Emerging Trends in Supply Chain Security

• 개요
• OSS 추적성을 위한 SBOM 동향 정보보호학회지(2022.10)
  Authors: 김선우, 손경호
• 공급망 보안을 위한 오픈소스 소프트웨어 취약점 관리 기술 정보보호학회지(2022.10)
  Authors: 홍현지, 우승훈, 이희조
• 노수지, 오픈소스 소프트웨어 공급망 보안, 세미나(2023년 04월 03일) 발표 자료
• Supply Chain Security Tools
• FOSSLight
• Open Source Security Index
• Microsoft sbom-tool
• npm-sbom
• Vulnerable Code Clone(VCC) Discovery
• A function-level scalable technique
• VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery IEEE Symp. on Security and Privacy (SP), 2017
  Authors: Seulbae Kim; Seunghoon Woo; Heejo Lee; Hakjoo Oh
• A token-based approach using the slicing window technique
• ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions IEEE Symp. on Security and Privacy (SP), 2012
  Authors: Jiyong Jang; Abeer Agrawal; David Brumley
• The Vulnerability Fix Flow from the origin to its patch
• MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components 31st Usenix Security (2022)
  Authors: Seunghoon Woo, Hyunji Hong, Eunjin Choi, and Heejo Lee
• A Code-Property Graph (CPG) based VCC discovery technique
• VGRAPH: A Robust Vulnerable Code Clone Detection System Using Code Property Triplets IEEE Symp. on Security and Privacy (SP), 2020
  Authors: Benjamin Bowman; H. Howie Huang
• Using Deep Learning to Detect Vulnerable Code
• SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities IEEE Trans. on Dependable and Secure Computing 2021
  Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Yawei Zhu, Zhaoxuan Chen
• VulDeePecker: A Deep Learning-Based System for Vulnerability Detection IEEE Symp. on Security and Privacy (SP), 2012
  Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong
• VulPecker: An automated vulnerability detection system based on code similarity analysis ACM Conf. on Computer Security Application (ACSAC), 2016
  Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu
• VulDeeLocator: A Deep Learning-Based Fine-Grained Vulnerability Detector IEEE Transactions on Dependable and Secure Computing, 2022
  Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Zhaoxuan Chen, Yawei Zhu, Hai Jin
• Tools
• Modeling and Discovering Vulnerabilities with Code Property Graphs IEEE Symp. on Security and Privacy (S&P2014)
  Authors: Fabian Yamaguchi, Nico Golde, Daniel Arp, Konrad Rieck
• VulDBGen
• CPG Code Property Graph (Wiki)
• Vulnerable Binary Code Clone Detection
• Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization, Steven H. H. Ding, B. Fung, P. Charland, 2019, IEEE Symposium on Security and Privacy (293회 인용)
• SAFE: Self-Attentive Function Embeddings for Binary Similarity Luca Massarelli+ 3 authorsR. Baldoni 2018, International Conference on Detection of intrusions and malware, and vulnerability assessment (142회 인용)
• DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing Yue Duan+ 2 authorsHeng Yin, 2020, Network and Distributed System Security Symposium (147회 인용)
• A Survey of Binary Code Similarity, I. Haq, Juan Caballero, 2019, ACM Computing Surveys (106회 인용)
• Y. Hu, Y. Zhang, J. Li and D. Gu, "Binary Code Clone Detection across Architectures and Compiling Configurations," 2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC), Buenos Aires, Argentina, 2017 (98회 인용)
• jTrans: jump-aware transformer for binary code similarity detection, Hao Wang, Wenjie Qu, Gilad Katz, Wenyu Zhu, Zeyu Gao, Han Qiu, Jianwei Zhuge, Chao Zhang, International Symposium on Software Testing and Analysis (77회 인용)
How Machine Learning Is Solving the Binary Function Similarity Problem A. Marcelli, Mariano Graziano, Mohamad Mansouri, 2022, USENIX Security Symposium (61회 인용)
• VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search. Z Luo, P Wang, B Wang, Y Tang, W Xie, X Zhou, D Liu, K Lu NDSS, 2023. (30회 인용)
• Practical Binary Code Similarity Detection with BERT-based Transferable Similarity Learning, Sunwoo Ahn+ 2 authorsY. Paek, 2022, Asia-Pa (23회 인용)
• Y. Xiao et al., "VIVA: Binary Level Vulnerability Identification via Partial Signature," 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Honolulu, HI, USA, 2021, pp. 213-224 (17회 인용)
• Yuhong Feng, Haoran Li, Yixuan Cao, Yufeng Wang, and Haiyue Feng. 2024. CRABS-former: CRoss-Architecture Binary Code Similarity Detection based on Transformer. In Proceedings of the 15th Asia-Pacific Symposium on Internetware (Internetware '24). Association for Computing Machinery, New York, NY, USA, 11–20.
• Shouguo Yang, Zhengzi Xu, Yang Xiao, Zhe Lang, Wei Tang, Yang Liu, Zhiqiang Shi, Hong Li, Limin Sun, "Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis", ACM Transactions on Software Engineering and Methodology, vol.32, no.6, pp.1, 2023.
• Siyuan Li, Yongpan Wang, Chaopeng Dong, Shouguo Yang, Hong Li, Hao Sun, Zhe Lang, Zuxin Chen, Weijie Wang, Hongsong Zhu, Limin Sun, "LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries", ACM Transactions on Software Engineering and Methodology, 2023.
• Weiwei Zhang, Zhengzi Xu, Yang Xiao, Yinxing Xue, "Unleashing the power of pseudo-code for binary code similarity analysis", Cybersecurity, vol.5, no.1, 2022.
• Shichao Wang, Yun Zhang, Liagfeng Bao, Xin Xia, Minghui Wu, "VCMatch: A Ranking-based Approach for Automatic Security Patches Localization for OSS Vulnerabilities", 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pp.589-600, 2022.