Report Title: Compatibility Analysis and Research for Open Source Software

Report time: September 25th, 2023 (Monday) 10:00-12:00 AM

Report location: Conference Room 202, Mathematics Museum East

Host: Professor Chen Yixiang

Report Summary:

With the widespread application of open-source software, its security and maintenance have become the focus of research. This study mainly focuses on how users can efficiently perform post maintenance operations when using open-source software, such as fixing security issues and updating software. To this end, we propose a software behavior compatibility detection method called Sembid based on static semantic fitting for the maintenance and updates of third-party open-source code. On this basis, we further propose a global repair solution Coral for third-party vulnerabilities while ensuring software compatibility. Based on this, in order to automatically fix the long-standing vulnerabilities in third-party software in the Maven ecosystem, we propose a secure and compatible version range recovery solution, Ranger. The experimental results indicate that our method can ensure the compatibility of open-source software upgrades and achieve automated reduction of vulnerability risks in the open-source ecosystem.

Zhang Lvye is currently a doctoral student in the Cybersecurity Laboratory of the School of Computer Science and Engineering at Nanyang Technological University in Singapore. Previously, he obtained a master's degree from Nanyang University of Technology and a bachelor's degree from Harbin Engineering University. Dr. Zhang's main research direction is software supply chain security, especially in the fields of security analysis, ecological governance, and software component analysis of open source software. His related research results have been published in ICSE Published at top international conferences such as ASE and FSE, and won the "Outstanding Paper Award" twice (ASE2022), ICSE2023)。

