SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques

An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain

Deep neural networks achieve state-of-the-art performance on many tasks, but require increasingly complex architectures and costly training procedures. Engineers can reduce costs by reusing a pre-trained model (PTM) and fine-tuning it for their own tasks. To facilitate software reuse, engineers collaborate around model hubs, collections of PTMs and datasets organized by problem domain. Although model hubs are now comparable in popularity and size to other software ecosystems, the associated PTM supply chain has not yet been examined from a software engineering perspective. We present an empirical study of artifacts and security features in 8 model hubs. We indicate the potential threat models and show that the existing defenses are insufficient for ensuring the security of PTMs. We compare PTM and traditional supply chains, and propose directions for further measurements and tools to increase the reliability of the PTM supply chain

An Empirical Study of Pre-Trained Model Reuse in the Hugging Face Deep Learning Model Registry

Deep Neural Networks (DNNs) are being adopted as components in software systems. Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the-art architectures grow more complex. Following the path of traditional software engineering, machine learning engineers have begun to reuse large-scale pre-trained models (PTMs) and fine-tune these models for downstream tasks. Prior works have studied reuse practices for traditional software packages to guide software engineers towards better package maintenance and dependency management. We lack a similar foundation of knowledge to guide behaviors in pre-trained model ecosystems. In this work, we present the first empirical investigation of PTM reuse. We interviewed 12 practitioners from the most popular PTM ecosystem, Hugging Face, to learn the practices and challenges of PTM reuse. From this data, we model the decision-making process for PTM reuse. Based on the identified practices, we describe useful attributes for model reuse, including provenance, reproducibility, and portability. Three challenges for PTM reuse are missing attributes, discrepancies between claimed and actual performance, and model risks. We substantiate these identified challenges with systematic measurements in the Hugging Face ecosystem. Our work informs future directions on optimizing deep learning ecosystems by automated measuring useful attributes and potential attacks, and envision future research on infrastructure and standardization for model registries

Off-fault damage and acoustic emission distributions during the evolution of structurally complex faults over series of stick-slip events

Variations in fault structure, for example, surface roughness and deformation zone width, influence the location and dynamics of large earthquakes as well as the distribution of small seismic events. In nature, changes in fault roughness and seismicity characteristics can rarely be studied simultaneously, so that little is known about their interaction and evolution. Here, we investigate the connection between fault structure and near-fault distributions of seismic events over series of stick-slip cycles in the laboratory. We conducted a set of experiments on rough faults that developed from incipient fracture surfaces. We monitored stress and seismic activity which occurred in the form of acoustic emissions (AEs). We determined AE density distributions as a function of fault normal distance based on high-accuracy hypocentre locations during subsequent interslip periods. The characteristics of these distributions were closely connected to different structural units of the faults, that is, the fault core, off-fault and background damage zone. The core deformation zone was characterized by consistently high seismic activity, whereas the off-fault damage zone displayed a power-law decay of seismic activity with increasing distance from the fault core. The exponents of the power-law-distributed off-fault activity increased with successive stick-slip events so that later interslip periods showed a more rapid spatial decay of seismic activity from the fault. The increase in exponents was strongest during the first one to three interslip periods and reached approximately constant values thereafter. The relatively rapid spatial decay of AE events during later interslip periods is likely an expression of decreasing fault zone complexity and roughness. Our results indicate a close relationship between fault structure, stress and seismic off-fault activity. A more extensive mapping of seismic off-fault activity-decay has the potential to significantly advance the understanding of fault zone properties including variations in fault roughness and stress

Prototype ATLAS IBL Modules using the FE-I4A Front-End Readout Chip

The ATLAS Collaboration will upgrade its semiconductor pixel tracking detector with a new Insertable B-layer (IBL) between the existing pixel detector and the vacuum pipe of the Large Hadron Collider. The extreme operating conditions at this location have necessitated the development of new radiation hard pixel sensor technologies and a new front-end readout chip, called the FE-I4. Planar pixel sensors and 3D pixel sensors have been investigated to equip this new pixel layer, and prototype modules using the FE-I4A have been fabricated and characterized using 120 GeV pions at the CERN SPS and 4 GeV positrons at DESY, before and after module irradiation. Beam test results are presented, including charge collection efficiency, tracking efficiency and charge sharing.Comment: 45 pages, 30 figures, submitted to JINS

Measurements of fiducial and differential cross sections for Higgs boson production in the diphoton decay channel at s√=8 TeV with ATLAS

Measurements of fiducial and differential cross sections are presented for Higgs boson production in proton-proton collisions at a centre-of-mass energy of s√=8 TeV. The analysis is performed in the H → γγ decay channel using 20.3 fb−1 of data recorded by the ATLAS experiment at the CERN Large Hadron Collider. The signal is extracted using a fit to the diphoton invariant mass spectrum assuming that the width of the resonance is much smaller than the experimental resolution. The signal yields are corrected for the effects of detector inefficiency and resolution. The pp → H → γγ fiducial cross section is measured to be 43.2 ±9.4(stat.) − 2.9 + 3.2 (syst.) ±1.2(lumi)fb for a Higgs boson of mass 125.4GeV decaying to two isolated photons that have transverse momentum greater than 35% and 25% of the diphoton invariant mass and each with absolute pseudorapidity less than 2.37. Four additional fiducial cross sections and two cross-section limits are presented in phase space regions that test the theoretical modelling of different Higgs boson production mechanisms, or are sensitive to physics beyond the Standard Model. Differential cross sections are also presented, as a function of variables related to the diphoton kinematics and the jet activity produced in the Higgs boson events. The observed spectra are statistically limited but broadly in line with the theoretical expectations

Measurement of the production of a W boson in association with a charm quark in pp collisions at √s = 7 TeV with the ATLAS detector

The production of a W boson in association with a single charm quark is studied using 4.6 fb−1 of pp collision data at s√ = 7 TeV collected with the ATLAS detector at the Large Hadron Collider. In events in which a W boson decays to an electron or muon, the charm quark is tagged either by its semileptonic decay to a muon or by the presence of a charmed meson. The integrated and differential cross sections as a function of the pseudorapidity of the lepton from the W-boson decay are measured. Results are compared to the predictions of next-to-leading-order QCD calculations obtained from various parton distribution function parameterisations. The ratio of the strange-to-down sea-quark distributions is determined to be 0.96+0.26−0.30 at Q 2 = 1.9 GeV2, which supports the hypothesis of an SU(3)-symmetric composition of the light-quark sea. Additionally, the cross-section ratio σ(W + +c¯¯)/σ(W − + c) is compared to the predictions obtained using parton distribution function parameterisations with different assumptions about the s−s¯¯¯ quark asymmetry