From 4511e36a76e971bcffb445d05aacacf1be3c6b8b Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Thu, 6 Nov 2025 19:04:49 +0100 Subject: [PATCH] Make , . and spaces consistant for paper & theses --- index.md | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/index.md b/index.md index 9ff8bbf..6dd5062 100644 --- a/index.md +++ b/index.md @@ -44,39 +44,39 @@ To get notified about project news, subscribe to the [Chains mailing list](https (reverse chronological order, newest first) * 2025 - - [NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.js](https://arxiv.org/abs/2508.13750). ACM CCS 2025. + - [NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.js](https://arxiv.org/abs/2508.13750), ACM CCS, 2025. - [GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement](http://arxiv.org/pdf/2505.11016), Technical report 2505.11016, arXiv, 2025. - - [The Design Space of Lockfiles Across Package Managers](http://arxiv.org/pdf/2505.04834). Technical report 2505.04834, arXiv, 2025. + - [The Design Space of Lockfiles Across Package Managers](http://arxiv.org/pdf/2505.04834), Technical report 2505.04834, arXiv, 2025. - [Canonicalization for Unreproducible Builds in Java](https://arxiv.org/abs/2504.21679), Technical report 2504.21679, arXiv, 2025. - - [Implementing in-toto SBOM Attestations in an Enterprise Context](http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-363613), Master's thesis Christofer Vikström, 2025 - - [Software Bills of Materials in Maven Central](https://arxiv.org/abs/2501.13832), Proceedings of MSR 2025. + - [Implementing in-toto SBOM Attestations in an Enterprise Context](http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-363613), Master's thesis Christofer Vikström, 2025. + - [Software Bills of Materials in Maven Central](https://arxiv.org/abs/2501.13832), Proceedings of MSR, 2025. - [On-Chain Analysis of Smart Contract Dependency Risks on Ethereum](https://arxiv.org/abs/2503.19548), Technical report 2503.19548, arXiv, 2025. - [Vexed by VEX tools: Consistency evaluation of container vulnerability scanners](https://arxiv.org/abs/2503.14388), Technical report 2503.14388, arXiv, 2025. - [Maven-Hijack: Software Supply Chain Attack Exploiting Packaging Order](http://arxiv.org/pdf/2407.18760), In Proceedings of ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED), 2025. ([webpage](https://chains.proj.kth.se/maven-hijack.html)) * 2024 - - [Code-Reuse Attacks in Managed Programming Languages and Runtimes](https://www.diva-portal.org/smash/get/diva2:1905323/SUMMARY01.pdf), PhD Thesis Mikhail Shcherbakov, 2024 - - [Dirty-Waters: Detecting Software Supply Chain Smells](https://arxiv.org/abs/2410.16049), arXiv 2024. - - [Automatic Program Repair For Breaking Dependency Updates With Large Language Models](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-354835), Master's thesis Federico Bonno, 2024 - - [Investigation of the Software Supply Chain of JavaScript Cryptocurrency Wallets](https://daisy.dsv.su.se/divaexport/fil?id=282465), Master's thesis Raphina Yi Liu, 2024 - - [Geth Rebuild: Strengthening Ethereum Client Integrity through Reproducible Builds](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-355285), Master's thesis Vivi Andersson, 2024 - - [From Blueprint to Reality: Evaluating the Feasibility of Air-gapped Maven Builds](https://www.diva-portal.org/smash/get/diva2:1932196/FULLTEXT02), Master's thesis Oliver Schwalbe Lehtihet, 2024 - - [The Embedding and Retrieval of Software Supply Chain Information in Java Applications](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-354837), Master's thesis Daniel Williams, 2024 - - [Measuring the Vulnerability Lifecycle in the Software Supply Chain via SBOM Scans](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-354504), Master's thesis Felix Qvarfordt, 2024 - - [GoSurf: Identifying Software Supply Chain Attack Vectors in Go](https://arxiv.org/abs/2407.04442), Proceedings of ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED'24) - - [Breaking-Good: Explaining Breaking Dependency Updates with Build Analysis](https://arxiv.org/abs/2407.03880), Proceedings of IEEE SCAM, 2024 - - [SBOM.EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java](https://arxiv.org/abs/2407.00246), arXiv 2024. - - [GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes](https://www.usenix.org/conference/usenixsecurity24/presentation/cornelissen). Usenix Security 2024. - - [Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis](https://arxiv.org/abs/2311.03919). Proceedings of WWW, 2024. - - [Mitigating CI/CD threats through an extended access control model](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-346918), Master's thesis Arvid Siberov, 2024 - - [BUMP: A Benchmark of Reproducible Breaking Dependency Updates](https://arxiv.org/abs/2401.09906), Proceedings of IEEE SANER, 2024 - - [Highly Available Blockchain Nodes With N-Version