{"id":"https://openalex.org/W2898614297","doi":"https://doi.org/10.1109/tse.2018.2878020","title":"Platform-Independent Dynamic Taint Analysis for JavaScript","display_name":"Platform-Independent Dynamic Taint Analysis for JavaScript","publication_year":2018,"publication_date":"2018-10-26","ids":{"openalex":"https://openalex.org/W2898614297","doi":"https://doi.org/10.1109/tse.2018.2878020","mag":"2898614297"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2018.2878020","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2018.2878020","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081413019","display_name":"Rezwana Karim","orcid":null},"institutions":[{"id":"https://openalex.org/I4210101778","display_name":"Samsung (United States)","ror":"https://ror.org/01bfbvm65","country_code":"US","type":"company","lineage":["https://openalex.org/I2250650973","https://openalex.org/I4210101778"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rezwana Karim","raw_affiliation_strings":["Samsung Research America, Mountain View, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Samsung Research America, Mountain View, CA, USA","institution_ids":["https://openalex.org/I4210101778"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087594876","display_name":"Frank Tip","orcid":"https://orcid.org/0000-0002-1862-3498"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Frank Tip","raw_affiliation_strings":["College of Computer and Information Science, Northeastern University, Boston, MA, USA"],"raw_orcid":"https://orcid.org/0000-0002-1862-3498","affiliations":[{"raw_affiliation_string":"College of Computer and Information Science, Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035884268","display_name":"Alena Sochurkova","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alena Sochurkova","raw_affiliation_strings":["Avast, Prague, Czechia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Avast, Prague, Czechia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101569699","display_name":"Koushik Sen","orcid":"https://orcid.org/0000-0002-4539-9188"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Koushik Sen","raw_affiliation_strings":["University of California at Berkeley, Berkeley, CA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California at Berkeley, Berkeley, CA, USA","institution_ids":["https://openalex.org/I95457486"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.1964,"has_fulltext":false,"cited_by_count":56,"citation_normalized_percentile":{"value":0.90767361,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"46","issue":"12","first_page":"1364","last_page":"1379"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9105552434921265},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.8808987140655518},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.8406028747558594},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.5352277159690857},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5224087238311768},{"id":"https://openalex.org/keywords/instrumentation","display_name":"Instrumentation (computer programming)","score":0.5021359920501709},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4981861114501953},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4798021614551544},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4657367765903473},{"id":"https://openalex.org/keywords/unobtrusive-javascript","display_name":"Unobtrusive JavaScript","score":0.4446215331554413},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4209161698818207},{"id":"https://openalex.org/keywords/program-transformation","display_name":"Program transformation","score":0.41505396366119385},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.414227157831192},{"id":"https://openalex.org/keywords/transformation","display_name":"Transformation (genetics)","score":0.41105154156684875},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.24921947717666626},{"id":"https://openalex.org/keywords/rich-internet-application","display_name":"Rich Internet application","score":0.08557721972465515}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9105552434921265},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.8808987140655518},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.8406028747558594},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.5352277159690857},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5224087238311768},{"id":"https://openalex.org/C118530786","wikidata":"https://www.wikidata.org/wiki/Q1134732","display_name":"Instrumentation (computer programming)","level":2,"score":0.5021359920501709},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4981861114501953},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4798021614551544},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4657367765903473},{"id":"https://openalex.org/C198240166","wikidata":"https://www.wikidata.org/wiki/Q2298909","display_name":"Unobtrusive JavaScript","level":4,"score":0.4446215331554413},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4209161698818207},{"id":"https://openalex.org/C2778361913","wikidata":"https://www.wikidata.org/wiki/Q7248437","display_name":"Program transformation","level":2,"score":0.41505396366119385},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.414227157831192},{"id":"https://openalex.org/C204241405","wikidata":"https://www.wikidata.org/wiki/Q461499","display_name":"Transformation (genetics)","level":3,"score":0.41105154156684875},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.24921947717666626},{"id":"https://openalex.org/C103048170","wikidata":"https://www.wikidata.org/wiki/Q725485","display_name":"Rich