{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,30]],"date-time":"2026-05-30T04:40:57Z","timestamp":1780116057594,"version":"3.54.0"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T00:00:00Z","timestamp":1593216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,6,27]]},"DOI":"10.1145\/3377813.3381348","type":"proceedings-article","created":{"date-parts":[[2020,9,19]],"date-time":"2020-09-19T00:21:21Z","timestamp":1600474881000},"page":"100-109","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Building and maintaining a third-party library supply chain for productive and secure SGX enclave development"],"prefix":"10.1145","author":[{"given":"Pei","family":"Wang","sequence":"first","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yu","family":"Ding","sequence":"additional","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mingshen","family":"Sun","sequence":"additional","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Huibo","family":"Wang","sequence":"additional","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tongxin","family":"Li","sequence":"additional","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rundong","family":"Zhou","sequence":"additional","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhaofeng","family":"Chen","sequence":"additional","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yiming","family":"Jing","sequence":"additional","affiliation":[{"name":"Baidu Security"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,9,18]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Asylo: An open and flexible framework for enclave applications. https:\/\/asylo.dev\/  [n. d.]. Asylo: An open and flexible framework for enclave applications. https:\/\/asylo.dev\/"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. Open Enclave SDK. https:\/\/openenclave.io\/sdk\/  [n. d.]. Open Enclave SDK. https:\/\/openenclave.io\/sdk\/"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889229"},{"key":"e_1_3_2_1_4_1","volume-title":"SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI '16)","author":"Arnautov Sergei","year":"2016"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01090-4_32"},{"key":"e_1_3_2_1_6_1","first-page":"32","article-title":"Supply chain risk management practices for federal information systems and organizations","volume":"800","author":"Boyens Jon","year":"2015","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC '17). USENIX Association, 645--658","author":"Tsai Chia","year":"2017"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2451116.2451145"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI '18)","author":"Chen Tianqi","year":"2018"},{"key":"e_1_3_2_1_12_1","volume-title":"Secured Routines: Language-based Construction of Trusted Execution Environments. In 2019 USENIX Annual Technical Conference (USENIX ATC '19)","author":"Ghosn Adrien","year":"2019"},{"key":"e_1_3_2_1_13_1","unstructured":"Dan Goodin. 2018. Widely used open source software contained bitcoin-stealing backdoor. https:\/\/arstechnica.com\/information-technology\/2018\/11\/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin\/  Dan Goodin. 2018. Widely used open source software contained bitcoin-stealing backdoor. https:\/\/arstechnica.com\/information-technology\/2018\/11\/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin\/"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3158154"},{"key":"e_1_3_2_1_15_1","volume-title":"Integrating remote attestation with transport layer security. arXiv preprint arXiv:1801.05863 (","author":"Knauth Thomas","year":"2018"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243858"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC '17). USENIX Association, 285--298","author":"Lind Joshua","year":"2017"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278122.3278137"},{"key":"e_1_3_2_1_19_1","unstructured":"Matt Miller. 2019. Trends Challenges and Strategic Shifts in the Software Vulnerability Mitigation Landscape. https:\/\/github.com\/microsoft\/MSRC-Security-Research\/blob\/master\/presentations\/2019_02_BlueHatIL\/2019_01%20-%20BlueHatIL%20-%20Trends%2C%20challenge%2C%20and%20shifts%20in%20software%20vulnerability%20mitigation.pdf  Matt Miller. 2019. Trends Challenges and Strategic Shifts in the Software Vulnerability Mitigation Landscape. https:\/\/github.com\/microsoft\/MSRC-Security-Research\/blob\/master\/presentations\/2019_02_BlueHatIL\/2019_01%20-%20BlueHatIL%20-%20Trends%2C%20challenge%2C%20and%20shifts%20in%20software%20vulnerability%20mitigation.pdf"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3342813"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/MTD.2013.6608676"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/800216.806586"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (ESEC\/FSE '17)","author":"Sinha Rohit"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354241"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN '15)","author":"Wang Jun","year":"2015"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3141235.3141244"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106287"}],"event":{"name":"ICSE '20: 42nd International Conference on Software Engineering","location":"Seoul South Korea","acronym":"ICSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","KIISE Korean Institute of Information Scientists and Engineers","IEEE CS"]},"container-title":["Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377813.3381348","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3377813.3381348","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:38:51Z","timestamp":1750199931000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377813.3381348"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,27]]},"references-count":25,"alternative-id":["10.1145\/3377813.3381348","10.1145\/3377813"],"URL":"https:\/\/doi.org\/10.1145\/3377813.3381348","relation":{},"subject":[],"published":{"date-parts":[[2020,6,27]]},"assertion":[{"value":"2020-09-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}