Codes of Open Source Software(OSS)are widely reused during software development nowadays.However,reusing some specific versions of OSS introduces 1-day vulnerabilities of which details are publicly available,which may...Codes of Open Source Software(OSS)are widely reused during software development nowadays.However,reusing some specific versions of OSS introduces 1-day vulnerabilities of which details are publicly available,which may be exploited and lead to serious security issues.Existing state-of-the-art OSS reuse detection work can not identify the specific versions of reused OSS well.The features they selected are not distinguishable enough for version detection and the matching scores are only based on similarity.This paper presents B2SMatcher,a fine-grained version identification tool for OSS in commercial off-the-shelf(COTS)software.We first discuss five kinds of version-sensitive code features that are trackable in both binary and source code.We categorize these features into program-level features and function-level features and propose a two-stage version identification approach based on the two levels of code features.B2SMatcher also identifies different types of OSS version reuse based on matching scores and matched feature instances.In order to extract source code features as accurately as possible,B2SMatcher innovatively uses machine learning methods to obtain the source files involved in the compilation and uses function abstraction and normalization methods to eliminate the comparison costs on redundant functions across versions.We have evaluated B2SMatcher using 6351 candidate OSS versions and 585 binaries.The result shows that B2SMatcher achieves a high precision up to 89.2%and outperforms state-of-the-art tools.Finally,we show how B2SMatcher can be used to evaluate real-world software and find some security risks in practice.展开更多
The production-oriented approach (POA) has been developed over a decade. It is driven by the need to improve English classroom instruction for university students in China (Wen, 2016). It is also motivated by the ...The production-oriented approach (POA) has been developed over a decade. It is driven by the need to improve English classroom instruction for university students in China (Wen, 2016). It is also motivated by the aspiration to enhance the quality of foreign language education in other similar pedagogical contexts outside China. A volume of research has been done by Wen Qiufang and her research team, to formulate the theory of POA and to test its effectiveness in classroom pedagogy (e.g. Wen, 2016, 2015; Yang, 2015; Zhang, 2015). At the moment, the POA is still at an early stage of theory building and almost all empirical research is done in the Chinese context. In order to improve the quality of this theory and to make it intelligible to the international academic community, a one-day symposium was held in Beijing Foreign Studies University on May 15, 2017. The symposium was entitled 'The first international forum on innovative foreign language education in China: Appraisal of the POA'. In the forum, leading experts in applied linguistics were invited to discuss the strengths and weaknesses of the POA and the directions for its future development. The symposium was the first attempt for the POA research team to discuss its latest work with international scholars. This Viewpoint section collects the responses of four experts who participated in the symposium, listed in alphabetical order. The collection of articles covers three topics related to the POA: its pedagogical application, its use for teacher training, and its research. Alister Cumming is Professor Emeritus and the former Head of the Centre for Educational Research on Languages and Literacies, University of Toronto, Canada. His article focuses primarily on POA research as an exemplary case of design-based research. Rod Ellis is Research Professor in the School of Education at Curtin University, Australia. He discusses POA in terms of pedagogy, teacher training and research, with both critiques and constructive suggestions. Paul Kei Matsuda is Professor of English and Director of Second Language Writing at Arizona State University, the writed states. He responds to POA from the perspective of an expert researcher and teacher of L2 writing. Charlene Polio is Professor and Associate Chair in the Department of Linguistics & Germanic, Slavic, Asian & African Languages atMichigan State University, the writed states. She conceptualises POA as a useful method to address some issues in pre-service teacher development. Overall, the articles in this section are insightful and reader-friendly. They are not only useful for the development of POA in particular, but may also be valuable to a broad range of researchers as they touch upon pertaining issues, as well as emerging topics, in the field of applied linguistics. We therefore find it necessary to make them accessible to a wide readership.展开更多
基金the National Natural Science Foundation of China(Grant No.61802394,U1836209)Key Program of the National Natural Science Foundation of China(Grant No.62032010).
文摘Codes of Open Source Software(OSS)are widely reused during software development nowadays.However,reusing some specific versions of OSS introduces 1-day vulnerabilities of which details are publicly available,which may be exploited and lead to serious security issues.Existing state-of-the-art OSS reuse detection work can not identify the specific versions of reused OSS well.The features they selected are not distinguishable enough for version detection and the matching scores are only based on similarity.This paper presents B2SMatcher,a fine-grained version identification tool for OSS in commercial off-the-shelf(COTS)software.We first discuss five kinds of version-sensitive code features that are trackable in both binary and source code.We categorize these features into program-level features and function-level features and propose a two-stage version identification approach based on the two levels of code features.B2SMatcher also identifies different types of OSS version reuse based on matching scores and matched feature instances.In order to extract source code features as accurately as possible,B2SMatcher innovatively uses machine learning methods to obtain the source files involved in the compilation and uses function abstraction and normalization methods to eliminate the comparison costs on redundant functions across versions.We have evaluated B2SMatcher using 6351 candidate OSS versions and 585 binaries.The result shows that B2SMatcher achieves a high precision up to 89.2%and outperforms state-of-the-art tools.Finally,we show how B2SMatcher can be used to evaluate real-world software and find some security risks in practice.
文摘The production-oriented approach (POA) has been developed over a decade. It is driven by the need to improve English classroom instruction for university students in China (Wen, 2016). It is also motivated by the aspiration to enhance the quality of foreign language education in other similar pedagogical contexts outside China. A volume of research has been done by Wen Qiufang and her research team, to formulate the theory of POA and to test its effectiveness in classroom pedagogy (e.g. Wen, 2016, 2015; Yang, 2015; Zhang, 2015). At the moment, the POA is still at an early stage of theory building and almost all empirical research is done in the Chinese context. In order to improve the quality of this theory and to make it intelligible to the international academic community, a one-day symposium was held in Beijing Foreign Studies University on May 15, 2017. The symposium was entitled 'The first international forum on innovative foreign language education in China: Appraisal of the POA'. In the forum, leading experts in applied linguistics were invited to discuss the strengths and weaknesses of the POA and the directions for its future development. The symposium was the first attempt for the POA research team to discuss its latest work with international scholars. This Viewpoint section collects the responses of four experts who participated in the symposium, listed in alphabetical order. The collection of articles covers three topics related to the POA: its pedagogical application, its use for teacher training, and its research. Alister Cumming is Professor Emeritus and the former Head of the Centre for Educational Research on Languages and Literacies, University of Toronto, Canada. His article focuses primarily on POA research as an exemplary case of design-based research. Rod Ellis is Research Professor in the School of Education at Curtin University, Australia. He discusses POA in terms of pedagogy, teacher training and research, with both critiques and constructive suggestions. Paul Kei Matsuda is Professor of English and Director of Second Language Writing at Arizona State University, the writed states. He responds to POA from the perspective of an expert researcher and teacher of L2 writing. Charlene Polio is Professor and Associate Chair in the Department of Linguistics & Germanic, Slavic, Asian & African Languages atMichigan State University, the writed states. She conceptualises POA as a useful method to address some issues in pre-service teacher development. Overall, the articles in this section are insightful and reader-friendly. They are not only useful for the development of POA in particular, but may also be valuable to a broad range of researchers as they touch upon pertaining issues, as well as emerging topics, in the field of applied linguistics. We therefore find it necessary to make them accessible to a wide readership.
