부산대학교 도서관

Rogue updates, an important type of software supply-chain attack in which attackers conceal malicious code inside updates to benign software, are a growing problem due to their stealth and effective-ness. We design and implement Rogueone, a system for detecting rogue updates to JavaScript packages. Rogueone uses a novel dif-ferential data-flow analysis to capture how an update changes a package's interactions with external APIs. Using an efficient form of abstract interpretation that can exclude unchanged code in a pack-age, it constructs an object data-flow relationship graph (ODRG) that tracks data-flows among objects. Rogueone then maps objects to trust domains, a novel abstraction which summarizes trust relationships in a package. Objects are assigned a trust domain based on whether they originate in the target package, a dependency, or in a system API. Rogueone uses the ODRG to build a set of data-flows across trust domains. It compares data-flow sets across package versions to detect untrustworthy new interactions with external APIs. We evaluated Rogueone on hundreds of npm pack-ages, demonstrating its effectiveness at detecting rogue updates and distinguishing them from benign ones. Rogueone achieves high accuracy and can be more than seven times as effective in detecting rogue updates and avoiding false positives compared to other systems built to detect malicious packages.