乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T07:59:31Z","timestamp":1725695971688},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","funder":[{"name":"Sec4AI4Sec","award":["101120393"]},{"name":"AssureMOSS","award":["952647"]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,30]]},"DOI":"10.1145\/3605770.3625212","type":"proceedings-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T06:46:12Z","timestamp":1700721972000},"page":"65-74","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["The Hitchhiker's Guide to Malicious Third-Party Dependencies"],"prefix":"10.1145","author":[{"ORCID":"http:\/\/orcid.org\/0000-0003-0850-4054","authenticated-orcid":false,"given":"Piergiorgio","family":"Ladisa","sequence":"first","affiliation":[{"name":"SAP Security Research & Universit\u00e9 de Rennes 1, INRIA\/IRISA, Mougins, France"}]},{"ORCID":"http:\/\/orcid.org\/0009-0009-4798-0601","authenticated-orcid":false,"given":"Merve","family":"Sahin","sequence":"additional","affiliation":[{"name":"SAP Security Research, Mougins, France"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-6208-4743","authenticated-orcid":false,"given":"Serena Elisa","family":"Ponta","sequence":"additional","affiliation":[{"name":"SAP Security Research, Mougins, France"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-4614-6932","authenticated-orcid":false,"given":"Marco","family":"Rosa","sequence":"additional","affiliation":[{"name":"SAP Security Research, Mougins, France"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-2945-866X","authenticated-orcid":false,"given":"Matias","family":"Martinez","sequence":"additional","affiliation":[{"name":"Universitat Polit\u00e8cnica de Catalunya - Barcelona Tech, Barcelona, Spain"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-4551-8562","authenticated-orcid":false,"given":"Olivier","family":"Barais","sequence":"additional","affiliation":[{"name":"Universit\u00e9 de Rennes 1, INRIA\/IRISA, Rennes, France"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Build Scripts - The Cargo Book. https:\/\/doc.rust-lang.org\/cargo\/reference\/ build-scripts.html. [Accessed 30-Jun-2023]. [n. d.]. Build Scripts - The Cargo Book. https:\/\/doc.rust-lang.org\/cargo\/reference\/ build-scripts.html. [Accessed 30-Jun-2023]."},{"volume-title":"d.]","year":"2023","key":"e_1_3_2_1_2_1","unstructured":"[n. d.] . Chapter 12. Execution - docs.oracle.com. https:\/\/docs.oracle.com\/javase\/ specs\/jls\/se20\/html\/jls-12.html [Accessed 28-08-- 2023 ]. [n. d.]. Chapter 12. Execution - docs.oracle.com. https:\/\/docs.oracle.com\/javase\/ specs\/jls\/se20\/html\/jls-12.html [Accessed 28-08--2023]."},{"volume-title":"d.]","year":"2023","key":"e_1_3_2_1_3_1","unstructured":"[n. d.] . Chapter 8. Classes - docs.oracle.com. https:\/\/docs.oracle.com\/javase\/ specs\/jls\/se20\/html\/jls-8.html. [Accessed 28-08-- 2023 ]. [n. d.]. Chapter 8. Classes - docs.oracle.com. https:\/\/docs.oracle.com\/javase\/ specs\/jls\/se20\/html\/jls-8.html. [Accessed 28-08--2023]."},{"key":"e_1_3_2_1_4_1","unstructured":"[n. d.]. Command-line interface \/ Commands - Composer -- getcomposer.org. https:\/\/getcomposer.org\/doc\/03-cli.md#install-i. [Accessed 30-Jun-2023]. [n. d.]. Command-line interface \/ Commands - Composer -- getcomposer.org. https:\/\/getcomposer.org\/doc\/03-cli.md#install-i. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_5_1","unstructured":"[n. d.]. Effective Go - The Go Programming Language. https:\/\/go.dev\/doc\/ effective_go. [Accessed 30-Jun-2023]. [n. d.]. Effective Go - The Go Programming Language. https:\/\/go.dev\/doc\/ effective_go. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_6_1","unstructured":"[n. d.]. Gems with Extensions. https:\/\/guides.rubygems.org\/gems-withextensions. [Accessed 30-Jun-2023]. [n. d.]. Gems with Extensions. https:\/\/guides.rubygems.org\/gems-withextensions. [Accessed 30-Jun-2023]."},{"volume-title":"d.]. MITRE ATT&CK","year":"2023","key":"e_1_3_2_1_7_1","unstructured":"[n. d.]. MITRE ATT&CK ; -- attack.mitre.org. https:\/\/attack.mitre.org\/. [Accessed 30- Jun- 2023 ]. [n. d.]. MITRE ATT&CK; -- attack.mitre.org. https:\/\/attack.mitre.org\/. