Fine-Grained Network Analysis for Modern Software Ecosystems

by Boldi, Paolo and Gousios, Georgios

You can get a pre-print version from here.
You can view the publisher's page here.

Abstract

Modern software development is increasingly dependent on components, libraries, and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or forges). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services that modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.

Bibtex record

@article{BG20,
  author = {Boldi, Paolo and Gousios, Georgios},
  title = {Fine-Grained Network Analysis for Modern Software Ecosystems},
  year = {2020},
  issue_date = {December 2020},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  volume = {21},
  number = {1},
  issn = {1533-5399},
  doi = {10.1145/3418209},
  journal = {ACM Trans. Internet Technol.},
  month = dec,
  articleno = {1},
  numpages = {14},
  keywords = {security breaches, Software reuse, network analysis},
  url = {https://arxiv.org/pdf/2012.04760.pdf}
}

The paper