],"enforcing":[60],"third-party":[61],"library":[62,77],"permissions":[63],"in":[64],"server-side":[65],"JavaScript.":[66],"This":[67],"is":[69],"centered":[70],"around":[71],"RWX":[73],"permission":[74],"system":[75],"across":[76],"boundaries.":[78],"We":[79],"demonstrate":[80],"our":[82],"tools":[83,97],"can":[84],"detect":[85],"zero-day":[86],"vulnerabilities":[87],"injected":[88],"into":[89],"popular":[90],"missed":[94],"state-of-the-art":[96],"such":[98],"as":[99],"snyk":[100],"test":[101],"npm":[103],"audit.":[104]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}