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_8_1","unstructured":"[n. d.]. Modules: Packages. https:\/\/nodejs.org\/api\/packages.html. [Accessed 30-Jun-2023]. [n. d.]. Modules: Packages. https:\/\/nodejs.org\/api\/packages.html. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_9_1","unstructured":"[n. d.]. npm-install - npm Docs. https:\/\/docs.npmjs.com\/cli\/v9\/commands\/npminstall. [Accessed 30-Jun-2023]. [n. d.]. npm-install - npm Docs. https:\/\/docs.npmjs.com\/cli\/v9\/commands\/npminstall. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_10_1","unstructured":"[n. d.]. package.json - npm Docs. https:\/\/docs.npmjs.com\/cli\/v8\/configuringnpm\/package-json#scripts. [Accessed 30-Jun-2023]. [n. d.]. package.json - npm Docs. https:\/\/docs.npmjs.com\/cli\/v8\/configuringnpm\/package-json#scripts. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_11_1","unstructured":"[n. d.]. pip install - pip documentation v23.1.2 -- pip.pypa.io. https:\/\/pip.pypa.io\/ en\/stable\/cli\/pip_install\/#cmdoption-only-binary. [Accessed 30-Jun-2023]. [n. d.]. pip install - pip documentation v23.1.2 -- pip.pypa.io. https:\/\/pip.pypa.io\/ en\/stable\/cli\/pip_install\/#cmdoption-only-binary. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_12_1","unstructured":"[n. d.]. Scripts - Composer -- getcomposer.org. https:\/\/getcomposer.org\/doc\/ articles\/scripts.md#scripts. [Accessed 30-Jun-2023]. [n. d.]. Scripts - Composer -- getcomposer.org. https:\/\/getcomposer.org\/doc\/ articles\/scripts.md#scripts. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_13_1","unstructured":"[n. d.]. The import system. https:\/\/docs.python.org\/3\/reference\/import.html. [Accessed 30-Jun-2023]. [n. d.]. The import system. https:\/\/docs.python.org\/3\/reference\/import.html. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_14_1","unstructured":"2022. Stack Overflow Developer Survey 2022 -- survey.stackoverflow.co. https: \/\/survey.stackoverflow.co\/2022\/#technology-most-loved-dreaded-and-wanted. [Accessed 30-Jun-2023]. 2022. Stack Overflow Developer Survey 2022 -- survey.stackoverflow.co. https: \/\/survey.stackoverflow.co\/2022\/#technology-most-loved-dreaded-and-wanted. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_15_1","unstructured":"2023. PyPI new user and new project registrations temporarily suspended. https:\/\/status.python.org\/incidents\/qy2t9mjjcc7g?u=l1b53kd6n2rs. [Accessed 30-Jun-2023]. 2023. PyPI new user and new project registrations temporarily suspended. https:\/\/status.python.org\/incidents\/qy2t9mjjcc7g?u=l1b53kd6n2rs. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_16_1","volume-title":"I know what you imported last summer: A study of security threats in thepython ecosystem. arXiv preprint arXiv:2102.06301","author":"Bagmar Aadesh","year":"2021","unstructured":"Aadesh Bagmar , Josiah Wedgwood , Dave Levin , and Jim Purtilo . 2021. I know what you imported last summer: A study of security threats in thepython ecosystem. arXiv preprint arXiv:2102.06301 ( 2021 ). Aadesh Bagmar, Josiah Wedgwood, Dave Levin, and Jim Purtilo. 2021. I know what you imported last summer: A study of security threats in thepython ecosystem. arXiv preprint arXiv:2102.06301 (2021)."},{"key":"e_1_3_2_1_17_1","volume-title":"Trojan Source: Invisible Vulnerabilities.","author":"Boucher Nicholas","year":"2023","unstructured":"Nicholas Boucher and Ross Anderson . 2023 . Trojan Source: Invisible Vulnerabilities. (2023). Nicholas Boucher and Ross Anderson. 2023. Trojan Source: Invisible Vulnerabilities. (2023)."},{"key":"e_1_3_2_1_18_1","unstructured":"Check Point Research. 2022. Check Point CloudGuard Spectral exposes new obfuscation techniques for malicious packages on PyPI. https:\/\/research.checkpoint.com\/2022\/check-point-cloudguard-spectralexposes-new-obfuscation-techniques-for-malicious-packages-on-pypi\/. [Accessed 30-Jun-2023]. Check Point Research. 2022. Check Point CloudGuard Spectral exposes new obfuscation techniques for malicious packages on PyPI. https:\/\/research.checkpoint.com\/2022\/check-point-cloudguard-spectralexposes-new-obfuscation-techniques-for-malicious-packages-on-pypi\/. