Skip to main content

Assurance and certification in secure Multi-party Open Software and Services.


Exploitation strategy

This report will present the exploitation strategy defined by the project partners including exploitation perspectives envisaged individually and jointly by the partners a qualitative assessment of the expected impacts The report will contain a plan for the use of knowledge and IPR management

Methodologies and Algorithms for qualification, certification, and learning from deployed Service

The set of performance measures to be evaluated for the security qualification and certification tool of virtualized workloads will be defined Modern state machine algorithms will be adapted to capture the behavior of MOSS components T42 Methods for dealing with timing and metrics from WP2 need to be developed This is the joint deliverable of the methodological contribution of T41 and T42

AssureMOSS Integrated Toolflow Evaluation and Demonstration Plan

This deliverable will provide a coherent framework for the execution of the demonstrations to be run in T63 T64 and T65 also defining KPIs for the evaluation of the toolflow

Detectors for model extraction - report

The preliminary concepts for the architecture of the DevBot and detectors along with security model detectors as developed in T21 will be described in a report The security indicators and analytics concepts developed in T22 will be described in a report

Innovation management plan

This report will present the innovation management strategy defined by the partners to handle the project outcomes as well as the activities performed in this domain during the project implementation and the perspective ones to be implemented behind the project completion

Dissemination and communication plan and report 1

This report will include the strategic approach for dissemination and communication of project information and results the matrix of target audiences and stakeholders the evidences of the tools and materials envisaged for dissemination purposes eg project website project logo flyers and brochures social media profiles and KPIs that will be used to monitor the effectiveness of the envisaged dissemination activities this set of information will be included in the first release of D72 M6 to orient the activities of all partners All partners will provide inputs to this report and UNIVIE will edit it

Source code representation methods

This deliverable describes novel approaches to learning representations of source code changes leveraging large corpora of annotated samples that are either readily available or that can be extracted using the toolkit of Task 62

Methodology for Incremental and Continuous Certification Scheme of software

This deliverable will include the methodology process and algorithms for delta evaluation and delta verification of source code to achieve a continuous recertification scheme developed in T52

Methodology for Risk Indicators

A preliminary version of the methodology developed in Task T51 to be consumed by other partners and external stakeholder for a preliminary validation

Project website and social accounts

The public website will include the description of the project the consortium main deliverables and news about the project It will be continuously updated during the project life time and a closed version will be maintained for the 3 years following the end of the project

Searching for OpenAIRE data...


Commit2Vec: Learning Distributed Representations of Code Changes

Author(s): Rocío Cabrera Lozoya, Arnaud Baumann, Antonino Sabetta & Michele Bezzi
Published in: SN Computer Science, 2021, ISSN 2661-8907
Publisher: Springer Nature
DOI: 10.1007/s42979-021-00566-z

SolarWinds and the Challenges of Patching: Can We Ever Stop Dancing with the Devil?

Author(s): Fabio Massacci; Trent Jaeger; Sean Peisert
Published in: IEEE SECURITY & PRIVACY, vol 19, iss 2, 2021, ISSN 1540-7993
Publisher: IEEE Computer Society
DOI: 10.1109/msec.2021.3050433

Detector-based component model abstraction for microservice-based systems

Author(s): Ntentos, E., Zdun, U., Plakidas, K. et al.
Published in: Computing, 103, 2021, Page(s) 2521–2551, ISSN 0010-485X
Publisher: Springer Verlag
DOI: 10.1007/s00607-021-01002-z

TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses

Author(s): Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, Fabio Massacci
Published in: IEEE Empirical Software Engineering, 2021, ISSN 0098-5589
Publisher: Institute of Electrical and Electronics Engineers
DOI: 10.1007/s10664-021-10013-5

Understanding the Security Implications of Kubernetes Networking

Author(s): Francesco Minna; Agathe Blaise; Filippo Rebecchi; Balakrishnan Chandrasekaran; Fabio Massacci
Published in: IEEE Security & Privacy ( Volume: 19, Issue: 5, Sept.-Oct. 2021), 2021, ISSN 1540-7993
Publisher: IEEE Computer Society
DOI: 10.1109/msec.2021.3094726

