{"id":"https://openalex.org/W4389279109","doi":"https://doi.org/10.1145/3627106.3627129","title":"Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems","display_name":"Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems","publication_year":2023,"publication_date":"2023-12-02","ids":{"openalex":"https://openalex.org/W4389279109","doi":"https://doi.org/10.1145/3627106.3627129"},"language":"en","primary_location":{"id":"doi:10.1145/3627106.3627129","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3627106.3627129","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006343777","display_name":"Marina Moore","orcid":"https://orcid.org/0009-0005-3252-1104"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Marina Moore","raw_affiliation_strings":["New York University, USA"],"raw_orcid":"https://orcid.org/0009-0005-3252-1104","affiliations":[{"raw_affiliation_string":"New York University, USA","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032223511","display_name":"Trishank Karthik Kuppusamy","orcid":"https://orcid.org/0000-0001-9999-5076"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Trishank Karthik Kuppusamy","raw_affiliation_strings":["Datadog, USA"],"raw_orcid":"https://orcid.org/0000-0001-9999-5076","affiliations":[{"raw_affiliation_string":"Datadog, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030900037","display_name":"Justin Cappos","orcid":"https://orcid.org/0000-0003-1926-8544"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Justin Cappos","raw_affiliation_strings":["New York University, USA"],"raw_orcid":"https://orcid.org/0000-0003-1926-8544","affiliations":[{"raw_affiliation_string":"New York University, USA","institution_ids":["https://openalex.org/I57206974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"83","last_page":"97"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7510286569595337},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6089613437652588},{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.5627477169036865},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5191768407821655},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4785650074481964},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4774813652038574},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.46270090341567993},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.4387046694755554},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4294648766517639},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4197281002998352},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.31010258197784424},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2125929296016693},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13573819398880005},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.13071414828300476},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10496008396148682},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.0966230034828186}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7510286569595337},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6089613437652588},{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.5627477169036865},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5191768407821655},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4785650074481964},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4774813652038574},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.46270090341567993},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.4387046694755554},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4294648766517639},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4197281002998352},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.31010258197784424},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2125929296016693},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13573819398880005},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.13071414828300476},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10496008396148682},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.0966230034828186},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3627106.3627129","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3627106.3627129","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6000000238418579,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W95608104","https://openalex.org/W1541671717","https://openalex.org/W1594706025","https://openalex.org/W1968692939","https://openalex.org/W1987339920","https://openalex.org/W2013608896","https://openalex.org/W2015121269","https://openalex.org/W2067580212","https://openalex.org/W2111038623","https://openalex.org/W2112138431","https://openalex.org/W2114016378","https://openalex.org/W2126087831","https://openalex.org/W2134651419","https://openalex.org/W2141420453","https://openalex.org/W2148542607","https://openalex.org/W2148828749","https://openalex.org/W2152465173","https://openalex.org/W2160308108","https://openalex.org/W2164708987","https://openalex.org/W2164736940","https://openalex.org/W2166602595","https://openalex.org/W2247546441","https://openalex.org/W2890219821","https://openalex.org/W3155249046","https://openalex.org/W4378465430"],"related_works":["https://openalex.org/W2900856417","https://openalex.org/W2100022726","https://openalex.org/W1978034799","https://openalex.org/W2003584227","https://openalex.org/W4360994451","https://openalex.org/W2104846611","https://openalex.org/W2589805430","https://openalex.org/W2187635982","https://openalex.org/W2181627506","https://openalex.org/W896362041"],"abstract_inverted_index":{"Modern":[0],"software":[1,71],"installation":[2,72],"tools":[3,73],"often":[4],"use":[5],"packages":[6],"from":[7],"more":[8],"than":[9],"one":[10],"repository,":[11],"presenting":[12],"a":[13,20,56,67,90,115],"unique":[14,57],"set":[15],"of":[16,25,45,102,118,126,129],"security":[17,96,124],"challenges.":[18],"Such":[19],"configuration":[21],"increases":[22],"the":[23,42,123],"risk":[24,125],"repository":[26,35,51],"compromise":[27],"and":[28,34,54,78,108],"introduces":[29,93],"attacks":[30,46],"like":[31],"dependency":[32],"confusion":[33],"fallback.":[36],"In":[37],"this":[38],"paper,":[39],"we":[40,60,87],"offer":[41],"first":[43],"exploration":[44],"that":[47,69,92],"specifically":[48],"target":[49],"multiple":[50],"update":[52],"systems,":[53],"propose":[55],"defensive":[58],"strategy":[59],"call":[61],"articulated":[62,85],"trust.":[63],"Articulated":[64],"trust":[65,119],"is":[66],"principle":[68],"allows":[70],"to":[74],"specify":[75],"trusted":[76],"developers":[77],"repositories":[79],"for":[80,114],"each":[81],"package.":[82],"To":[83],"implement":[84],"trust,":[86],"built":[88],"Artemis,":[89],"framework":[91],"several":[94],"new":[95],"techniques,":[97],"such":[98],"as":[99],"per-package":[100],"prioritization":[101],"repositories,":[103],"multi-role":[104],"delegations,":[105],"multiple-repository":[106],"consensus,":[107],"key":[109],"pinning.":[110],"These":[111],"techniques":[112],"allow":[113],"greater":[116],"diversity":[117],"relationships":[120],"while":[121],"eliminating":[122],"single":[127],"points":[128],"failure.":[130]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2025-10-10T00:00:00"}
