{"id":"https://openalex.org/W3138063364","doi":"https://doi.org/10.1007/978-3-030-72013-1_6","title":"Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities","display_name":"Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3138063364","doi":"https://doi.org/10.1007/978-3-030-72013-1_6","mag":"3138063364"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-030-72013-1_6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-030-72013-1_6","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-030-72013-1_6.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-030-72013-1_6.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021607503","display_name":"Julien Lepiller","orcid":"https://orcid.org/0000-0003-2284-5488"},"institutions":[{"id":"https://openalex.org/I32971472","display_name":"Yale University","ror":"https://ror.org/03v76x132","country_code":"US","type":"education","lineage":["https://openalex.org/I32971472"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Julien Lepiller","raw_affiliation_strings":["Yale University, New Haven, USA"],"affiliations":[{"raw_affiliation_string":"Yale University, New Haven, USA","institution_ids":["https://openalex.org/I32971472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045794652","display_name":"Ru\u017eica Piska\u010d","orcid":"https://orcid.org/0000-0002-3267-0776"},"institutions":[{"id":"https://openalex.org/I32971472","display_name":"Yale University","ror":"https://ror.org/03v76x132","country_code":"US","type":"education","lineage":["https://openalex.org/I32971472"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ruzica Piskac","raw_affiliation_strings":["Yale University, New Haven, USA"],"affiliations":[{"raw_affiliation_string":"Yale University, New Haven, USA","institution_ids":["https://openalex.org/I32971472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005632259","display_name":"Martin Sch\u00e4f","orcid":"https://orcid.org/0000-0002-6804-0178"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Martin Sch\u00e4f","raw_affiliation_strings":["Amazon Web Services, NYC, USA"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, NYC, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5031902968","display_name":"Mark Santolucito","orcid":"https://orcid.org/0000-0001-8646-4364"},"institutions":[{"id":"https://openalex.org/I98540497","display_name":"Barnard College","ror":"https://ror.org/04rt94r53","country_code":"US","type":"education","lineage":["https://openalex.org/I98540497"]},{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mark Santolucito","raw_affiliation_strings":["Barnard College, Columbia University, NYC, USA"],"affiliations":[{"raw_affiliation_string":"Barnard College, Columbia University, NYC, USA","institution_ids":["https://openalex.org/I98540497","https://openalex.org/I78577930"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5021607503"],"corresponding_institution_ids":["https://openalex.org/I32971472"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":4.0363,"has_fulltext":true,"cited_by_count":12,"citation_normalized_percentile":{"value":0.94287404,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"105","last_page":"123"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.725354790687561},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6317518353462219},{"id":"https://openalex.org/keywords/dataflow","display_name":"Dataflow","score":0.589947521686554},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5852259397506714},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.5606886744499207},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5462462902069092},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5338312983512878},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5040580034255981},{"id":"https://openalex.org/keywords/upgrade","display_name":"Upgrade","score":0.44926732778549194},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.43700680136680603},{"id":"https://openalex.org/keywords/converged-infrastructure","display_name":"Converged infrastructure","score":0.4276922345161438},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4264599084854126},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2682804465293884},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.2419975996017456},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16731113195419312},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.16382494568824768},{"id":"https://openalex.org/keywords/utility-computing","display_name":"Utility computing","score":0.09334209561347961}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.725354790687561},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6317518353462219},{"id":"https://openalex.org/C96324660","wikidata":"https://www.wikidata.org/wiki/Q205446","display_name":"Dataflow","level":2,"score":0.589947521686554},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5852259397506714},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.5606886744499207},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5462462902069092},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5338312983512878},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5040580034255981},{"id":"https://openalex.org/C2780615140","wikidata":"https://www.wikidata.org/wiki/Q920419","display_name":"Upgrade","level":2,"score":0.44926732778549194},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.43700680136680603},{"id":"https://openalex.org/C128954960","wikidata":"https://www.wikidata.org/wiki/Q5166353","display_name":"Converged