{"id":"https://openalex.org/W2208250362","doi":"https://doi.org/10.1145/2818000.2818003","title":"Evaluating the Flexibility of the Java Sandbox","display_name":"Evaluating the Flexibility of the Java Sandbox","publication_year":2015,"publication_date":"2015-12-07","ids":{"openalex":"https://openalex.org/W2208250362","doi":"https://doi.org/10.1145/2818000.2818003","mag":"2208250362"},"language":"en","primary_location":{"id":"doi:10.1145/2818000.2818003","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2818000.2818003","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038934215","display_name":"Zack Coker","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zack Coker","raw_affiliation_strings":["Carnegie Mellon University"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001289822","display_name":"Michael Maass","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Maass","raw_affiliation_strings":["Carnegie Mellon University"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052388873","display_name":"Tianyuan Ding","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tianyuan Ding","raw_affiliation_strings":["Carnegie Mellon University"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032356672","display_name":"Claire Le Goues","orcid":"https://orcid.org/0000-0002-3931-060X"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Claire Le Goues","raw_affiliation_strings":["Carnegie Mellon University"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039972599","display_name":"Joshua Sunshine","orcid":"https://orcid.org/0000-0002-9672-5297"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joshua Sunshine","raw_affiliation_strings":["Carnegie Mellon University"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5038934215"],"corresponding_institution_ids":["https://openalex.org/I74973139"],"apc_list":null,"apc_paid":null,"fwci":2.3161,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.89385154,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.9863691329956055},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.8157381415367126},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6985441446304321},{"id":"https://openalex.org/keywords/flexibility","display_name":"Flexibility (engineering)","score":0.5963045954704285},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3916976749897003},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.05770227313041687},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.05376657843589783}],"concepts":[{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.9863691329956055},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.8157381415367126},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6985441446304321},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.5963045954704285},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3916976749897003},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.05770227313041687},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.05376657843589783}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2818000.2818003","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2818000.2818003","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5799999833106995,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2548846539","display_name":null,"funder_award_id":"HQ0034-13-D-0004","funder_id":"https://openalex.org/F4320332201","funder_display_name":"Office of the Secretary of Defense"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320332201","display_name":"Office of the Secretary of Defense","ror":"https://ror.org/00q4sx826"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W6385438","https://openalex.org/W131387342","https://openalex.org/W174528657","https://openalex.org/W626067554","https://openalex.org/W1500460345","https://openalex.org/W1504054062","https://openalex.org/W1884689072","https://openalex.org/W1970867218","https://openalex.org/W1976727567","https://openalex.org/W1986453394","https://openalex.org/W1997201541","https://openalex.org/W2000240326","https://openalex.org/W2014742088","https://openalex.org/W2035124535","https://openalex.org/W2053307247","https://openalex.org/W2056073317","https://openalex.org/W2071907540","https://openalex.org/W2075849836","https://openalex.org/W2087527532","https://openalex.org/W2095938258","https://openalex.org/W2096887945","https://openalex.org/W2104152314","https://openalex.org/W2129894194","https://openalex.org/W2145994642","https://openalex.org/W2147221906","https://openalex.org/W2148127931","https://openalex.org/W2166091242","https://openalex.org/W6600256889","https://openalex.org/W6607046118","https://openalex.org/W6682128060"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2033352828","https://openalex.org/W2355810117","https://openalex.org/W3098313552","https://openalex.org/W70177500","https://openalex.org/W2546418048","https://openalex.org/W2076427967","https://openalex.org/W3212184609","https://openalex.org/W2499283203","https://openalex.org/W2795849205"],"abstract_inverted_index":{"The":[0],"ubiquitously-installed":[1],"Java":[2,38,44,78,85,96,113,169,191],"Runtime":[3],"Environment":[4],"(JRE)":[5],"provides":[6],"a":[7,21,164],"complex,":[8],"flexible":[9],"set":[10],"of":[11,17,73,106,167],"mechanisms":[12],"that":[13,42,90,99,117,145,157],"support":[14],"the":[15,31,43,74,84,107,112,123,131,186,190],"execution":[16],"untrusted":[18],"code":[19],"inside":[20],"secure":[22],"sandbox.":[23,192],"However,":[24],"many":[25],"recent":[26],"exploits":[27,171],"have":[28],"successfully":[29],"escaped":[30],"sandbox,":[32],"allowing":[33],"attackers":[34],"to":[35,188],"infect":[36],"numerous":[37],"hosts.":[39],"We":[40,68,88,134,155],"hypothesize":[41],"security":[45,63,86,97,114,132,148],"model":[46],"affords":[47],"developers":[48,91],"more":[49],"flexibility":[50,109],"than":[51],"they":[52],"need":[53],"or":[54,94],"use":[55,80,104],"in":[56,185],"practice,":[57],"and":[58,81,116,126,151],"thus":[59],"its":[60],"complexity":[61],"compromises":[62],"without":[64,172],"improving":[65],"practical":[66,180],"functionality.":[67],"describe":[69],"an":[70],"empirical":[71],"study":[72],"ways":[75,124],"benign":[76,100,125,177],"open-source":[77],"applications":[79],"interact":[82,129],"with":[83,130,176],"manager.":[87,133],"found":[89],"regularly":[92],"misunderstand":[93],"misuse":[95],"mechanisms,":[98],"programs":[101,128],"do":[102],"not":[103],"all":[105],"vast":[108],"afforded":[110],"by":[111,138],"model,":[115],"there":[118],"are":[119],"clear":[120],"differences":[121],"between":[122],"exploit":[127],"validate":[135],"these":[136,159],"results":[137],"deriving":[139],"two":[140],"restrictions":[141],"on":[142],"application":[143],"behavior":[144],"restrict":[146],"(1)":[147],"manager":[149],"modifications":[150],"(2)":[152],"privilege":[153],"escalation.":[154],"demonstrate":[156],"enforcing":[158],"rules":[160,181],"at":[161],"runtime":[162],"stop":[163],"representative":[165],"proportion":[166],"modern":[168],"7":[170],"breaking":[173],"backwards":[174],"compatibility":[175],"applications.":[178],"These":[179],"should":[182],"be":[183],"enforced":[184],"JRE":[187],"fortify":[189]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":4}],"updated_date":"2026-04-06T07:47:59.780226","created_date":"2025-10-10T00:00:00"}