Skip to content

Commit 0882117

Browse files
ericcornelissenericcornelissen
authored
Update master-thesis.md
remove one of my thesis topics that someone has started on
1 parent 49df7b4 commit 0882117

File tree

1 file changed

+0
-35
lines changed

1 file changed

+0
-35
lines changed

master-thesis.md

Lines changed: 0 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -39,41 +39,6 @@ Related work:
3939
1. [Prototype of reproducing GitHub actions](https://github.com/ericcornelissen/reproducing-actions)
4040
1. [Reproducible Central](https://github.com/jvm-repo-rebuild/reproducible-central)
4141

42-
### Detection and Mitigation of GitHub action smells
43-
44-
Contact: Eric Cornelissen
45-
46-
[GitHub Actions](https://docs.github.com/en/actions) is the continuous integration and continuous delivery (CI/CD) solution offered by GitHub.
47-
It supports "[expressions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions)" which are parts of the workflow that are filled in at runtime.
48-
The values may come from other parts of the CI/CD workflow or directly from the GitHub website.
49-
A problem with this is that an attacker controlled value used in the wrong way can lead to compromise of the CI/CD workflow.
50-
In this project we will look into automatically fixing such misconfigurations in GitHub Actions workflow definitions.
51-
52-
Related work:
53-
54-
Academic
55-
56-
1. [ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions](https://www.usenix.org/conference/usenixsecurity23/presentation/muralee)
57-
1. [Automatic Security Assessment of GitHub Actions Workflows](https://dl.acm.org/doi/abs/10.1145/3560835.3564554)
58-
1. [Characterizing the Security of Github CI Workflows](https://www.usenix.org/conference/usenixsecurity22/presentation/koishybayev)
59-
1. [Ambush From All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines](https://ieeexplore.ieee.org/document/10061526)
60-
1. [Mitigating Security Issues in GitHub Actions](https://orbi.umons.ac.be/bitstream/20.500.12907/48447/1/Hassan2024-EnCyCriSSVM.pdf)
61-
1. [ActionsRemaker: Reproducing GitHub Actions](http://cdn.zhuhaonan.com/files/icse-23-actionsremaker.pdf)
62-
1. [Quantifying Security Issues in Reusable JavaScript Actions in GitHub Workflows](https://orbi.umons.ac.be/handle/20.500.12907/48468)
63-
1. [A Preliminary Study of GitHub Actions Dependencies](https://ceur-ws.org/Vol-3483/paper7.pdf)
64-
1. [On the outdatedness of workflows in the GitHub Actions ecosystem](https://www.sciencedirect.com/science/article/pii/S0164121223002224)
65-
66-
Industry
67-
68-
1. https://github.com/CycodeLabs/raven
69-
1. https://github.com/boostsecurityio/poutine
70-
1. https://boostsecurityio.github.io/lotp/
71-
1. https://github.com/AdnaneKhan/ActionsTOCTOU
72-
73-
Prototype:
74-
- [Prototype implementation of detection](https://github.com/ericcornelissen/ades)
75-
- [Issue for automatic repair of CI violations](https://github.com/ericcornelissen/ades/issues/42)
76-
7742

7843
<h3 id="uid42">Empirical Study of Compilation Reproducibility in Solidity</h3>
7944

0 commit comments

Comments
 (0)