Litcius/Paper detail

Wolf at the Door

Elizabeth Wyss, Alexander Wittman, Drew Davidson, Lorenzo De Carli

2022Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security20 citationsDOIOpen Access PDF

Abstract

The npm software ecosystem allows developers to easily import code written by others. However, manual vetting of every individual installed component is made difficult in many cases by the number of transitive dependencies brought in by installing popular packages. This has enabled attackers to propagate malicious code by hiding it deep into the dependency chains of popular packages. A particularly dangerous form of attack comes from malicious code embedded into package install scripts.

Topics & Concepts

VettingComputer scienceScripting languageCode (set theory)Component (thermodynamics)InstallationComputer securityDependency (UML)SoftwareSoftware bugOperating systemProgramming languageSoftware engineeringThermodynamicsPhysicsSet (abstract data type)Advanced Malware Detection TechniquesSecurity and Verification in ComputingDigital and Cyber Forensics
Wolf at the Door | Litcius