{"id":"https://openalex.org/W1577821534","doi":"https://doi.org/10.1007/978-3-642-13739-6_15","title":"Enforcing Request Integrity in Web Applications","display_name":"Enforcing Request Integrity in Web Applications","publication_year":2010,"publication_date":"2010-01-01","ids":{"openalex":"https://openalex.org/W1577821534","doi":"https://doi.org/10.1007/978-3-642-13739-6_15","mag":"1577821534"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-642-13739-6_15","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-13739-6_15","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-13739-6_15.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-13739-6_15.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016178612","display_name":"Karthick Jayaraman","orcid":"https://orcid.org/0009-0005-9502-9360"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Karthick Jayaraman","raw_affiliation_strings":["Department of EECS, Syracuse University,"],"affiliations":[{"raw_affiliation_string":"Department of EECS, Syracuse University,","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090590060","display_name":"Grzegorz Lewandowski","orcid":"https://orcid.org/0000-0002-7254-2314"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Grzegorz Lewandowski","raw_affiliation_strings":["Department of EECS, Syracuse University,"],"affiliations":[{"raw_affiliation_string":"Department of EECS, Syracuse University,","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083537150","display_name":"Paul G. Talaga","orcid":null},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Paul G. Talaga","raw_affiliation_strings":["Department of EECS, Syracuse University,"],"affiliations":[{"raw_affiliation_string":"Department of EECS, Syracuse University,","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013358324","display_name":"Steve J. Chapin","orcid":null},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steve J. Chapin","raw_affiliation_strings":["Department of EECS, Syracuse University,"],"affiliations":[{"raw_affiliation_string":"Department of EECS, Syracuse University,","institution_ids":["https://openalex.org/I70983195"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5016178612"],"corresponding_institution_ids":["https://openalex.org/I70983195"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":2.7106,"has_fulltext":true,"cited_by_count":15,"citation_normalized_percentile":{"value":0.91244092,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"225","last_page":"240"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7650201916694641},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.6141325235366821},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5708040595054626},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5236610770225525},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5214794874191284},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5183737874031067},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.517491340637207},{"id":"https://openalex.org/keywords/data-integrity","display_name":"Data integrity","score":0.4909980595111847},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4539780616760254},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.42823946475982666},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4210786521434784},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3500908613204956},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.21307653188705444},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16230961680412292},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.16096508502960205},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.09308087825775146}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7650201916694641},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.6141325235366821},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5708040595054626},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5236610770225525},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5214794874191284},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5183737874031067},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.517491340637207},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.4909980595111847},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4539780616760254},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.42823946475982666},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4210786521434784},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3500908613204956},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.21307653188705444},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16230961680412292},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.16096508502960205},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.09308087825775146}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-642-13739-6_15","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-13739-6_15","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-13739-6_15.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:HAL:hal-01056686v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01056686","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. pp.225-240, &#x27E8;10.1007/978-3-642-13739-6_15&#x27E9;","raw_type":"Conference papers"}],"best_oa_location":{"id":"doi:10.1007/978-3-642-13739-6_15","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-13739-6_15","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-13739-6_15.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7599999904632568}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W1577821534.pdf","grobid_xml":"https://content.openalex.org/works/W1577821534.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W39495240","https://openalex.org/W150512592","https://openalex.org/W1486570429","https://openalex.org/W1488890761","https://openalex.org/W1559255981","https://openalex.org/W1779735989","https://openalex.org/W1896223928","https://openalex.org/W2012909947","https://openalex.org/W2072978486","https://openalex.org/W2088018315","https://openalex.org/W2090184259","https://openalex.org/W2103378897","https://openalex.org/W2109219878","https://openalex.org/W2119085032","https://openalex.org/W2123886726","https://openalex.org/W2126862902","https://openalex.org/W2144621365","https://openalex.org/W2158135570","https://openalex.org/W2162671156","https://openalex.org/W6906355099"],"related_works":["https://openalex.org/W2393973626","https://openalex.org/W2107355607","https://openalex.org/W2105261429","https://openalex.org/W2012419258","https://openalex.org/W318167434","https://openalex.org/W1482564230","https://openalex.org/W4285408982","https://openalex.org/W2127259385","https://openalex.org/W2004929657","https://openalex.org/W2472629561"],"abstract_inverted_index":{"A":[0],"web":[1,74,153],"application":[2,30,93],"is":[3,54,133,161],"constructed":[4],"to":[5,13,20,124],"process":[6],"an":[7,26,29,33,92],"intended":[8,16,51,88],"sequence":[9],"of":[10,46,60,91],"requests.":[11],"Failing":[12],"enforce":[14],"the":[15,50,58,61,87,105,115,137],"sequences":[17,53,90],"can":[18,121],"lead":[19],"request":[21,35,52,70,89,164],"integrity":[22,59,71,165],"(RI)":[23],"attacks,":[24],"wherein":[25],"attacker":[27],"forces":[28],"into":[31,136],"processing":[32],"unintended":[34],"sequence.":[36],"Cross-site-request":[37],"forgeries":[38],"(CSRF)":[39],"and":[40,76,100,109,167],"workflow":[41],"violations":[42],"are":[43,94],"two":[44],"classes":[45],"RI":[47],"attacks.":[48],"Enforcing":[49],"essential":[55],"for":[56,68,129],"ensuring":[57],"application.":[62],"We":[63,146],"describe":[64],"a":[65,73,80,97,101],"new":[66],"approach":[67,120,160],"enforcing":[69],"in":[72,79,114],"application,":[75,138],"its":[77],"implementation":[78],"tool":[81],"called":[82],"Bayawak.":[83],"Under":[84],"our":[85,159],"approach,":[86],"specified":[95],"as":[96],"security":[98,106],"policy,":[99],"framework-level":[102],"method":[103],"enforces":[104],"policy":[107,144],"strictly":[108],"transparently":[110],"without":[111],"requiring":[112],"changes":[113],"application\u2019s":[116],"source":[117,152],"code.":[118],"Our":[119,155],"be":[122],"compared":[123],"operating":[125],"system":[126],"(OS)":[127],"support":[128],"access":[130],"control\u2014access":[131],"control":[132],"not":[134],"built":[135],"but":[139],"based":[140],"on":[141],"OS":[142],"level":[143],"settings.":[145],"evaluated":[147],"Bayawak":[148],"using":[149],"nine":[150],"open":[151],"applications.":[154],"results":[156],"indicate":[157],"that":[158],"effective":[162],"against":[163],"attacks":[166],"incurs":[168],"negligible":[169],"overhead.":[170]},"counts_by_year":[{"year":2018,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}