Internet application","level":3,"score":0.08557721972465515},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2018.2878020","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2018.2878020","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6000000238418579,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G154579872","display_name":null,"funder_award_id":"CCF-1715153","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2128282257","display_name":null,"funder_award_id":"695412","funder_id":"https://openalex.org/F4320334678","funder_display_name":"European Research Council"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320334678","display_name":"European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":50,"referenced_works":["https://openalex.org/W114581357","https://openalex.org/W431566009","https://openalex.org/W1222699389","https://openalex.org/W1582983062","https://openalex.org/W1777693579","https://openalex.org/W1828069936","https://openalex.org/W1963971515","https://openalex.org/W1969883639","https://openalex.org/W1987647365","https://openalex.org/W1994197051","https://openalex.org/W1998180710","https://openalex.org/W2043676331","https://openalex.org/W2061640969","https://openalex.org/W2066195326","https://openalex.org/W2074935412","https://openalex.org/W2085939020","https://openalex.org/W2089745089","https://openalex.org/W2101678831","https://openalex.org/W2105982807","https://openalex.org/W2112459589","https://openalex.org/W2125357166","https://openalex.org/W2129278597","https://openalex.org/W2134633067","https://openalex.org/W2138788987","https://openalex.org/W2146717998","https://openalex.org/W2148595118","https://openalex.org/W2155735696","https://openalex.org/W2165304392","https://openalex.org/W2166743230","https://openalex.org/W2245157299","https://openalex.org/W2396919876","https://openalex.org/W2465382026","https://openalex.org/W2591793539","https://openalex.org/W2602111867","https://openalex.org/W2736381184","https://openalex.org/W2759927279","https://openalex.org/W2766465278","https://openalex.org/W2807041801","https://openalex.org/W4233002554","https://openalex.org/W4239813889","https://openalex.org/W4244726870","https://openalex.org/W6614926642","https://openalex.org/W6627779323","https://openalex.org/W6634824358","https://openalex.org/W6638085149","https://openalex.org/W6641190993","https://openalex.org/W6682379866","https://openalex.org/W6690725082","https://openalex.org/W6712567129","https://openalex.org/W6744912059"],"related_works":["https://openalex.org/W650647575","https://openalex.org/W1566603754","https://openalex.org/W2621181330","https://openalex.org/W2085515337","https://openalex.org/W2766362161","https://openalex.org/W2525971262","https://openalex.org/W2949337025","https://openalex.org/W2584011092","https://openalex.org/W2290206096","https://openalex.org/W2527850347"],"abstract_inverted_index":{"Previous":[0],"approaches":[1],"to":[2,20,45,121,173,198],"dynamic":[3],"taint":[4,47,77,109,114],"analysis":[5],"for":[6,51,130,207],"JavaScript":[7,15,71],"are":[8,103],"implemented":[9,127],"directly":[10],"in":[11,135,202],"a":[12,21,136,180,188,203],"browser":[13],"or":[14,31],"engine,":[16,72],"limiting":[17],"their":[18],"applicability":[19],"single":[22],"platform":[23],"and":[24,64,73,98,105,140,163],"requiring":[25,82],"ongoing":[26],"maintenance":[27],"as":[28,49],"platforms":[29],"evolve,":[30],"they":[32],"require":[33],"nontrivial":[34],"program":[35],"transformations.":[36],"We":[37,126,184],"present":[38],"an":[39,52,116],"approach":[40,56],"that":[41,158,191],"relies":[42],"on":[43,78,143,187],"instrumentation":[44],"encode":[46],"propagation":[48],"instructions":[50,102],"abstract":[53],"machine.":[54],"Our":[55],"has":[57],"two":[58],"key":[59],"advantages:":[60],"it":[61,74,106,142],"is":[62,176],"platform-independent":[63],"can":[65,75,195],"be":[66,196],"used":[67,197],"with":[68],"any":[69],"existing":[70],"track":[76],"primitive":[79],"values":[80],"without":[81],"the":[83,100,128,131,208],"introduction":[84],"of":[85,150],"wrapper":[86],"objects.":[87],"Furthermore,":[88],"our":[89],"technique":[90,129],"enables":[91],"multiple":[92],"deployment":[93],"scenarios":[94],"by":[95],"varying":[96],"when":[97],"where":[99,113],"generated":[101],"executed":[104],"supports":[107],"indirect":[108],"sources,":[110],"i.e.,":[111],"situations":[112],"enters":[115],"application":[117,206],"via":[118],"arguments":[119],"passed":[120],"dynamically":[122],"registered":[123],"event-listener":[124],"functions.":[125],"ECMAScript":[132],"5":[133],"language":[134],"tool":[137],"called":[138],"Ichnaea,":[139],"evaluated":[141],"22":[144],"NPM":[145],"modules":[146,155],"containing":[147,156],"several":[148],"types":[149],"injection":[151],"vulnerabilities,":[152],"including":[153],"4":[154],"vulnerabilities":[157],"were":[159],"not":[160],"previously":[161],"discovered":[162],"reported.":[164],"On":[165],"these":[166],"modules,":[167],"run-time":[168],"overheads":[169],"range":[170],"from":[171],"3.17x":[172],"38.42x,":[174],"which":[175],"significantly":[177],"better":[178],"than":[179],"previous":[181],"transformation-based":[182],"technique.":[183],"also":[185],"report":[186],"case":[189],"study":[190],"shows":[192],"how":[193],"Ichnaea":[194],"detect":[199],"privacy":[200],"leaks":[201],"Tizen":[204],"web":[205],"Samsung":[209],"Gear":[210],"S2":[211],"smart":[212],"watch.":[213]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":13},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":5}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