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2002.1027797"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23055"},{"key":"e_1_3_2_1_22_1","volume-title":"ENISA Threat Landscape","author":"ENISA.","year":"2022","unstructured":"ENISA. 2022. ENISA Threat Landscape 2022 . https:\/\/www.enisa.europa.eu\/ publications\/enisa-threat-landscape-2022. [Accessed 30-Jun-2023]. ENISA. 2022. ENISA Threat Landscape 2022. https:\/\/www.enisa.europa.eu\/ publications\/enisa-threat-landscape-2022. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_23_1","unstructured":"Geek. 2010. Tricky use of static initializer in Java - Override println - geekexplains.blogspot.com. http:\/\/geekexplains.blogspot.com\/2009\/05\/tricky-use-ofstatic-initializer-in.html. [Accessed 28-08--2023]. Geek. 2010. Tricky use of static initializer in Java - Override println - geekexplains.blogspot.com. http:\/\/geekexplains.blogspot.com\/2009\/05\/tricky-use-ofstatic-initializer-in.html. [Accessed 28-08--2023]."},{"key":"e_1_3_2_1_24_1","unstructured":"Paulo Gomes. 2019. Golang: stop trusting your dependencies! https:\/\/itnext. io\/golang-stop-trusting-your-dependencies-a4c916533b04. [Accessed 30-Jun2023]. Paulo Gomes. 2019. Golang: stop trusting your dependencies! https:\/\/itnext. io\/golang-stop-trusting-your-dependencies-a4c916533b04. [Accessed 30-Jun2023]."},{"key":"e_1_3_2_1_25_1","unstructured":"Michael Henriksen. 2021. Finding Evil Go Packages. https:\/\/michenriksen.com\/ blog\/finding-evil-go-packages\/. [Accessed 11-Jul-2023]. Michael Henriksen. 2021. Finding Evil Go Packages. https:\/\/michenriksen.com\/ blog\/finding-evil-go-packages\/. [Accessed 11-Jul-2023]."},{"key":"e_1_3_2_1_26_1","unstructured":"The White House. 2021. Executive Order on Improving the Nation's Cybersecurity. https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/ 05\/12\/executive-order-on-improving-the-nations-cybersecurity. [Accessed 30-Jun-2023]. The White House. 2021. Executive Order on Improving the Nation's Cybersecurity. https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/ 05\/12\/executive-order-on-improving-the-nations-cybersecurity. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_27_1","unstructured":"Thomas Hunter II. [n. d.]. Compromised npm Package: event-stream - medium.com. https:\/\/medium.com\/intrinsic-blog\/compromised-npm-packageevent-stream-d47d08605502. [Accessed 30-08--2023]. Thomas Hunter II. [n. d.]. Compromised npm Package: event-stream - medium.com. https:\/\/medium.com\/intrinsic-blog\/compromised-npm-packageevent-stream-d47d08605502. [Accessed 30-08--2023]."},{"key":"e_1_3_2_1_28_1","volume-title":"SoK: Taxonomy of Attacks on Open-Source Software Supply Chains. IEEE Symposium on Security and Privacy (SP), 1509--1526","author":"Ladisa Piergiorgio","year":"2023","unstructured":"Piergiorgio Ladisa , Henrik Plate , Matias Martinez , and Olivier Barais . 2023 . SoK: Taxonomy of Attacks on Open-Source Software Supply Chains. IEEE Symposium on Security and Privacy (SP), 1509--1526 . Piergiorgio Ladisa, Henrik Plate, Matias Martinez, and Olivier Barais. 2023. SoK: Taxonomy of Attacks on Open-Source Software Supply Chains. IEEE Symposium on Security and Privacy (SP), 1509--1526."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564546"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564548"},{"key":"e_1_3_2_1_31_1","volume-title":"Census II of Free and Open Source Software-Application Libraries","author":"Nagle Frank","year":"2022","unstructured":"Frank Nagle , James Dana , Jennifer Hoffman , Steven Randazzo , and Yanuo Zhou . 2022. Census II of Free and Open Source Software-Application Libraries . Linux Foundation, Harvard Laboratory for Innovation Science (LISH) and Open Source Security Foundation (OpenSSF) 80 ( 2022 ). Frank Nagle, James Dana, Jennifer Hoffman, Steven Randazzo, and Yanuo Zhou. 2022. Census II of Free and Open Source Software-Application Libraries. Linux Foundation, Harvard Laboratory for Innovation Science (LISH) and Open Source Security Foundation (OpenSSF) 80 (2022)."