A Multi-faceted Vulnerability Searching Website Powered by Aspect-level Vulnerability Knowledge Graph
Vulnerabilities can cause damages to users. With heavy dependencies among software, it is particularly important to safely select the dependent libraries and maintain security of software in a targeted manner, which require deep understanding of potential weakness of third-party libraries. Current vulnerability advisories only support rough-level description-based vulnerability information searching, which cannot cater the needs of in-depth investigation and understanding of vulnerabilities. Driven by the real needs, we propose a vulnerability aspect-level vulnerability knowledge graph integrating diversified vulnerability key aspect information from heterogeneous vulnerability databases. Based on the knowledge graph, we implement a multi-faceted vulnerability searching website for statistics and details acquiring of vulnerabilities. Our use cases demonstrate the usefulness of our knowledge graph and website to the software security.
Wed 17 MayDisplayed time zone: Hobart change
15:45 - 17:15 | Vulnerability analysis and assessmentTechnical Track / Journal-First Papers / DEMO - Demonstrations at Meeting Room 105 Chair(s): Xiaoyin Wang University of Texas at San Antonio | ||
15:45 15mTalk | Chronos: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports Technical Track Yunbo Lyu Singapore Management University, Le-Cong Thanh The University of Melbourne, Hong Jin Kang UCLA, Ratnadira Widyasari Singapore Management University, Singapore, Zhipeng Zhao Singapore Management University, Xuan-Bach D. Le University of Melbourne, Ming Li Nanjing University, David Lo Singapore Management University Pre-print | ||
16:00 15mTalk | Understanding the Threats of Upstream Vulnerabilities to Downstream Projects in the Maven Ecosystem Technical Track Yulun Wu Huazhong University of Science and Technology, Zeliang Yu Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Qiang Li Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology Pre-print | ||
16:15 15mTalk | SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript Technical Track Masudul Hasan Masud Bhuiyan CISPA Helmholtz Center for Information Security, Adithya Srinivas Parthasarathy Indian Institute of Information Technology, Design and Manufacturing, Kancheepuram, Nikos Vasilakis Massachusetts Institute of Technology, Michael Pradel University of Stuttgart, Cristian-Alexandru Staicu CISPA Helmholtz Center for Information Security Pre-print | ||
16:30 15mTalk | On Privacy Weaknesses and Vulnerabilities in Software Systems Technical Track Pattaraporn Sangaroonsilp University of Wollongong, Hoa Khanh Dam University of Wollongong, Aditya Ghose University of Wollongong | ||
16:45 7mTalk | A Multi-faceted Vulnerability Searching Website Powered by Aspect-level Vulnerability Knowledge Graph DEMO - Demonstrations Jiamou Sun CSIRO's Data61, Zhenchang Xing CSIRO’s Data61; Australian National University, Qinghua Lu CSIRO’s Data61, Xiwei (Sherry) Xu CSIRO’s Data61, Liming Zhu CSIRO’s Data61 | ||
16:52 7mTalk | An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities Journal-First Papers Imen Sayar IRIT, University of Toulouse, IUT Blagnac Toulouse II, 1 Place Georges Brassens, Blagnac Cedex, France, 31703, Alexandre Bartel Umeå University, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Yves Le Traon University of Luxembourg, Luxembourg | ||
17:00 7mTalk | Blindspots in Python and Java APIs Result in Vulnerable Code Journal-First Papers Yuriy Brun University of Massachusetts, Tian Lin University of Florida, Jessie Elise Somerville University of Florida, Elisha M. Myers Florida Atlantic University, Natalie C. Ebner University of Florida Link to publication DOI Pre-print Media Attached | ||