infrastructure","level":5,"score":0.4276922345161438},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4264599084854126},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2682804465293884},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2419975996017456},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16731113195419312},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.16382494568824768},{"id":"https://openalex.org/C85106507","wikidata":"https://www.wikidata.org/wiki/Q1188445","display_name":"Utility computing","level":4,"score":0.09334209561347961},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-030-72013-1_6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-030-72013-1_6","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-030-72013-1_6.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:pubmedcentral.nih.gov:7984555","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/7984555","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Tools and Algorithms for the Construction and Analysis of Systems","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1007/978-3-030-72013-1_6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-030-72013-1_6","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-030-72013-1_6.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.6200000047683716,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3138063364.pdf","grobid_xml":"https://content.openalex.org/works/W3138063364.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W2043100293","https://openalex.org/W2138556012","https://openalex.org/W2146077028","https://openalex.org/W2205295324","https://openalex.org/W2248302901","https://openalex.org/W2263636531","https://openalex.org/W2407292968","https://openalex.org/W2489690523","https://openalex.org/W2590250299","https://openalex.org/W2605856244","https://openalex.org/W2761268990","https://openalex.org/W2816958343","https://openalex.org/W2884432391","https://openalex.org/W2889340195","https://openalex.org/W2893249073","https://openalex.org/W2900152012","https://openalex.org/W2907766023","https://openalex.org/W2908957302","https://openalex.org/W2955656327","https://openalex.org/W3125174003"],"related_works":["https://openalex.org/W2368438474","https://openalex.org/W2027229894","https://openalex.org/W3120511008","https://openalex.org/W2009087301","https://openalex.org/W1688445866","https://openalex.org/W3206324740","https://openalex.org/W3037885166","https://openalex.org/W1522409329","https://openalex.org/W2334946778","https://openalex.org/W4310934769"],"abstract_inverted_index":{"Abstract":[0],"Infrastructure":[1,43],"as":[2,19,44,48,190],"Code":[3,45],"is":[4,184],"a":[5,40,53,85,92,141,161,174,193],"new":[6],"approach":[7,31],"to":[8,15,61,135],"computing":[9],"infrastructure":[10,28,82,109],"management":[11],"that":[12,57,95,115,143,164,182],"allows":[13,32],"users":[14,58],"leverage":[16],"tools":[17],"such":[18,47,128,145],"version":[20],"control,":[21],"automatic":[22],"deployments,":[23],"and":[24,35,104,112,123,147,180,186],"program":[25],"analysis":[26],"for":[27,33],"configurations.":[29],"This":[30],"faster":[34],"more":[36],"homogeneous":[37],"configuration":[38],"of":[39,66,87,107,152,176,192],"complete":[41],"infrastructure.":[42,68],"languages,":[46],"CloudFormation":[49,178],"or":[50],"TerraForm,":[51],"use":[52],"declarative":[54],"model":[55],"so":[56],"only":[59],"need":[60],"describe":[62],"the":[63,67,81,102,108,149],"desired":[64],"state":[65],"However,":[69],"in":[70,120,160],"practice,":[71],"these":[72],"languages":[73],"are":[74,110,118],"not":[75],"processed":[76],"atomically.":[77],"During":[78],"an":[79,98],"upgrade,":[80],"goes":[83],"through":[84],"series":[86],"intermediate":[88],"states.":[89],"We":[90,126,156,169],"identify":[91],"security":[93],"vulnerability":[94,117],"occurs":[96],"during":[97],"upgrade":[99],"even":[100],"when":[101],"initial":[103],"final":[105],"states":[106],"secure,":[111],"we":[113,139],"show":[114],"those":[116],"possible":[119],"Amazon\u2019s":[121],"AWS":[122],"Google":[124],"Cloud.":[125],"call":[127],"attacks":[129],"intra-update":[130],"sniping":[131],"vulnerabilities.":[132],"In":[133],"order":[134],"mitigate":[136],"this":[137,158],"shortcoming,":[138],"present":[140],"technique":[142,159],"detects":[144],"vulnerabilities":[146],"pinpoints":[148],"root":[150],"causes":[151],"insecure":[153],"deployment":[154,194],"migrations.":[155],"implement":[157],"tool,":[162],"H\u00e4yh\u00e4,":[163],"uses":[165],"dataflow":[166],"graph":[167],"analysis.":[168],"evaluate":[170],"our":[171],"tool":[172],"on":[173],"set":[175],"open-source":[177],"templates":[179],"find":[181],"it":[183],"scalable":[185],"could":[187],"be":[188],"used":[189],"part":[191],"workflow.":[195]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2}],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-10T00:00:00"}