OSLDetector: Identifying Open-Source Libraries through Binary Analysis
Wed 23 Sep 2020 02:25 - 02:30 at Wombat - Tool Demo Showcase (1) Chair(s): Yanyan Jiang
Using open-source libraries can provide rich functions and reduce development cost. However, some critical issues have also been caused such as license conflicts and vulnerability risks. In this paper, we design and implement an open-source libraries detection tool OSLDetector which uses methods of matching features to detect third-party libraries for multi-platform software in binaries. We took a series of methods such as filtering features and novelty building an internal clone forest to cope with the challenge of feature duplication. The tool can also provide the conflict of licenses and identify possible corresponding vulnerabilities, so these potential risks can be resolved and avoided. To evaluate the efficiency of OSLDetector, we collect 5K libraries containing 9K versions and manage their respective license type and existing vulnerabilities. The experimental results with a precision of 96\% and recall of 92.3\% show that OSLDetector is effective and outperforms similar tools.
Tue 22 SepDisplayed time zone: (UTC) Coordinated Universal Time change
02:20 - 03:20 | Maintenance and Evolution (1)Research Papers / Tool Demonstrations at Wombat Chair(s): Yi Li Nanyang Technological University, Singapore | ||
02:20 20mTalk | Learning to Handle Exceptions Research Papers Jian Zhang Beihang University, Xu Wang Beihang University, Hongyu Zhang University of Newcastle, Australia, Hailong Sun Beihang University, Yanjun Pu Beihang University, Xudong Liu Beihang University Pre-print | ||
02:40 20mTalk | BuildFast: History-Aware Build Outcome Prediction for Fast Feedback and Reduced Cost in Continuous Integration Research Papers Bihuan Chen Fudan University, China, Linlin Chen Fudan University, Chen Zhang Fudan University, Xin Peng Fudan University, China | ||
03:00 10mTalk | OSLDetector: Identifying Open-Source Libraries through Binary Analysis Tool Demonstrations Dan Zhang Tsinghua University | ||
Wed 23 SepDisplayed time zone: (UTC) Coordinated Universal Time change
02:20 - 03:20 | |||
02:20 5mTalk | JITBot: An Explainable Just-In-Time Defect Prediction Bot Tool Demonstrations Chaiyakarn Khanan Mahidol University, Worawit Luewichana Mahidol University, Krissakorn Pruktharathikoon Mahidol University, Jirayus Jiarpakdee Monash University, Australia, Kla Tantithamthavorn Monash University, Australia, Morakot Choetkiertikul Mahidol University, Thailand, Chaiyong Rakhitwetsagul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University | ||
02:25 5mTalk | OSLDetector: Identifying Open-Source Libraries through Binary Analysis Tool Demonstrations Dan Zhang Tsinghua University | ||
02:30 5mTalk | AirMochi – A Tool for Remotely Controlling iOS Devices Tool Demonstrations Nikola Lukic University of Southern California, Saghar Talebipour University of Southern California, Nenad Medvidović University of Southern California, USA | ||
02:35 5mTalk | Edge4Real: A Cost-Effective Edge Computing based Human Behaviour Recognition System for Human-Centric Software Engineering Tool Demonstrations DI SHAO School of Information Technology, Deakin University, Xiao Liu School of Information Technology, Deakin University, Ben Cheng School of Information Technology, Deakin University, Yi Wang School of Information Technology, Deakin University, Thuong Hoang School of Information Technology, Deakin University | ||
02:40 5mTalk | HomoTR: Online Test Recommendation System Based on Homologous Code Matching Tool Demonstrations Chenqian Zhu Nanjing University, Weisong Sun State Key Laboratory for Novel Software Technology, Nanjing University, Qin LIU , Yangyang Yuan Nanjing University, Chunrong Fang Nanjing University, China, Yong Huang State Key Laboratory for Novel Software Technology, Nanjing University | ||
02:45 5mTalk | WASim: Understanding WebAssembly Applications through Classification Tool Demonstrations | ||
02:50 30mLive Q&A | Q&A or Discussion Tool Demonstrations | ||