Recent years have witnessed the emerging trend of extensions in modern Integrated Development Environments (IDEs) like Visual Studio Code (VSCode) that significantly enhance developer productivity. Especially, popular...
详细信息
ISBN:
(数字)9798331535100
ISBN:
(纸本)9798331535117
Recent years have witnessed the emerging trend of extensions in modern Integrated Development Environments (IDEs) like Visual Studio Code (VSCode) that significantly enhance developer productivity. Especially, popular AI coding assistants like GitHub Copilot and Tabnine provide conveniences like automated code completion and debugging. While these extensions offer numerous benefits, they may introduce privacy and security concerns to software developers. However, there is no existing work that systematically analyzes the security and privacy concerns, including the risks of data exposure in VSCode extensions. In this paper, we investigate on the security issues of cross-extension interactions in VSCode and shed light on the vulner-abilities caused by data exposure among different extensions. Our study uncovers high-impact security flaws that could allow adversaries to stealthily acquire or manipulate credential-related data (e.g., passwords, API keys, access tokens) from other extensions if not properly handled by extension vendors. To measure their prevalence, we design a novel automated risk detection framework that leverages program analysis and natural language processing techniques to automatically identify potential risks in VSCode extensions. By applying our tool to 27,261 real-world VSCode extensions, we discover that 8.5 % of them (i.e., 2,325 extensions) are exposed to credential-related data leakage through various vectors, such as commands, user input, and configurations. Our study sheds light on the security challenges and flaws of the extension-in-IDE paradigm and provides suggestions and recommendations for improving the security of VSCode extensions and mitigating the risks of data exposure.
In today's fast-paced business environment, making informed decisions is crucial for success. To achieve this, decision-makers are increasingly turning to data-oriented and business intelligence databases. As a re...
详细信息
In the human body, a regulated change of hemodynamic parameters and the possibility of repetitive sensing for refinement and finding other algorithms for continuous measurement of blood pressure non-invasively is not ...
详细信息
This research study compares the accuracy of different techniques based on deep learning (DL) for predicting turbulent flows. Different types of Generative Adversarial Networks (GANs) are examined in terms of their ap...
详细信息
In this paper, an IoT-driven smart packaging in the pharmaceutical industry is developed to maintain product integrity and improve patient safety. To monitor essential environmental and handling conditions, the resear...
详细信息
This paper presents an alternative proof of the celebrated friendship theorem, originally established by Erdős, Rényi, and Sós (1966). The proof relies on a closed-form expression for the Lovász ϑ-func...
详细信息
Aggressive activity in public spaces is a significant threat to personal safety and social cohesion. Cameras and other security devices have been mounted in various locations for public safety in recent years. Thousan...
详细信息
Alzheimer's disease is the primary cause of dementia. Due to the sluggish rate of progression of Alzheimer's disease, individuals have the opportunity to start receiving therapy early through routine testing. ...
详细信息
Natural Language Processing (NLP) solutions for legal contracts have been the preserve of large law firms and other industries (e.g., investment banks), especially those with large amounts of resources, having both th...
Natural Language Processing (NLP) solutions for legal contracts have been the preserve of large law firms and other industries (e.g., investment banks), especially those with large amounts of resources, having both the volume and range of legal documents and manpower to label the training data. The findings suggest that it is possible to use a smaller volume of training contacts and still generate results that are within an acceptable range. Our results show that just 120 training contracts trained on a pre-trained language model can generate results that are within 10% of the same model trained on 3.3 times the volume. In conclusion, smaller law firms could benefit from machine learning NLP solutions for clause extraction.
Wireless sensor networks(WSNs)is one of the renowned ad hoc network technology that has vast varieties of applications such as in computer networks,bio-medical engineering,agriculture,industry and many *** has been us...
详细信息
Wireless sensor networks(WSNs)is one of the renowned ad hoc network technology that has vast varieties of applications such as in computer networks,bio-medical engineering,agriculture,industry and many *** has been used in the internet-of-things(IoTs)applications.A method for data collecting utilizing hybrid compressive sensing(CS)is developed in order to reduce the quantity of data transmission in the clustered sensor network and balance the network *** cluster head nodes are chosen first from each temporary cluster that is closest to the cluster centroid of the nodes,and then the cluster heads are selected in order based on the distance between the determined cluster head node and the undetermined candidate cluster head ***,each ordinary node joins the cluster that is nearest to *** greedy CS is used to compress data transmission for nodes whose data transmission volume is greater than the threshold in a data transmission tree with the Sink node as the root node and linking all cluster head *** simulation results demonstrate that when the compression ratio is set to ten,the data transfer volume is reduced by a factor of *** compared to clustering and SPT without CS,it is reduced by 75%and 65%,*** compared to SPT with Hybrid CS and Clustering with hybrid CS,it is reduced by 35%and 20%,*** and SPT without CS are compared in terms of node data transfer volume standard *** with Hybrid CS and clustering with Hybrid CS were both reduced by 62%and 80%,*** compared to SPT with hybrid CS and clustering with hybrid CS,the latter two were reduced by 41%and 19%,respectively.
暂无评论