NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs

NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs

Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic,...

Full description

Saved in:

Bibliographic Details
Main Authors:	CASSEL, Darion, WONG, Wai Tuck, JIA, Limin
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2023
Subjects:	Analysis tools Code execution Command injections Constraint-based Tree-based Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/8094 https://ink.library.smu.edu.sg/context/sis_research/article/9097/viewcontent/nodemedic_eurosp23_av.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

NCQ: Code reuse support for Node.js developers
by: REID, Brittany, et al.
Published: (2023)

Using the TypeScript compiler to fix erroneous Node.js snippets
by: REID, Brittany, et al.
Published: (2023)

PERBANDINGAN KINERJA BACK END UNTUK APLIKASI INTERNET OF THINGS MENGGUNAKAN PEMROGRAMAN BACK END NODE.JS DAN GO DENGAN BASIS DATA MYSQL DAN MONGODB
by: BRAMANTYO ADHILAKSONO, 081311633052
Published: (2018)

INTERACTION INTERFACE DESIGN WEB-BASED MONITORING PLANT FOR OPERATOR MICROGRID PLANT OF SCADA SYSTEM USING REACT.JS AND NODE.JS
by: Sekar Arum, Yasmin

SQL AND NODE.JS-BASED BACKEND SUBSYSTEM DEVELOPMENT FOR THE UPT LOGISTIK ITB WAREHOUSE MANAGEMENT SYSTEM (WMS)
by: Davin Dzimar, Muhammad

Discrete event command & control for networked teams with multiple missions1
by: Lewis, F.L., et al.
Published: (2014)

Schedulers and redundancy for a class of constraint propagation rules
by: Brand, S., et al.
Published: (2013)

Thermal Conductivity Augmentation of Epoxy Injection Moulds for Cooling Time Reduction
by: Altaf, Khurram, et al.
Published: (2016)

End-to-end open-set semi-supervised node classification with out-of-distribution detection
by: HUANG, Tiancheng, et al.
Published: (2022)

Removing node overlapping in graph layout using constrained optimization
by: Marriott, K., et al.
Published: (2013)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

Direct laser sintering of Cu-based metal for rapid tooling
by: Tang, Y., et al.
Published: (2014)

Evaluation of set-based queries with aggregation constraints
by: Tran, Q.T., et al.
Published: (2013)

Schedulers for rule-based constraint programming
by: Apt, K.R., et al.
Published: (2013)

Design and implementation of Sub-Cover difference broadcast encryption algorithm
by: Yi, Q., et al.
Published: (2014)

Erratum: P. van Beek and R. Dechter's theorem on constraint looseness and local consistency (Journal of the ACM)
by: Zhang, Y., et al.
Published: (2013)

Adaptive tracking control of uncertain MIMO nonlinear systems with input constraints
by: Chen, M., et al.
Published: (2014)

Development of a windows based computer-aided die design system for die casting
by: WOON YONG KHAI
Published: (2010)

Algorithm for Identifying Minimum Driver Nodes Based on Structural Controllability
by: Haghighi, R, et al.
Published: (2020)

Over-the-air reprogramming of LoRa end nodes through LoRa radio
by: Cheng, Chee How
Published: (2021)

Modified ART 2A growing network capable of generating a fixed number of nodes
by: He, J., et al.
Published: (2013)

An Overview of Finite Domain Constraint Programming
by: Henz, M, et al.
Published: (2021)

Constraint-based design using an operational approach
by: Fu, Z., et al.
Published: (2014)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

Leadership preferences of the stakeholders of the Armed Forces of the Philippines
by: Belandres, Easter B.
Published: (2016)

Conjoint analysis as robust measure leadership preferences: Evidence from the military service
by: Belandres, Easter B.
Published: (2016)

APPLICATION OF MICROCOMPUTERS IN ENERGY MONITORING AND ANALYSIS FOR MANUFACTURING INDUSTRIES
by: YU ZHOUZHONG
Published: (2019)

Interdependency and vulnerability of multipartite networks under target node attacks
by: Cai, Qing, et al.
Published: (2020)

Two agent-based approaches for solving multi-objective multi-constraint optimization problems
by: WANG HUI
Published: (2010)

Effect of Chilled Air on Machining Performance in End Milling
by: Rahman, M., et al.
Published: (2014)

Zero-error watermarking on JPEG images by shuffling Huffman tree nodes
by: WU, Yongdong, et al.
Published: (2011)

Neural regret-matching for distributed constraint optimization problems
by: DENG, Yanchen, et al.
Published: (2021)

Development of a die design system for die casting
by: Woon, Y.K., et al.
Published: (2014)

Camera constraint-free view-based 3-D object retrieval
by: Gao, Y., et al.
Published: (2013)

Constraint based method for finding motifs in DNA sequences
by: DONG XIAOAN
Published: (2010)

Efficient spin injection and spin filtering in semiconductors by utilizing the k3-Dresselhaus spin-orbit effect
by: Fujita, T., et al.
Published: (2014)

Partial solution based constraint solving cache in symbolic execution
by: SHUAI, Ziqi, et al.
Published: (2024)

High performance motion control command generator and its application in a 3-link plane manipulator
by: Zhao, Z.J., et al.
Published: (2014)

Model-based Tool Condition Monitoring for Ball-nose End Milling
by: HUANG SHENG
Published: (2013)

Development and evaluation of an on-machine optical measurement device
by: Lim, H.S., et al.
Published: (2014)