{"id":"https://openalex.org/W2001593152","doi":"https://doi.org/10.1145/1377943.1377956","title":"Dynamic multi-process information flow tracking for web application security","display_name":"Dynamic multi-process information flow tracking for web application security","publication_year":2007,"publication_date":"2007-11-01","ids":{"openalex":"https://openalex.org/W2001593152","doi":"https://doi.org/10.1145/1377943.1377956","mag":"2001593152"},"language":"en","primary_location":{"id":"doi:10.1145/1377943.1377956","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1377943.1377956","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2007 ACM/IFIP/USENIX international conference on Middleware companion","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024583453","display_name":"Susanta Nanda","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Susanta Nanda","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109545876","display_name":"Lap-chung Lam","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]},{"id":"https://openalex.org/I4210114417","display_name":"Rether Networks (United States)","ror":"https://ror.org/028dx7d12","country_code":"US","type":"company","lineage":["https://openalex.org/I4210114417"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lap-Chung Lam","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY and Rether Networks Inc., Stony Brook, NY","Stony Brook University, Stony Brook, NY and Rether Networks Inc., Stony Brook, NY#TAB#"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY and Rether Networks Inc., Stony Brook, NY","institution_ids":["https://openalex.org/I59553526","https://openalex.org/I4210114417"]},{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY and Rether Networks Inc., Stony Brook, NY#TAB#","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111960386","display_name":"Tzi\u2010cker Chiueh","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tzi-cker Chiueh","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5024583453"],"corresponding_institution_ids":["https://openalex.org/I59553526"],"apc_list":null,"apc_paid":null,"fwci":8.7038,"has_fulltext":false,"cited_by_count":41,"citation_normalized_percentile":{"value":0.97200349,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"20"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9876000285148621,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8897721767425537},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.602583110332489},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.5806081891059875},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.570761501789093},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.559863269329071},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4417576789855957},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.304317831993103},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2860342860221863},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2018367350101471},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.17650896310806274}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8897721767425537},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.602583110332489},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.5806081891059875},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.570761501789093},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.559863269329071},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4417576789855957},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.304317831993103},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2860342860221863},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2018367350101471},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.17650896310806274},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1377943.1377956","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1377943.1377956","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2007 ACM/IFIP/USENIX international conference on Middleware companion","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.8199999928474426}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W171206966","https://openalex.org/W1511560695","https://openalex.org/W1582331515","https://openalex.org/W1598083179","https://openalex.org/W1988847661","https://openalex.org/W2100666033","https://openalex.org/W2101152030","https://openalex.org/W2102970979","https://openalex.org/W2103919170","https://openalex.org/W2132185316","https://openalex.org/W2144696387","https://openalex.org/W2154212412","https://openalex.org/W2163706363","https://openalex.org/W4254620533"],"related_works":["https://openalex.org/W2167752994","https://openalex.org/W1982746004","https://openalex.org/W2955734438","https://openalex.org/W3184859223","https://openalex.org/W2775081089","https://openalex.org/W2504194819","https://openalex.org/W2407701912","https://openalex.org/W4256450364","https://openalex.org/W4385706035","https://openalex.org/W4238821156"],"abstract_inverted_index":{"Although":[0],"there":[1],"is":[2,81,99,103,224],"a":[3,75,97,119,158,193],"large":[4],"body":[5],"of":[6,12,43,71,89,118,146,171],"research":[7,37],"on":[8,60,86,106],"detection":[9,186],"and":[10,22,116,151,164,173,188],"prevention":[11],"such":[13],"memory":[14],"corruption":[15],"attacks":[16,207],"as":[17,69],"buffer":[18],"overflow,":[19,21],"integer":[20],"format":[23],"string":[24],"attacks,":[25],"the":[26,36,50,63,90,113,141,169,213,219,229],"web":[27,44,53,130,147,231],"application":[28,45,148],"security":[29,46],"problem":[30,80],"receives":[31],"relatively":[32],"less":[33,225],"attention":[34],"from":[35,49,62,140],"community":[38],"by":[39,222],"comparison.":[40],"The":[41],"majority":[42],"problems":[47],"originate":[48],"fact":[51],"that":[52,65,180,199,208],"applications":[54,131,232],"fail":[55],"to":[56,78,82,137,156,176],"perform":[57],"sanity":[58],"checks":[59,85,128,220],"inputs":[61],"network":[64,108],"are":[66],"eventually":[67],"used":[68,92,132,233],"operands":[70,91],"security-sensitive":[72,94],"operations.":[73],"Therefore,":[74],"promising":[76],"approach":[77],"this":[79],"apply":[83],"proper":[84],"tainted":[87,100],"portions":[88],"in":[93,133,234],"operations,":[95],"where":[96],"byte":[98],"if":[101],"it":[102,200],"data/control":[104],"dependent":[105],"some":[107],"packet(s).":[109],"This":[110],"paper":[111],"presents":[112],"design,":[114],"implementation":[115],"evaluation":[117],"dynamic":[120],"checking":[121],"compiler":[122],"called":[123],"WASC,":[124],"which":[125],"automatically":[126],"adds":[127],"into":[129],"three-tier":[134],"internet":[135],"services":[136],"protect":[138],"them":[139],"most":[142],"common":[143],"two":[144],"types":[145],"attacks:":[149],"SQL-":[150],"script-injection":[152],"attack.":[153],"In":[154],"addition":[155],"including":[157],"taint":[159],"analysis":[160],"infrastructure":[161],"for":[162,228],"multi-process":[163],"multi-language":[165],"applications,":[166],"WASC":[167,196,223],"features":[168],"use":[170],"SQL":[172],"HTML":[174],"parsers":[175],"defeat":[177],"evasion":[178],"techniques":[179],"exploit":[181],"interpretation":[182],"differences":[183],"between":[184],"attack":[185],"engines":[187],"target":[189],"applications.":[190],"Experiments":[191],"with":[192,218],"fully":[194],"operational":[195],"prototype":[197],"show":[198],"can":[201],"indeed":[202],"stop":[203],"all":[204],"SQL/script":[205],"injection":[206],"we":[209],"have":[210],"tested.":[211],"Moreover,":[212],"end-to-end":[214],"latency":[215],"penalty":[216],"associated":[217],"inserted":[221],"than":[226],"30%":[227],"test":[230],"our":[235],"performance":[236],"study.":[237]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":2},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":5},{"year":2012,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}