{"id":"https://openalex.org/W4206416288","doi":"https://doi.org/10.1109/icsrs53853.2021.9660640","title":"Software Reuse Exploits in Node.js Web Apps","display_name":"Software Reuse Exploits in Node.js Web Apps","publication_year":2021,"publication_date":"2021-11-24","ids":{"openalex":"https://openalex.org/W4206416288","doi":"https://doi.org/10.1109/icsrs53853.2021.9660640"},"language":"en","primary_location":{"id":"doi:10.1109/icsrs53853.2021.9660640","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsrs53853.2021.9660640","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 5th International Conference on System Reliability and Safety (ICSRS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049855962","display_name":"Tuong Phi Lau","orcid":null},"institutions":[{"id":"https://openalex.org/I123565023","display_name":"Vietnam National University Ho Chi Minh City","ror":"https://ror.org/00waaqh38","country_code":"VN","type":"education","lineage":["https://openalex.org/I123565023"]}],"countries":["VN"],"is_corresponding":true,"raw_author_name":"Tuong Phi Lau","raw_affiliation_strings":["Faculty of Computer Engineering, University of Information Technology Vietnam National University, Ho Chi Minh, Vietnam"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Engineering, University of Information Technology Vietnam National University, Ho Chi Minh, Vietnam","institution_ids":["https://openalex.org/I123565023"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5049855962"],"corresponding_institution_ids":["https://openalex.org/I123565023"],"apc_list":null,"apc_paid":null,"fwci":0.1524,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.48154158,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"190","last_page":"197"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8297178745269775},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7371319532394409},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.5809054374694824},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.550480842590332},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5382724404335022},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.5134154558181763},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4994089603424072},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.483980655670166},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.476101279258728},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4459027349948883},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3878621757030487},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.30935636162757874}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8297178745269775},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7371319532394409},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.5809054374694824},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.550480842590332},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5382724404335022},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.5134154558181763},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4994089603424072},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.483980655670166},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.476101279258728},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4459027349948883},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3878621757030487},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.30935636162757874},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icsrs53853.2021.9660640","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsrs53853.2021.9660640","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 5th International Conference on System Reliability and Safety (ICSRS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.41999998688697815,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":48,"referenced_works":["https://openalex.org/W60817130","https://openalex.org/W1538332098","https://openalex.org/W1578479379","https://openalex.org/W1605557845","https://openalex.org/W1971111941","https://openalex.org/W2122595236","https://openalex.org/W2373401668","https://openalex.org/W2516933175","https://openalex.org/W2591793539","https://openalex.org/W2603401210","https://openalex.org/W2605905493","https://openalex.org/W2754689772","https://openalex.org/W2765755114","https://openalex.org/W2790170320","https://openalex.org/W