Proceedings of the
The Nineteenth International Conference on Computational Intelligence and Security (CIS 2023)
December 1 – 4, 2023, Haikou, China
A Survey of Third-Party Library Security Research in Application Software
1College of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Prevention Center, University of Chinese Academy of Sciences, China; School of Cyber Engineering, Xidian University, China
ABSTRACT
In today's software development environment, third-party libraries(TPLs) play a vital role. They provide developers with Rich functions and convenient solutions to accelerate speed and efficiency of software development. However, with the widespread use of TPLs, the associated security risks, and potential vulnerabilities are becoming increasingly apparent. To address this growing security challenge, it becomes crucial to conduct research on TPLs in software. At present, there are many research results on the use, ecosystem, detection and risks defense of TPLs. These help developers understand the potential risks of TPLs and choose a reliable TPL and help developers use automated tools to detect TPLs used in software and facilitate TPLs management. This paper first analyzes and summarizes the security risks caused by TPLs from the perspective of TPLs usage in software and TPL ecosystem, and then divides TPL detection technologies into two categories for analysis according to whether prior knowledge is required. Next, according to the risk of TPLs, summed up the risk of TPL defense technologies. Finally, addressing the existing challenges, future research directions are proposed. This paper aimed at developers and researchers to provide practical and valuable insights, jointly promote the healthy development of the software ecosystem, to better protect the software from security threats.
Keywords: Application software, Third-party library, Software security.
Download PDF
1College of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Prevention Center, University of Chinese Academy of Sciences, China; School of Cyber Engineering, Xidian University, China
ABSTRACT
In today's software development environment, third-party libraries(TPLs) play a vital role. They provide developers with Rich functions and convenient solutions to accelerate speed and efficiency of software development. However, with the widespread use of TPLs, the associated security risks, and potential vulnerabilities are becoming increasingly apparent. To address this growing security challenge, it becomes crucial to conduct research on TPLs in software. At present, there are many research results on the use, ecosystem, detection and risks defense of TPLs. These help developers understand the potential risks of TPLs and choose a reliable TPL and help developers use automated tools to detect TPLs used in software and facilitate TPLs management. This paper first analyzes and summarizes the security risks caused by TPLs from the perspective of TPLs usage in software and TPL ecosystem, and then divides TPL detection technologies into two categories for analysis according to whether prior knowledge is required. Next, according to the risk of TPLs, summed up the risk of TPL defense technologies. Finally, addressing the existing challenges, future research directions are proposed. This paper aimed at developers and researchers to provide practical and valuable insights, jointly promote the healthy development of the software ecosystem, to better protect the software from security threats.
Keywords: Application software, Third-party library, Software security.
Download PDF