Score
Administering Linux systems and distributions including package management (apt/yum/pacman), systemd service management, filesystems, user and permission management, network configuration, shell scripting (bash), and performance troubleshooting with tools like top, journalctl, strace, and ssh.
This work addresses the challenge of highly manual and non-generalizable environment configuration in repository-level software engineering tasks by introducing RAT, the first language-agnostic framework for fully automated repository setup. RAT establishes an end-to-end pipeline comprising semantic initialization, task planning, invocation of specialized tools, and robust sandbox construction. To evaluate such systems realistically, the authors also release RATBench, the first benchmark reflecting the true distribution and heterogeneity of real-world code repositories. Experimental results demonstrate that RAT significantly outperforms strong existing baselines on RATBench, achieving an average 29.6% improvement in Environment Setup Success Rate (ESSR). This advance overcomes prior limitations that relied on predefined artifacts or were confined to specific programming languages.
This study addresses the challenge of preventing and detecting malware in Linux distribution package repositories. Through in-depth interviews with maintainers of major distributions, we find that most lack proactive static or dynamic scanning mechanisms—only Wolfi OS deploys runtime malicious behavior detection. To enable rigorous evaluation, we construct the first open, reproducible benchmark dataset of malicious Linux packages, comprising real-world attack samples and benign counterparts. We systematically evaluate six mainstream open-source detection tools (e.g., ClamAV, YARA) against this benchmark. Results reveal pervasive limitations: all tools suffer from both high false-positive rates and low true-positive rates, with an average true positive rate below 20%, indicating severely limited efficacy in the Linux ecosystem. This work establishes the first empirical benchmark for Linux supply-chain security and provides critical evidence of current tooling failures—thereby motivating and informing the design of targeted, Linux-aware detection frameworks.
This paper presents a systematic review of core challenges in software deployment, including reproducibility, dependency resolution, trust mechanisms, and fine-grained incremental builds. It offers the first comprehensive evaluation of Nix’s pure functional approach across build systems, package management, system configuration, and development environments. Through dependency graph modeling and taxonomic analysis of related tools, the study clarifies Nix’s contributions to ensuring reproducible builds while exposing its limitations in trust establishment and incremental build support. The work further synthesizes cutting-edge community-driven solutions addressing these shortcomings and outlines promising directions for future research in reliable and efficient software deployment.
Existing research is hindered by the lack of large-scale, Linux kernel configuration datasets that span multiple kernel versions and provide fine-grained, quantitative metrics. To address this, we introduce LinuxData—a curated dataset comprising over 240,000 automatically sampled configurations across 27 kernel versions (4.13–5.8), uniformly annotated with compilation outcomes and binary sizes. Our approach enables, for the first time, cross-version prediction of compilation success rate and binary size with high accuracy (mean absolute percentage error <3.2%). This supports advanced configurable-system analyses, including configuration-space modeling, evolutionary analysis, and transfer learning. The dataset is publicly released with a lightweight Python API, OpenML integration, and standardized machine learning benchmarking pipelines. By providing reproducible, version-aware ground truth and streamlined evaluation infrastructure, LinuxData significantly enhances both reproducibility and generalizability in configurable systems research.
To address the challenge of advanced persistent threat (APT) groups leveraging HTTP(S) for stealthy command-and-control (C2) communications that evade mainstream network intrusion detection systems (NIDS), this paper proposes a lightweight, real-time detection framework based on contextual summarization. Our method innovatively integrates cross-session behavioral modeling and semantic-aware traffic summarization, overcoming limitations of single-request feature analysis and encrypted-traffic black-box inspection. It jointly leverages HTTP protocol parsing, session graph construction, temporal context encoding, and contrastive learning for anomaly scoring. Evaluated on real-world APT samples and large-scale background traffic, our framework achieves 98.3% detection rate, 0.12% false positive rate, and average latency under 3.2 seconds—significantly outperforming existing state-of-the-art approaches. The core contribution is the first realization of fine-grained, low-overhead, and high-temporal-resolution contextual awareness for HTTP(S) C2 traffic.