},{"key":"e_1_3_2_1_32_1","unstructured":"Marc Ohm. 2020. Backstabber's Knife Collection. https:\/\/dasfreak.github.io\/ Backstabbers-Knife-Collection. [Accessed 30-Jun-2023]. Marc Ohm. 2020. Backstabber's Knife Collection. https:\/\/dasfreak.github.io\/ Backstabbers-Knife-Collection. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3544415"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-52683-2_2"},{"key":"e_1_3_2_1_35_1","volume-title":"You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node. js. arXiv preprint arXiv:2305.19760","author":"Ohm Marc","year":"2023","unstructured":"Marc Ohm , Timo Pohl , and Felix Boes . 2023. You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node. js. arXiv preprint arXiv:2305.19760 ( 2023 ). Marc Ohm, Timo Pohl, and Felix Boes. 2023. You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node. js. arXiv preprint arXiv:2305.19760 (2023)."},{"volume-title":"Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 15--24","author":"Okafor Chinenye","key":"e_1_3_2_1_36_1","unstructured":"Chinenye Okafor , Taylor R. Schorlemmer , Santiago Torres-Arias , and James C. Davis . 2022. SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties . In Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 15--24 . Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, and James C. Davis. 2022. SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties. In Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 15--24."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3120928"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2886012"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/STARTUP.2016.7583913"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510104"},{"key":"e_1_3_2_1_41_1","volume-title":"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software","author":"Sikorski Michael","unstructured":"Michael Sikorski and Andrew Honig . 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software ( 1 st ed.). No Starch Press, USA. Michael Sikorski and Andrew Honig. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (1st ed.). No Starch Press, USA.","edition":"1"},{"volume-title":"8th Annual State of the Software Supply Chain Report. https: \/\/www.sonatype.com\/state-of-the-software-supply-chain. [Accessed 30-Jun2023]","key":"e_1_3_2_1_42_1","unstructured":"Sonatype. 2022. 8th Annual State of the Software Supply Chain Report. https: \/\/www.sonatype.com\/state-of-the-software-supply-chain. [Accessed 30-Jun2023] . Sonatype. 2022. 8th Annual State of the Software Supply Chain Report. https: \/\/www.sonatype.com\/state-of-the-software-supply-chain. [Accessed 30-Jun2023]."},{"key":"e_1_3_2_1_43_1","unstructured":"Phylum Research Team. 2022. Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack. https:\/\/blog.phylum.io\/phylum-discovers-dozens-more-pypi-packagesattempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack\/. [Accessed 30-Jun-2023]. Phylum Research Team. 2022. Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack. https:\/\/blog.phylum.io\/phylum-discovers-dozens-more-pypi-packagesattempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack\/. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_44_1","unstructured":"Sonatype Security Research Team. [n. d.]. Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community - blog.sonatype.com. https:\/\/blog.sonatype.com\/malware-removed-from-maven-central. [Accessed 22-08--2023]. Sonatype Security Research Team. [n. d.]. Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community - blog.sonatype.com. https:\/\/blog.sonatype.com\/malware-removed-from-maven-central. [Accessed 22-08--2023]."},{"key":"e_1_3_2_1_45_1","volume-title":"Compromised PyTorch-nightly dependency chain between December 25th and December 30th","author":"PyTorch Team The","year":"2022","unstructured":"The PyTorch Team . 2023. Compromised PyTorch-nightly dependency chain between December 25th and December 30th , 2022 . https:\/\/pytorch.org\/blog\/ compromised-nightly-dependency. [Accessed 30-Jun-2023]. The PyTorch Team. 2023. Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022. https:\/\/pytorch.org\/blog\/ compromised-nightly-dependency. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_46_1","unstructured":"Bill Toulas. 