2806253293","https://openalex.org/W2883505267","https://openalex.org/W2888047193","https://openalex.org/W2899462170","https://openalex.org/W2901225818","https://openalex.org/W2907381941","https://openalex.org/W2915997584","https://openalex.org/W2965414413","https://openalex.org/W2987774250","https://openalex.org/W2990488176","https://openalex.org/W3000045849","https://openalex.org/W3005046538","https://openalex.org/W3007045600","https://openalex.org/W3007494104","https://openalex.org/W3015216799","https://openalex.org/W3021232394","https://openalex.org/W3042795469","https://openalex.org/W3092233123","https://openalex.org/W3097781304","https://openalex.org/W3106490093","https://openalex.org/W3106500569","https://openalex.org/W3106633543","https://openalex.org/W3109934402","https://openalex.org/W3161799213","https://openalex.org/W3162904859","https://openalex.org/W3164787801","https://openalex.org/W3180903877","https://openalex.org/W4244726870","https://openalex.org/W4245027182","https://openalex.org/W6669987511","https://openalex.org/W6752006691","https://openalex.org/W6756045231","https://openalex.org/W6759246942","https://openalex.org/W6774703489"],"related_works":["https://openalex.org/W2626999804","https://openalex.org/W4250004941","https://openalex.org/W2182697532","https://openalex.org/W2736202444","https://openalex.org/W1517387344","https://openalex.org/W2049015391","https://openalex.org/W2137014442","https://openalex.org/W1533158771","https://openalex.org/W1544062218","https://openalex.org/W122082928"],"abstract_inverted_index":{"The":[0],"npm":[1,183],"ecosystem":[2,205],"has":[3],"the":[4,82,88,120,204,208],"largest":[5],"number":[6],"of":[7,26,33,200,227,246],"third-party":[8],"packages":[9,157,184],"for":[10,42,163,237,248,255],"making":[11],"node.js-based":[12],"web":[13,40,84,161],"apps.":[14],"Due":[15],"to":[16,63,74,150,167,180,189,206,233],"its":[17,56,194],"free":[18],"and":[19,59,129,254],"open":[20],"nature,":[21],"it":[22,99,139,213],"can":[23,30,95,186,230],"raise":[24,102],"diversity":[25],"security":[27,103,165],"concerns.":[28],"Adversaries":[29],"take":[31],"advantage":[32],"existing":[34],"software":[35,152],"APIs":[36,77,94,122],"included":[37],"in":[38,81,159],"node.js":[39,66,83,160],"apps":[41,162],"achieving":[43],"their":[44],"own":[45],"malicious":[46,53],"targets.":[47],"More":[48],"specifically,":[49],"attackers":[50],"may":[51,70,100,140],"inject":[52],"data":[54,114,177,257],"into":[55],"client":[57],"requests":[58],"then":[60,69],"submit":[61],"them":[62],"a":[64,198,211],"victim":[65,89],"server.":[67,90],"It":[68],"manipulate":[71],"program":[72],"states":[73],"reuse":[75,153,235],"sensitive":[76,93,121],"as":[78,106,125],"gadgets":[79],"required":[80],"app":[85],"executed":[86],"on":[87,176],"Once":[91],"such":[92,105,190],"be":[96,187,231],"successfully":[97],"accessed,":[98],"indirectly":[101],"threats":[104,166],"code":[107,234,249],"injection":[108,250],"attacks,":[109,112],"software-layer":[110,240],"DoS":[111,143,241],"private":[113,256],"leaks,":[115],"etc.":[116],"For":[117],"example,":[118],"when":[119],"are":[123,130],"implemented":[124],"pattern":[126],"matching":[127],"operations":[128],"called":[131],"with":[132,243,251],"hard-to-match":[133],"input":[134],"string":[135],"submitted":[136],"by":[137],"clients,":[138],"launch":[141],"application-level":[142],"attacks.In":[144],"this":[145],"paper,":[146],"we":[147,171,196,222],"would":[148],"like":[149],"introduce":[151],"exploits":[154,236],"through":[155],"reusing":[156],"available":[158],"posing":[164],"servers.":[168],"In":[169],"addition,":[170],"propose":[172],"an":[173],"approach":[174],"based":[175],"flow":[178],"analysis":[179],"detect":[181],"vulnerable":[182,217,261],"that":[185,229],"exposed":[188,232],"exploits.":[191],"To":[192],"evaluate":[193],"effectiveness,":[195],"collected":[197],"dataset":[199],"15,000":[201],"modules":[202,245],"from":[203],"conduct":[207],"experiments.":[209],"As":[210],"result,":[212],"discovered":[214],"out":[215],"192":[216,228],"packages.":[218],"By":[219],"manual":[220],"analysis,":[221],"identified":[223],"156":[224],"true":[225],"positives":[226],"remotely":[238],"causing":[239],"attacks":[242],"128":[244],"156,":[247],"18":[252],"modules,":[253],"leaks":[258],"including":[259],"10":[260],"ones.":[262]},"counts_by_year":[{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}