Design](https://arxiv.org/abs/2303.14438), IEEE Transactions on Dependable and Secure Computing, 2024 + - [Code-Reuse Attacks in Managed Programming Languages and Runtimes](https://www.diva-portal.org/smash/get/diva2:1905323/SUMMARY01.pdf), PhD Thesis Mikhail Shcherbakov, 2024. + - [Dirty-Waters: Detecting Software Supply Chain Smells](https://arxiv.org/abs/2410.16049), arXiv, 2024. + - [Automatic Program Repair For Breaking Dependency Updates With Large Language Models](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-354835), Master's thesis Federico Bonno, 2024. + - [Investigation of the Software Supply Chain of JavaScript Cryptocurrency Wallets](https://daisy.dsv.su.se/divaexport/fil?id=282465), Master's thesis Raphina Yi Liu, 2024. + - [Geth Rebuild: Strengthening Ethereum Client Integrity through Reproducible Builds](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-355285), Master's thesis Vivi Andersson, 2024. + - [From Blueprint to Reality: Evaluating the Feasibility of Air-gapped Maven Builds](https://www.diva-portal.org/smash/get/diva2:1932196/FULLTEXT02), Master's thesis Oliver Schwalbe Lehtihet, 2024. + - [The Embedding and Retrieval of Software Supply Chain Information in Java Applications](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-354837), Master's thesis Daniel Williams, 2024. + - [Measuring the Vulnerability Lifecycle in the Software Supply Chain via SBOM Scans](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-354504), Master's thesis Felix Qvarfordt, 2024. + - [GoSurf: Identifying Software Supply Chain Attack Vectors in Go](https://arxiv.org/abs/2407.04442), Proceedings of ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED), 2024. + - [Breaking-Good: Explaining Breaking Dependency Updates with Build Analysis](https://arxiv.org/abs/2407.03880), Proceedings of IEEE SCAM, 2024. + - [SBOM.EXE: Countering Dynamic Code Injection based on Software Bill of Materials in Java](https://arxiv.org/abs/2407.00246), arXiv, 2024. + - [GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes](https://www.usenix.org/conference/usenixsecurity24/presentation/cornelissen), Usenix Security, 2024. + - [Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis](https://arxiv.org/abs/2311.03919), Proceedings of WWW, 2024. + - [Mitigating CI/CD threats through an extended access control model](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-346918), Master's thesis Arvid Siberov, 2024. + - [BUMP: A Benchmark of Reproducible Breaking Dependency Updates](https://arxiv.org/abs/2401.09906), Proceedings of IEEE SANER, 2024. + - [Highly Available Blockchain Nodes With N-Version Design](https://arxiv.org/abs/2303.14438), IEEE Transactions on Dependable and Secure Computing, 2024. * 2023 - - [GitBark: A Rule-Based Framework for Maintaining Integrity in Source Code Repositories](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-340648), Master's thesis Elias Bonnici, 2023 - - [Challenges of Producing Software Bill Of Materials for Java](https://arxiv.org/abs/2303.11102), IEEE Security & Privacy, - - [Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js](https://arxiv.org/abs/2207.11171), Usenix Security 2023 - - [Diverse Double-Compiling to Harden Cryptocurrency Software](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-323901), Master's thesis Niklas Rosencrantz, 2023 + - [GitBark: A Rule-Based Framework for Maintaining Integrity in Source Code Repositories](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-340648), Master's thesis Elias Bonnici, 2023. + - [Challenges of Producing Software Bill Of Materials for Java](https://arxiv.org/abs/2303.11102), IEEE Security & Privacy, 2023. + - [Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js](https://arxiv.org/abs/2207.11171), Usenix Security, 2023. + - [Diverse Double-Compiling to Harden Cryptocurrency Software](https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-323901), Master's thesis Niklas Rosencrantz, 2023. * 2022 - - [The Multibillion Dollar Software Supply Chain of Ethereum](https://arxiv.org/abs/2202.07029), IEEE Computer, 2022 + - [The Multibillion Dollar Software Supply Chain of Ethereum](https://arxiv.org/abs/2202.07029), IEEE Computer, 2022. ## Repositories @@ -135,7 +135,7 @@ Chains alumni: [Deepika Tiwari](https://deee92.github.io/), [Arvid Siberov](http ## Press -- [Bygger mer robusta programvarukedjorn ](https://framtidensforskning.se/2024/06/12/bygger-mer-robusta-programvarukedjor/), in Framtidens Forskning (June 12 2024, In Swedish) +- [Bygger mer robusta programvarukedjorn](https://framtidensforskning.se/2024/06/12/bygger-mer-robusta-programvarukedjor/), in Framtidens Forskning (June 12 2024, In Swedish) - [Försörjningskedjan för programvaror avgörande för säkerheten](https://framtidensforskning.se/2022/06/17/forsorjningskedjan-for-programvaror-avgorande-for-sakerheten/), in Framtidens Forskning (June 17 2022, In Swedish)