A comprehensive approach for software dependency resolution

Zhang, Hanyu

28 July 2011

Software reuse is prevalent in software development. It is not uncommon that one software product may depend on numerous libraries/products in order to build, install, or run. Software reuse is difficult due to the complex interdependency relationships between software packages. In this work, we presented four approaches to retrieve such dependency information, each technique focuses on retrieving software dependency from a specific source, including source code, build scripts, binary files, and Debian spec. The presented techniques were realized by a prototype tool, DEx, which is applied to a large collection of Debian projects in a comprehensive evaluation. Through the comprehensive analysis, we evaluate the presented techniques, and compare them from various aspects. / Graduate

software dependency

software reuse

free and open source software

Debian

Libviews - uma ferramenta web para visualização de bibliotecas e suas dependências em sistemas de informação / Libviews - a web application for visualization of software projects and their dependencies

Ferrarezi, Juliana Cassiano [UNESP]

30 January 2017

Submitted by Juliana Cassiano Ferrarezi null (juliana.ferrarezi@fc.unesp.br) on 2017-02-21T19:58:33Z No. of bitstreams: 1 dissertacao.pdf: 4721300 bytes, checksum: aa217c83d703c5b25017bc890d505b4f (MD5) / Approved for entry into archive by Juliano Benedito Ferreira (julianoferreira@reitoria.unesp.br) on 2017-02-24T19:07:35Z (GMT) No. of bitstreams: 1 ferrarezi_jc_me_sjrp.pdf: 4721300 bytes, checksum: aa217c83d703c5b25017bc890d505b4f (MD5) / Made available in DSpace on 2017-02-24T19:07:35Z (GMT). No. of bitstreams: 1 ferrarezi_jc_me_sjrp.pdf: 4721300 bytes, checksum: aa217c83d703c5b25017bc890d505b4f (MD5) Previous issue date: 2017-01-30 / Bibliotecas de software são importantes e comumente usadas por permitir que os desenvolvedores utilizem funções básicas já implementadas e se concentrem em atividades complexas relacionadas diretamente às regras de negócio do software em desenvolvimento. Além do que, a disponibilização de bibliotecas na internet facilita sua utilização em larga escala. No entanto, pode haver problemas no desenvolvimento de software quanto a utilização de várias bibliotecas desenvolvidas por terceiros, uma vez que são projetos independentes que funcionarão em conjunto. Este trabalho apresenta o LibViews, um software que, por meio de técnicas de Visualização da Informação, disponibiliza uma representação gráfica de projetos de software e as bibliotecas que eles utilizam. A ferramenta apresentada também possibilita a análise de cada biblioteca utilizada através de métricas que permitem analisar a evolução de bibliotecas. O LibViews foi desenvolvido para proporcionar uma melhor compreensão das bibliotecas e suas versões, bem como a utilização de bibliotecas em projetos de software. Dessa forma, o software permite o entendimento das dependências do software, ou seja, bibliotecas de terceiros utilizadas que interferem diretamente no funcionamento do software. Pode-se afirmar, portanto, que o LibViews ajuda no planejamento, desenvolvimento e manutenção de projetos, permitindo a descoberta de informações até então desconhecidas. Como exemplo, o LibViews foi aplicado em um projeto de software administrativo de uma universidade, comprovando os benefícios de sua utilização para compreender a relação entre o projeto de software e suas dependências. / Software libraries are important and commonly used for allowing developers to use basic functions already implemented and to focus on complex activities directly related to the business rules of the software being developed. In addition, the availability of libraries on the Internet facilitates their mass use. However, there may be problems in software development regarding the use of various libraries developed by third parties, since they are independent projects that will work together. This work presents the LibViews, a software for visualization of software projects and their dependencies; And analysis of each library used through metrics that allow to analyze the evolution of libraries. LibViews was developed to provide a better understanding of libraries and their versions, as well as the use of libraries in software projects. Thus, the software allows the understanding of the software’s dependencies, that is, third-party libraries used that interfere directly in the operation of the software. LibViews, therefore, can assist in the planning, development, and maintenance of projects, allowing the discovery of previously unknown information. As a use case, LibViews has been applied in a university administrative software project, proving the gains from its use to understand the relationship between the software project and its dependencies.

Visualização da informação

Bibliotecas de software

Dependências de software

Information visualization

Software libraries

Software dependencies

Software dependency management

Quantitative risk assessment under multi-context environments

Zhang, Su

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Xinming Ou / If you cannot measure it, you cannot improve it. Quantifying security with metrics is important not only because we want to have a scoring system to track our efforts in hardening cyber environments, but also because current labor resources cannot administrate the exponentially enlarged network without a feasible risk prioritization methodology. Unlike height, weight or temperature, risk from vulnerabilities is sophisticated to assess and the assessment is heavily context-dependent. Existing vulnerability assessment methodologies (e.g. CVSS scoring system, etc) mainly focus on the evaluation over intrinsic risk of individual vulnerabilities without taking their contexts into consideration. Vulnerability assessment over network usually output one aggregated metric indicating the security level of each host. However, none of these work captures the severity change of each individual vulnerabilities under different contexts. I have captured a number of such contexts for vulnerability assessment. For example, the correlation of vulnerabilities belonging to the same application should be considered while aggregating their risk scores. At system level, a vulnerability detected on a highly depended library code should be assigned with a higher risk metric than a vulnerability on a rarely used client side application, even when the two have the same intrinsic risk. Similarly at cloud environment, vulnerabilities with higher prevalences deserve more attention. Besides, zero-day vulnerabilities are largely utilized by attackers therefore should not be ignored while assessing the risks. Historical vulnerability information at application level can be used to predict underground risks. To assess vulnerability with a higher accuracy, feasibility, scalability and efficiency, I developed a systematic vulnerability assessment approach under each of these contexts. ​

Vulnerability assessment

Quantitative risk assessment

Cloud computing security

Zero-day vulnerability assessment

Software dependency risk assessment

Network security (attack graph)

Computer Science (0984)