| 1. |
- Baudry, Benoit, et al.
(författare)
-
Long Live Software Easter Eggs!
- 2022
-
Ingår i: Queue. - : Association for Computing Machinery (ACM). - 1542-7730 .- 1542-7749. ; 20:2, s. 31-42
-
Tidskriftsartikel (refereegranskat)abstract
- It's a period of unrest. Rebel developers, striking from continuous deployment servers, have won their first victory. During the battle, rebel spies managed to push an epic commit in the HTML code of https://pro.sony. Pursued by sinister agents, the rebels are hiding in commits, buttons, tooltips, API, HTTP headers, and configuration screens.
|
|
| 2. |
- Cabrera Arteaga, Javier, 1992-, et al.
(författare)
-
WebAssembly diversification for malware evasion
- 2023
-
Ingår i: Computers & security (Print). - : Elsevier BV. - 0167-4048 .- 1872-6208. ; 131
-
Tidskriftsartikel (refereegranskat)abstract
- WebAssembly has become a crucial part of the modern web, offering a faster alternative to JavaScript in browsers. While boosting rich applications in browser, this technology is also very efficient to develop cryptojacking malware. This has triggered the development of several methods to detect cryptojacking malware. However, these defenses have not considered the possibility of attackers using evasion techniques. This paper explores how automatic binary diversification can support the evasion of WebAssembly cryptojacking detectors. We experiment with a dataset of 33 WebAssembly cryptojacking binaries and evaluate our evasion technique against two malware detectors: VirusTotal, a general-purpose detector, and MINOS, a WebAssembly-specific detector. Our results demonstrate that our technique can automatically generate variants of WebAssembly cryptojacking that evade the detectors in 90% of cases for VirusTotal and 100% for MINOS. Our results emphasize the importance of meta-antiviruses and diverse detection techniques and provide new insights into which WebAssembly code transformations are best suited for malware evasion. We also show that the variants introduce limited performance overhead, making binary diversification an effective technique for evasion.
|
|
| 3. |
- Soto Valero, César, et al.
(författare)
-
Automatic Specialization of Third-Party Java Dependencies
-
Annan publikation (övrigt vetenskapligt/konstnärligt)abstract
- Modern software systems rely on a multitude of third-party dependencies. This large-scale code reuse reduces developmentcosts and time, and it poses new challenges with respect to maintenance and security. Techniques such as tree shaking or shading canremove dependencies that are completely unused by a project, which partly address these challenges. Yet, the remaining dependenciesare likely to be used only partially, leaving room for further reduction of third-party code. In this paper, we propose a novel technique tospecialize dependencies of Java projects, based on their actual usage. For each dependency, we systematically identify the subset of itsfunctionalities that is necessary to build the project, and remove the rest. Each specialized dependency is repackaged. Then, wegenerate specialized dependency trees where the original dependencies are replaced by the specialized versions and we rebuild theproject. We implement our technique in a tool called DepTrim, which we evaluate with 30 notable open-source Java projects. DepTrim specializes a total of 343 (86.6%) dependencies across these projects, and successfully rebuilds each project with a specializeddependency tree. Moreover, through this specialization, DepTrim removes a total of 60,962 (47.0%) classes from the dependencies,reducing the ratio of dependency classes to project classes from 8.7× in the original projects to 4.4 × after specialization. Theseresults indicate the relevance of dependency specialization to significantly reduce the share of third-party code in Java projects.
|
|
| 4. |
- Soto Valero, César, et al.
(författare)
-
Automatic Specialization of Third-Party Java Dependencies
- 2023
-
Ingår i: IEEE Transactions on Software Engineering. - : Institute of Electrical and Electronics Engineers (IEEE). - 0098-5589 .- 1939-3520. ; 49:11, s. 5027-5045
-
Tidskriftsartikel (refereegranskat)abstract
- Large-scale code reuse significantly reduces both development costs and time. However, the massive share of third-party code in software projects poses new challenges, especially in terms of maintenance and security. In this paper, we propose a novel technique to specialize dependencies of Java projects, based on their actual usage. Given a project and its dependencies, we systematically identify the subset of each dependency that is necessary to build the project, and we remove the rest. As a result of this process, we package each specialized dependency in a JAR file. Then, we generate specialized dependency trees where the original dependencies are replaced by the specialized versions. This allows building the project with significantly less third-party code than the original. As a result, the specialized dependencies become a first-class concept in the software supply chain, rather than a transient artifact in an optimizing compiler toolchain. We implement our technique in a tool called DepTrim, which we evaluate with 30 notable open-source Java projects. DepTrim specializes a total of 343 (86.6%) dependencies across these projects, and successfully rebuilds each project with a specialized dependency tree. Moreover, through this specialization, DepTrim removes a total of 57,444 (42.2%) classes from the dependencies, reducing the ratio of dependency classes to project classes from 8.7×× in the original projects to 5.0×× after specialization. These novel results indicate that dependency specialization significantly reduces the share of third-party code in Java projects.
|
|
| 5. |
- Tiwari, Deepika, et al.
(författare)
-
With Great Humor Comes Great Developer Engagement
- 2024
-
Ingår i: Proceedings - 2024 ACM/IEEE 46th International Conference on Software Engineering: Software Engineering in Society, ICSE-SEIS 2024. - : Association for Computing Machinery (ACM). ; , s. 1-11
-
Konferensbidrag (refereegranskat)abstract
- The worldwide collaborative effort for the creation of software is technically and socially demanding. The more engaged developers are, the more value they impart to the software they create. Engaged developers, such as Margaret Hamilton programming Apollo 11, can succeed in tackling the most difficult engineering tasks. In this paper, we dive deep into an original vector of engagement - humor - and study how it fuels developer engagement. First, we collect qualitative and quantitative data about the humorous elements present within three significant, real-world software projects: faker, which helps developers introduce humor within their tests; lolcommits, which captures a photograph after each contribution made by a developer; and volkswagen, an exercise in satire, which accidentally led to the invention of an impactful software tool. Second, through a developer survey, we receive unique insights from 125 developers, who share their real-life experiences with humor in software. Our analysis of the three case studies highlights the prevalence of humor in software, and unveils the worldwide community of developers who are enthusiastic about both software and humor. We also learn about the caveats of humor in software through the valuable insights shared by our survey respondents. We report clear evidence that, when practiced responsibly, humor increases developer engagement and supports them in addressing hard engineering and cognitive tasks. The most actionable highlight of our work is that software tests and documentation are the best locations in code to practice humor.
|
|