Evaluating and Improving Microservice Architecture Conformance to Architectural Design Decisions

Author(s): Ntentos E., Zdun U., Plakidas K., Geiger S.
Published in: Service-Oriented Computing. ICSOC 2021., 2021, Page(s) 188-203, ISBN 978-3-030-91430-1
Publisher: Springer
DOI: 10.1007/978-3-030-91431-8_12

Identifying Domain-Based Cyclic Dependencies in Microservice APIs Using Source Code Detectors

Author(s): Patric Genfer, Uwe Zdun
Published in: Software Architecture. ECSA 2021., vol 12857, 2021, Page(s) 207-222, ISBN 978-3-030-86043-1
Publisher: Springer
DOI: 10.1007/978-3-030-86044-8_15

Secure Software Development in the Era of Fluid Multi-party Open Software and Services

Author(s): Ivan Pashchenko, Riccardo Scandariato, Antonino Sabetta, Fabio Massacci
Published in: 2021 IEEE/ACM 43rd International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), 2021, Page(s) 91-95, ISBN 978-1-6654-0140-1
Publisher: IEEE
DOI: 10.1109/icse-nier52604.2021.00027

Please hold on: more time = more patches? Automated program repair as anytime algorithms

Author(s): Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci
Published in: 2021 IEEE/ACM International Workshop on Automated Program Repair (APR), 2021, Page(s) 9-10, ISBN 978-1-6654-4472-9
Publisher: IEEE
DOI: 10.1109/apr52552.2021.00009

Improving Vulnerability Prediction of JavaScript Functions Using Process Metrics

Author(s): Tamás Viszkok, Péter Hegedűs, Rudolf Ferenc
Published in: Proceedings of the 16th International Conference on Software Technologies (ICSOFT 2021), 2021
Publisher: ScitePress
DOI: 10.5220/0010558501850195

A Comparison of Different Source Code Representation Methods for Vulnerability Prediction in Python

Author(s): Amirreza Bagheri, Péter Hegedűs
Published in: Proceedings of the 14th International Conference on the Quality of Information and Communications Technology (QUATIC 2021), 2021, Page(s) 267-281, ISBN 978-3-030-85347-1
Publisher: Springer
DOI: 10.1007/978-3-030-85347-1_20

LastPyMile: identifying the discrepancy between sources and packages

Author(s): Duc-Ly Vu, Fabio Massacci, Ivan Pashchenko, Henrik Plate, Antonino Sabetta
Published in: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2021, Page(s) 780-792, ISBN 9781450385626
Publisher: ACM
DOI: 10.1145/3468264.3468592

Bug Prediction Using Source Code Embedding Based on Doc2Vec

Author(s): Tamás Aladics, Judit JászRudolf Ferenc
Published in: Proceedings of the 21st International Conference on Computational Science and its Applicationsdings of (ICCSA 2021), 2021, Page(s) 382-397, ISBN 978-3-030-87007-2
Publisher: Springer
DOI: 10.1007/978-3-030-87007-2_27

Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks

Author(s): Fabio Massacci, Ivan Pashchenko
Published in: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021, Page(s) 1386-1397, ISBN 978-1-6654-0296-5
Publisher: IEEE
DOI: 10.1109/icse43902.2021.00125

The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application.

Author(s): Serena Elisa Ponta; Wolfram Fischer; Henrik Plate; Antonino Sabetta
Published in: 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME), 2021, Page(s) 555-558
Publisher: IEEE
DOI: 10.26226/morressier.613b5418842293c031b5b612

Technical Leverage: Dependencies Are a Mixed Blessing

Author(s): Fabio Massacci, Ivan Pashchenko
Published in: IEEE Security & Privacy, 19/3, 2021, Page(s) 58-62, ISSN 1540-7993
Publisher: IEEE Computer Society
DOI: 10.1109/msec.2021.3065627