This study addresses the verification challenges faced by open-source software—particularly Linux distributions—under diverse and overlapping compliance requirements. It presents the first systematic empirical analysis of over 1,500 real-world “compliance-as-code” rules drawn from 14 major distributions. Employing static analysis, textual similarity metrics, code clustering, and cross-standard mapping techniques, the research uncovers significant disparities in rule coverage across vendors and reveals that while rule rationales exhibit semantic fragmentation, their underlying code snippets often display localized similarity. The work identifies 24 core security controls commonly adopted by more than ten international organizations and establishes preliminary mappings between these rules and emerging regulatory frameworks such as the Cyber Resilience Act (CRA). These findings lay a theoretical and practical foundation for scalable, automated compliance verification and dynamic rule updating.
Existing package managers suffer from semantic fragmentation due to language- and operating system-specific differences, making it difficult to precisely express cross-language dependencies, versioned system or hardware requirements, and hindering effective security vulnerability tracking. To address these challenges, this work proposes Package Calculus—the first unified formal model that captures the core mechanisms of mainstream package managers through semantic reduction. Serving as an intermediate representation, Package Calculus enables translation and resolution of dependencies across heterogeneous ecosystems. The model facilitates cross-language and cross-platform dependency interoperability and supports global analysis, thereby establishing a rigorous theoretical foundation and practical pathway for dependency resolution and security research.
The lack of formal specifications for opaque Unix commands hinders the practicality of program analysis systems. Method: This paper introduces the first automated specification mining approach that synergistically integrates large language models (LLMs) with system-level instrumentation: LLMs parse unstructured command documentation to generate structured syntactic and semantic constraints; concurrent system-call and filesystem instrumentation dynamically observes command behavior across diverse environments, extracting key properties—including input domains, side effects, and error modes. Contribution/Results: Our method achieves the first end-to-end, LLM-driven specification synthesis across commands and heterogeneous documentation formats, supports multiple standard specification outputs (e.g., SMT-LIB, JSON Schema), and integrates seamlessly with static analyzers. Evaluated on 60 commands—including GNU Coreutils, POSIX utilities, and third-party tools—it attains a 98.3% specification correctness rate, fully eliminating manual specification authoring.
To address poor reproducibility, low build efficiency, and insufficient deployment automation in embedded Linux system customization, this paper proposes a three-layer extensible architecture based on the Yocto Project. The architecture integrates GitLab CI and Docker to ensure environment isolation and enable continuous integration and deployment (CI/CD), while incorporating a local hash server (hashserv) and shared sstate cache server to significantly improve build artifact reuse. It supports automated real-time Linux kernel builds, QEMU-based simulation testing, and validation across six distinct boot scenarios. Experimental evaluation demonstrates substantial reduction in build time, markedly enhanced system stability and build reproducibility, and strong scalability and engineering deployability for industrial-grade applications.
To address the challenges of detecting obfuscated malicious code in open-source packages—namely, high false-positive rates in static analysis and prohibitive overhead in conventional dynamic analysis—this paper proposes a lightweight dynamic analysis enhancement method. It executes target packages within a containerized sandbox (gVisor) and extends the *package-analysis* tool to capture fine-grained runtime behaviors, including command execution, file access, and network communication. By decoupling analysis from the host system, the approach eliminates associated security risks and significantly reduces resource consumption. Furthermore, semantic modeling of behavioral patterns improves detection sensitivity to obfuscated payloads, achieving a 32.7% reduction in false positives and a 28.4% increase in true-positive rate. The core innovation lies in the synergistic integration of reinforced behavioral monitoring with a lightweight containerized sandbox, yielding a dynamic malware detection framework for open-source packages that is secure, efficient, and highly accurate.