Name: Towards Exploring the Fine-Grained Code Reuse in the PyPI Ecosystem
Start: 2022-12-08T11:15:00+01:00
End: 2022-12-08T12:15:00+01:00
Location: KTH room 4523

**Speaker**
George Drosos

**Abstract**
Modern programming languages facilitate software reuse by hosting software repositories containing interdependent software libraries, which form software ecosystems. Such ecosystems present substantial security risks. To understand and mitigate such risks, researchers often conduct analyses on software ecosystems through dependency networks, usually on the package level. Recent research has proved that a more fine-grained analysis through call-based dependency networks can offer significantly more precise results.
In this talk, we will discuss how we can employ call-based dependency networks in order to measure two aspects of code reuse correlated with security risk, namely software bloat and technical leverage. Our analysis is performed in the popular ecosystem of PyPI, which has recently been the target of many supply chain attacks. With respect to software bloat, our goal is to measure the amount of bloated dependencies and unreachable dependency code existing on PyPI at the fine-grained level. We also aim to demonstrate a way of measuring technical leverage on the fine-grained level, a software metric which describes the ratio between the amount of code that packages leverage from dependencies in comparison to their own's size.
Additionally, we will talk over some preliminary results of our analysis: We found out that a significant amount of software bloat exists on PyPI, indicating that a potential debloating process could effectively reduce the attack surface of the corresponding ecosystem. Additionally, we observed that PyPI applications are highly dependent on third-party code, and thus exposed to security risks.

**Bio**
George Drosos is a researcher in software engineering at the Business Analytics Laboratory at Athens University of Economics and Business (AUEB). He holds a BSc with distinction in Management Science and Technology from AUEB, majoring in Software and Data Analysis Technologies. He has previously worked as a Research Software Engineer at the FASTEN Research Project. In the past, he was also involved in research projects focusing on analyzing and detecting compiler bugs. His main research interests include Software Analytics and Compilers.

\-\-\-
Attend in person, or online at https://kth-se.zoom.us/j/61754874417

Benoit Baudry

Deepika Tiwari

KTH Software Research Meetup

Technology

Science

Open Source

New Technology

Software Development

Computer Science

Academics

Scholarly Research Outside Academia

Computer Programming

Towards Exploring the Fine-Grained Code Reuse in the PyPI Ecosystem

KTH room 4523

Share

KTH Software Research Meetup

Towards Exploring the Fine-Grained Code Reuse in the PyPI Ecosystem

KTH Software Research Meetup

Details

Members are also interested in