CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse

Woo, Seunghee; Park, Sung-Han; Kim, Seulbae; Lee, Heejo; Oh, Hakjoo

doi:10.1109/icse43902.2021.00083

Cited by 25 publications

(31 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since multiple libraries are compiled into a fused binary, more popular features will be accumulated. When detecting against a larger database, more false positives could be reported [30].…”

Section: Limitations Of Existing Workmentioning

confidence: 99%

“…A Siamese architecture [3] that contains one shared-parameter function embedding network (i.e., Structure2vec) is applied as shown in Figure 3. More technical details about Gemini can be found in its original paper [30].…”

Section: Function Embeddingmentioning

confidence: 99%

“…They detect TPL reuse based on a database of libraries, identify their versions that may contain potential vulnerabilities, and manage license violation risks. Most of them handle detection targets that are in the forms of source code [20,21,30] or Java bytecode [36]. TPL detection for binaries compiled from C/C++ sources is also important since many projects (especially the ones that require high efficiency) are written in C/C++.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries

Tang,

Wang,

Zhang

et al. 2022

Preprint

View full text Add to dashboard Cite

Third-party libraries (TPLs) are reused frequently in software applications for reducing development cost. However, they could introduce security risks as well. Many TPL detection methods have been proposed to detect TPL reuse in Android bytecode or in source code. This paper focuses on detecting TPL reuse in binary code, which is a more challenging task. For a detection target in binary form, libraries may be compiled and linked to separate dynamic-link files or built into a fused binary that contains multiple libraries and project-specific code. This could result in fewer available code features and lower the effectiveness of feature engineering. In this paper, we propose a binary TPL reuse detection framework, LibDB, which can effectively and efficiently detect imported TPLs even in stripped and fused binaries. In addition to the basic and coarse-grained features (string literals and exported function names), LibDB utilizes function contents as a new type of feature. It embeds all functions in a binary file to low-dimensional representations with a trained neural network. It further adopts a function call graph-based comparison method to improve the accuracy of the detection. LibDB is able to support version identification of TPLs contained in the detection target, which is not considered by existing detection methods. To evaluate the performance of LibDB, we construct three datasets for binary-based TPL reuse detection. Our experimental results show that LibDB is more accurate and efficient than state-of-the-art tools on the binary TPL detection task and the version identification task. Our datasets and source code used in this work are anonymously available at https://github.com/DeepSoftwareAnalytics/LibDB.

show abstract

Section: Limitations Of Existing Workmentioning

confidence: 99%

Section: Function Embeddingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries

Tang,

Wang,

Zhang

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Exact matching techniques [96,115] fail once the code scales beyond an order of magnitude of ten instructions, and FFTs scale up to thousands. The near duplicate codes these techniques require is highly unlikely, even when implementations are copy-and-pasted [135].…”

Section: Current Schemesmentioning

confidence: 99%

Bind the gap: compiling real software to hardware FFT accelerators

Woodruff

Armengol-Estapé

Ainsworth

et al. 2022

Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Specialized hardware accelerators continue to be a source of performance improvement. However, such specialization comes at a programming price. The fundamental issue is that of a mismatch between the diversity of user code and the functionality of fixed hardware, limiting its wider uptake.Here we focus on a particular set of accelerators: those for Fast Fourier Transforms. We present FACC (Fourier ACcelerator Compiler), a novel approach to automatically map legacy code to Fourier Transform accelerators. It automatically generates drop-in replacement adapters using Input-Output (IO)-based program synthesis that bridge the gap between user code and accelerators. We apply FACC to unmodified GitHub C programs of varying complexity and compare against two existing approaches. We target FACC to a high-performance library, FFTW, and two hardware accelerators, the NXP PowerQuad and the Analog Devices FFTA, and demonstrate mean speedups of 9x, 17x and 27x respectively.

show abstract

“…For instance, Google Android GMS [123] and Google Android Library [124] share the same root package "com.google.android". Besides, TPL files can also depend on other TPLs, which also are called nested TPLs [125]. This type of TPLs usually has several parallel root packages, while these interdependent parts together constitute one TPL [27].…”

Section: • Module Decouplingmentioning

confidence: 99%

Research on Third-Party Libraries in AndroidApps: A Taxonomy and Systematic LiteratureReview

Zhan¹,

Liu²,

Fan³

et al. 2021

Preprint

View full text Add to dashboard Cite

Third-party libraries (TPLs) have been widely used in mobile apps, which play an essential part in the entire Android ecosystem. However, TPL is a double-edged sword. On the one hand, it can ease the development of mobile apps. On the other hand, it also brings security risks such as privacy leaks or increased attack surfaces (e.g., by introducing over-privileged permissions) to mobile apps. Although there are already many studies for characterizing third-party libraries, including automated detection, security and privacy analysis of TPLs, TPL attributes analysis, etc., what strikes us odd is that there is no systematic study to summarize those studies' endeavors. To this end, we conduct the first systematic literature review on Android TPL-related research. Following a well-defined systematic literature review protocol, we collected 74 primary research papers closely related to Android third-party library from 2012 to 2020. After carefully examining these studies, we designed a taxonomy of TPL-related research studies and conducted a systematic study to summarize current solutions, limitations, challenges and possible implications of new research directions related to third-party library analysis. We hope that these contributions can give readers a clear overview of existing TPL-related studies and inspire them to go beyond the current status quo by advancing the discipline with innovative approaches.

show abstract

CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse

Cited by 25 publications

References 38 publications

LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries

LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries

Bind the gap: compiling real software to hardware FFT accelerators

Research on Third-Party Libraries in AndroidApps: A Taxonomy and Systematic LiteratureReview

Contact Info

Product

Resources

About