{"id":"https://openalex.org/W2120703169","doi":"https://doi.org/10.1145/2635868.2635907","title":"Efficient runtime-enforcement techniques for policy weaving","display_name":"Efficient runtime-enforcement techniques for policy weaving","publication_year":2014,"publication_date":"2014-11-04","ids":{"openalex":"https://openalex.org/W2120703169","doi":"https://doi.org/10.1145/2635868.2635907","mag":"2120703169"},"language":"en","primary_location":{"id":"doi:10.1145/2635868.2635907","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2635868.2635907","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090800526","display_name":"Richard Joiner","orcid":"https://orcid.org/0000-0002-9252-1940"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Richard Joiner","raw_affiliation_strings":["University of Wisconsin-Madison, USA"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin-Madison, USA","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066155126","display_name":"Thomas Reps","orcid":"https://orcid.org/0000-0002-5676-9949"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]},{"id":"https://openalex.org/I4210135696","display_name":"GrammaTech (United States)","ror":"https://ror.org/03mwfxd89","country_code":"US","type":"company","lineage":["https://openalex.org/I4210135696"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas Reps","raw_affiliation_strings":["University of Wisconsin-Madison, USA / GrammaTech, USA","University of Wisconsin-Madison, USA / GrammaTech, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin-Madison, USA / GrammaTech, USA","institution_ids":["https://openalex.org/I4210135696","https://openalex.org/I135310074"]},{"raw_affiliation_string":"University of Wisconsin-Madison, USA / GrammaTech, USA#TAB#","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088826068","display_name":"Somesh Jha","orcid":"https://orcid.org/0000-0001-5877-0436"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Somesh Jha","raw_affiliation_strings":["University of Wisconsin-Madison, USA"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin-Madison, USA","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073096229","display_name":"Mohan Dhawan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210103279","display_name":"IBM Research - India","ror":"https://ror.org/014wt7r80","country_code":"IN","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210103279","https://openalex.org/I4210114115"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Mohan Dhawan","raw_affiliation_strings":["IBM Research, India"],"affiliations":[{"raw_affiliation_string":"IBM Research, India","institution_ids":["https://openalex.org/I4210103279"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003010093","display_name":"Vinod Ganapathy","orcid":"https://orcid.org/0000-0003-3001-0800"},"institutions":[{"id":"https://openalex.org/I102322142","display_name":"Rutgers, The State University of New Jersey","ror":"https://ror.org/05vt9qd57","country_code":"US","type":"education","lineage":["https://openalex.org/I102322142"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vinod Ganapathy","raw_affiliation_strings":["Rutgers University, USA","Rutgers University, , USA"],"affiliations":[{"raw_affiliation_string":"Rutgers University, USA","institution_ids":["https://openalex.org/I102322142"]},{"raw_affiliation_string":"Rutgers University, , USA","institution_ids":["https://openalex.org/I102322142"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5090800526"],"corresponding_institution_ids":["https://openalex.org/I135310074"],"apc_list":null,"apc_paid":null,"fwci":1.227,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.85244904,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"224","last_page":"234"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/indirection","display_name":"Indirection","score":0.9247323274612427},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.811765193939209},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6066482067108154},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5627963542938232},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5489237904548645},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.5405048727989197},{"id":"https://openalex.org/keywords/weaving","display_name":"Weaving","score":0.5171010494232178},{"id":"https://openalex.org/keywords/transactional-memory","display_name":"Transactional memory","score":0.5097984671592712},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.49324363470077515},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.4629439115524292},{"id":"https://openalex.org/keywords/statement","display_name":"Statement (logic)","score":0.45846685767173767},{"id":"https://openalex.org/keywords/program-analysis","display_name":"Program analysis","score":0.44365549087524414},{"id":"https://openalex.org/keywords/bytecode","display_name":"Bytecode","score":0.4187825918197632},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.366877019405365},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.19334858655929565},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.0894525945186615}],"concepts":[{"id":"https://openalex.org/C89377073","wikidata":"https://www.wikidata.org/wiki/Q1171224","display_name":"Indirection","level":2,"score":0.9247323274612427},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.811765193939209},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6066482067108154},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5627963542938232},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5489237904548645},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.5405048727989197},{"id":"https://openalex.org/C54525549","wikidata":"https://www.wikidata.org/wiki/Q2553445","display_name":"Weaving","level":2,"score":0.5171010494232178},{"id":"https://openalex.org/C134277064","wikidata":"https://www.wikidata.org/wiki/Q878206","display_name":"Transactional