Enclosure: language-based restriction of untrusted libraries
Adrien Ghosn, Marios Kogias, Mathias Payer, James R. Larus, Edouard Bugnion
Abstract
Programming languages and systems have failed to address the security implications of the increasingly frequent use of public libraries to construct modern software. Most languages provide tools and online repositories to publish, import, and use libraries; however, this double-edged sword can incorporate a large quantity of unknown, unchecked, and unverified code into an application. The risk is real, as demonstrated by malevolent actors who have repeatedly inserted malware into popular open-source libraries.
Topics & Concepts
Computer scienceMalwarePublicationConstruct (python library)SWORDCode (set theory)World Wide WebComputer securitySoftwareProgramming languageSet (abstract data type)BusinessAdvertisingSecurity and Verification in ComputingAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities