{"id":"https://openalex.org/W4388954907","doi":"https://doi.org/10.1145/3605770.3625213","title":"Macaron: A Logic-based Framework for Software Supply Chain Security Assurance","display_name":"Macaron: A Logic-based Framework for Software Supply Chain Security Assurance","publication_year":2023,"publication_date":"2023-11-23","ids":{"openalex":"https://openalex.org/W4388954907","doi":"https://doi.org/10.1145/3605770.3625213"},"language":"en","primary_location":{"id":"doi:10.1145/3605770.3625213","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605770.3625213","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085376501","display_name":"Behnaz Hassanshahi","orcid":"https://orcid.org/0009-0006-6639-3056"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Behnaz Hassanshahi","raw_affiliation_strings":["Oracle Labs, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0009-0006-6639-3056","affiliations":[{"raw_affiliation_string":"Oracle Labs, Brisbane, Australia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103273375","display_name":"Trong Nhan","orcid":"https://orcid.org/0009-0001-0309-4909"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Trong Nhan Mai","raw_affiliation_strings":["Oracle Labs, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0009-0001-0309-4909","affiliations":[{"raw_affiliation_string":"Oracle Labs, Brisbane, Australia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070157910","display_name":"Alistair Michael","orcid":"https://orcid.org/0009-0000-7316-9112"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alistair Michael","raw_affiliation_strings":["Oracle Labs, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0009-0000-7316-9112","affiliations":[{"raw_affiliation_string":"Oracle Labs, Brisbane, Australia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048479426","display_name":"Benjamin Selwyn-Smith","orcid":"https://orcid.org/0000-0003-2031-3023"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Benjamin Selwyn-Smith","raw_affiliation_strings":["Oracle Labs, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0000-0003-2031-3023","affiliations":[{"raw_affiliation_string":"Oracle Labs, Brisbane, Australia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060926297","display_name":"Sophie Bates","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sophie Bates","raw_affiliation_strings":["Oracle Labs, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0009-0005-3797-1390","affiliations":[{"raw_affiliation_string":"Oracle Labs, Brisbane, Australia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091442651","display_name":"Padmanabhan Krishnan","orcid":"https://orcid.org/0000-0002-5905-8499"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Padmanabhan Krishnan","raw_affiliation_strings":["Oracle Labs, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0000-0002-5905-8499","affiliations":[{"raw_affiliation_string":"Oracle Labs, Brisbane, Australia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5085376501"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.8881,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.96201343,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"29","last_page":"37"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9679999947547913,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.8046407699584961},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.7681774497032166},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7509972453117371},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6767308712005615},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6591513156890869},{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.6344106197357178},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6046984791755676},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5753974318504333},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.5455280542373657},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.5216255784034729},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5121848583221436},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5107734203338623},{"id":"https://openalex.org/keywords/trustworthiness","display_name":"Trustworthiness","score":0.4377749264240265},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2664707899093628},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2272249162197113},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.12888899445533752}],"concepts":[{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.8046407699584961},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.7681774497032166},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7509972453117371},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6767308712005615},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6591513156890869},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.6344106197357178},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6046984791755676},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5753974318504333},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.5455280542373657},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.5216255784034729},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5121848583221436},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5107734203338623},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.4377749264240265},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2664707899093628},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2272249162197113},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.12888899445533752},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3605770.3625213","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605770.3625213","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Partnerships for the goals","score":0.4099999964237213,"id":"https://metadata.un.org/sdg/17"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1856491113","https://openalex.org/W2040019628","https://openalex.org/W2041182895","https://openalex.org/W3021830120","https://openalex.org/W3030378309","https://openalex.org/W4308562523"],"related_works":["https://openalex.org/W52840052","https://openalex.org/W3162837891","https://openalex.org/W1687852313","https://openalex.org/W2113128227","https://openalex.org/W632256878","https://openalex.org/W2491403535","https://openalex.org/W2479811461","https://openalex.org/W2104915799","https://openalex.org/W4311938462","https://openalex.org/W2355429491"],"abstract_inverted_index":{"Many":[0],"software":[1,37,169],"supply":[2,95,170],"chain":[3,96,171],"attacks":[4],"exploit":[5],"the":[6,19,58,65,81,103,114,152,155,167,180],"fact":[7],"that":[8,21,34,54,88,113,125,160],"what":[9],"is":[10,22,73,146],"in":[11,25,48,154,166],"a":[12,31,36,49,126,138,147,164],"source":[13],"code":[14],"repository":[15],"may":[16],"not":[17,118,136],"match":[18],"artifact":[20,72],"actually":[23],"deployed":[24],"one's":[26],"system.":[27],"This":[28],"paper":[29],"describes":[30],"logic-based":[32],"framework":[33],"analyzes":[35],"component":[38],"and":[39,63,67,107,111,132,174,187],"its":[40],"dependencies":[41],"to":[42,93,142,150,189],"determine":[43],"if":[44],"they":[45],"are":[46,55,78],"built":[47],"trustworthy":[50],"fashion.":[51],"The":[52],"properties":[53,77],"checked":[56],"include":[57],"availability":[59],"of":[60,70,129],"build":[61,66,140],"provenances":[62],"whether":[64],"deployment":[68],"process":[69],"an":[71,90],"tamper":[74],"resistant.":[75],"These":[76],"based":[79],"on":[80,102],"open-source":[82,109,130,181],"community":[83,182],"efforts,":[84],"such":[85],"as":[86],"SLSA,":[87],"enable":[89],"incremental":[91],"approach":[92],"improve":[94],"security.":[97],"We":[98,158],"evaluate":[99],"our":[100,161],"tool":[101,162],"top-30":[104],"Java,":[105],"Python,":[106],"npm":[108],"projects":[110,134],"show":[112,159],"majority":[115],"still":[116],"do":[117,135],"produce":[119,143],"provenances.":[120],"Our":[121],"evaluation":[122],"also":[123],"shows":[124],"large":[127],"number":[128],"Java":[131],"Python":[133],"have":[137],"transparent":[139],"platform":[141],"artifacts,":[144],"which":[145],"necessary":[148],"requirement":[149],"increase":[151],"trust":[153],"published":[156],"artifacts.":[157],"fills":[163],"gap":[165],"current":[168],"security":[172],"landscape,":[173],"by":[175],"making":[176],"it":[177],"publicly":[178],"available":[179],"can":[183],"both":[184],"benefit":[185],"from":[186],"contribute":[188],"it.":[190]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":8},{"year":2023,"cited_by_count":2}],"updated_date":"2026-05-07T13:39:58.223016","created_date":"2025-10-10T00:00:00"}