memory","level":3,"score":0.5097984671592712},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.49324363470077515},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.4629439115524292},{"id":"https://openalex.org/C2777026412","wikidata":"https://www.wikidata.org/wiki/Q2684591","display_name":"Statement (logic)","level":2,"score":0.45846685767173767},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.44365549087524414},{"id":"https://openalex.org/C2779818221","wikidata":"https://www.wikidata.org/wiki/Q837330","display_name":"Bytecode","level":3,"score":0.4187825918197632},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.366877019405365},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.19334858655929565},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0894525945186615},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C75949130","wikidata":"https://www.wikidata.org/wiki/Q848010","display_name":"Database transaction","level":2,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2635868.2635907","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2635868.2635907","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7900000214576721,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W174477046","https://openalex.org/W1414322427","https://openalex.org/W1579453661","https://openalex.org/W1600802743","https://openalex.org/W1606733447","https://openalex.org/W1847288881","https://openalex.org/W1999753800","https://openalex.org/W2006611045","https://openalex.org/W2007846881","https://openalex.org/W2020841721","https://openalex.org/W2036910349","https://openalex.org/W2045506295","https://openalex.org/W2060592389","https://openalex.org/W2060857434","https://openalex.org/W2068531859","https://openalex.org/W2075832738","https://openalex.org/W2078356878","https://openalex.org/W2106933078","https://openalex.org/W2111141292","https://openalex.org/W2118410985","https://openalex.org/W2119588373","https://openalex.org/W2123582298","https://openalex.org/W2127516946","https://openalex.org/W2137621008","https://openalex.org/W2138094382","https://openalex.org/W2140973326","https://openalex.org/W2157823989","https://openalex.org/W2158297335","https://openalex.org/W3083604022","https://openalex.org/W4247465700"],"related_works":["https://openalex.org/W2084628231","https://openalex.org/W2751166390","https://openalex.org/W4254473902","https://openalex.org/W823394483","https://openalex.org/W2806773351","https://openalex.org/W2011987478","https://openalex.org/W2962818160","https://openalex.org/W1831147408","https://openalex.org/W3188145288","https://openalex.org/W163795935"],"abstract_inverted_index":{"Policy":[0],"weaving":[1,63,85],"is":[2,13,160],"a":[3,8,21,80,87,104,117,130,147,219],"program-transformation":[4],"technique":[5],"that":[6,11,151,159,176,203],"rewrites":[7],"program":[9,35,179],"so":[10,175],"it":[12],"guaranteed":[14],"to":[15,20,30,50,112,132,163],"be":[16,133,140,170],"safe":[17],"with":[18],"respect":[19],"stateful":[22],"security":[23],"policy.":[24],"It":[25],"utilizes":[26],"(i)":[27],"static":[28,74,165,173],"analysis":[29,77,150],"identify":[31],"points":[32,49],"in":[33,116,210,218],"the":[34,66,70,93,100,123,127,137,164,205,208,211],"at":[36,47],"which":[37],"policy":[38,52,62,84,138,184,197],"violations":[39,56],"might":[40],"occur,":[41],"and":[42,54,75,90,109,154,193,199],"(ii)":[43],"runtime":[44,114,149],"checks":[45],"inserted":[46],"such":[48],"monitor":[51],"state":[53,124],"prevent":[55],"from":[57,65,126],"occurring.":[58],"The":[59],"promise":[60],"of":[61,68,73,83,102,106,129,190,207,213],"stems":[64],"possibility":[67],"blending":[69],"best":[71],"aspects":[72],"dynamic":[76],"components.":[78],"Therefore,":[79],"successful":[81],"instantiation":[82],"requires":[86],"careful":[88],"balance":[89],"coordination":[91],"between":[92],"two.":[94],"In":[95],"this":[96],"paper,":[97],"we":[98],"examine":[99],"strategy":[101],"using":[103],"combination":[105],"transactional":[107,191],"introspection":[108,121,192],"statement":[110,131,194],"indirection":[111,144,195],"implement":[113],"enforcement":[115],"policy-weaving":[118],"system.":[119],"Transactional":[120],"allows":[122],"resulting":[125],"execution":[128],"examined":[134],"and,":[135],"if":[136],"would":[139],"violated,":[141],"suppressed.":[142],"Statement":[143],"serves":[145],"as":[146],"light-weight":[148],"can":[152,169],"recognize":[153],"instrument":[155],"dynamically":[156],"generated":[157],"code":[158],"not":[161],"available":[162],"analysis.":[166],"These":[167],"techniques":[168],"implemented":[171],"via":[172],"rewriting":[174],"all":[177],"possible":[178],"executions":[180],"are":[181],"protected":[182],"against":[183],"violations.":[185],"We":[186],"describe":[187],"our":[188],"implementation":[189],"for":[196],"weaving,":[198],"report":[200],"experimental":[201],"results":[202],"show":[204],"viability":[206],"approach":[209],"context":[212],"real-world":[214],"JavaScript":[215],"programs":[216],"executing":[217],"browser.":[220]},"counts_by_year":[{"year":2020,"cited_by_count":2},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}