2023. Malicious Lolip0p PyPi packages install info-stealing malware. https:\/\/www.bleepingcomputer.com\/news\/security\/malicious-lolip0ppypi-packages-install-info-stealing-malware. [Accessed 30-Jun-2023]. Bill Toulas. 2023. Malicious Lolip0p PyPi packages install info-stealing malware. https:\/\/www.bleepingcomputer.com\/news\/security\/malicious-lolip0ppypi-packages-install-info-stealing-malware. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.46"},{"key":"e_1_3_2_1_48_1","unstructured":"Filippo Valsorda. 2022. How Go Mitigates Supply Chain Attacks. https:\/\/go.dev\/ blog\/supply-chain. [Accessed 30-Jun-2023]. Filippo Valsorda. 2022. How Go Mitigates Supply Chain Attacks. https:\/\/go.dev\/ blog\/supply-chain. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_49_1","unstructured":"Bouke van der Bijl. 2015. Monkey Patching in Go. https:\/\/bou.ke\/blog\/monkeypatching-in-go\/. [Accessed 30-Jun-2023]. Bouke van der Bijl. 2015. Monkey Patching in Go. https:\/\/bou.ke\/blog\/monkeypatching-in-go\/. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_50_1","volume-title":"Linus Torvalds: Rust will go into Linux 6.1 - - zdnet.com. https:\/\/www.zdnet.com\/article\/linus-torvalds-rust-will-go-intolinux-6--1. [Accessed 30-Jun-2023].","author":"Vaughan-Nichols Steven","year":"2022","unstructured":"Steven Vaughan-Nichols . 2022 . Linus Torvalds: Rust will go into Linux 6.1 - - zdnet.com. https:\/\/www.zdnet.com\/article\/linus-torvalds-rust-will-go-intolinux-6--1. [Accessed 30-Jun-2023]. Steven Vaughan-Nichols. 2022. Linus Torvalds: Rust will go into Linux 6.1 - - zdnet.com. https:\/\/www.zdnet.com\/article\/linus-torvalds-rust-will-go-intolinux-6--1. [Accessed 30-Jun-2023]."},{"key":"e_1_3_2_1_51_1","unstructured":"Jeff Williams. 2009. Enterprise Java Rootkits: \"Hardly anyone watches the developers\". In BlackHat USA. Jeff Williams. 2009. Enterprise Java Rootkits: \"Hardly anyone watches the developers\". In BlackHat USA."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3523262"},{"key":"e_1_3_2_1_53_1","volume-title":"Lyu","author":"Xu Hui","year":"2017","unstructured":"Hui Xu , Yangfan Zhou , Yu Kang , and Michael R . Lyu . 2017 . On Secure and Usable Program Obfuscation: A Survey . arXiv:1710.01139 [cs.CR] Hui Xu, Yangfan Zhou, Yu Kang, and Michael R. Lyu. 2017. On Secure and Usable Program Obfuscation: A Survey. arXiv:1710.01139 [cs.CR]"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510457.3513044"},{"key":"e_1_3_2_1_56_1","unstructured":"Karlo Zanki. 2022. IconBurst NPM software supply chain attack grabs data from apps and websites. https:\/\/www.reversinglabs.com\/blog\/iconburst-npmsoftware-supply-chain-attack-grabs-data-from-apps-websites. [Accessed 30- Jun-2023]. Karlo Zanki. 2022. IconBurst NPM software supply chain attack grabs data from apps and websites. https:\/\/www.reversinglabs.com\/blog\/iconburst-npmsoftware-supply-chain-attack-grabs-data-from-apps-websites. [Accessed 30- Jun-2023]."},{"key":"e_1_3_2_1_57_1","volume-title":"28th USENIX Security Symposium (USENIX Security). 995--1010","author":"Zimmermann Markus","year":"2019","unstructured":"Markus Zimmermann , Cristian-Alexandru Staicu , Cam Tenny , and Michael Pradel . 2019 . Small World with High Risks: A Study of Security Threats in the npm Ecosystem . In 28th USENIX Security Symposium (USENIX Security). 995--1010 . Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small World with High Risks: A Study of Security Threats in the npm Ecosystem. In 28th USENIX Security Symposium (USENIX Security). 995--1010."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Copenhagen Denmark","acronym":"CCS '23"},"container-title":["Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605770.3625212","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,31]],"date-time":"2023-12-31T06:06:20Z","timestamp":1704002780000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605770.3625212"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":56,"alternative-id":["10.1145\/3605770.3625212","10.1145\/3605770"],"URL":"https:\/\/doi.org\/10.1145\/3605770.3625212","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}