{"id":"https://openalex.org/W2400427673","doi":"https://doi.org/10.1145/2897845.2897874","title":"Model-based Security Testing","display_name":"Model-based Security Testing","publication_year":2016,"publication_date":"2016-05-27","ids":{"openalex":"https://openalex.org/W2400427673","doi":"https://doi.org/10.1145/2897845.2897874","mag":"2400427673"},"language":"en","primary_location":{"id":"doi:10.1145/2897845.2897874","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897845.2897874","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069572941","display_name":"Ronghai Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Ronghai Yang","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103237866","display_name":"Guanchen Li","orcid":"https://orcid.org/0000-0002-3493-8887"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Guanchen Li","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020413351","display_name":"Wing Cheong Lau","orcid":"https://orcid.org/0000-0003-1179-7855"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Wing Cheong Lau","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008237643","display_name":"Kehuan Zhang","orcid":"https://orcid.org/0000-0003-1519-0057"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Kehuan Zhang","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055452226","display_name":"Pili Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Pili Hu","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I177725633"],"apc_list":null,"apc_paid":null,"fwci":9.666,"has_fulltext":false,"cited_by_count":49,"citation_normalized_percentile":{"value":0.97816303,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"651","last_page":"662"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.8951836824417114},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.83035808801651},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7307314872741699},{"id":"https://openalex.org/keywords/scope","display_name":"Scope (computer science)","score":0.4652493894100189},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.4586508274078369},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4552406966686249},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.45246127247810364},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3729342222213745},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.25485002994537354},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1530839502811432},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12950396537780762},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.11654368042945862},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.08214494585990906}],"concepts":[{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.8951836824417114},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.83035808801651},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7307314872741699},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.4652493894100189},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.4586508274078369},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4552406966686249},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.45246127247810364},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3729342222213745},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.25485002994537354},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1530839502811432},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12950396537780762},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.11654368042945862},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.08214494585990906},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2897845.2897874","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897845.2897874","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320334800","display_name":"Research Committee, Aristotle University of Thessaloniki","ror":"https://ror.org/02j61yw88"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W152776996","https://openalex.org/W1197495329","https://openalex.org/W1495444061","https://openalex.org/W1519162333","https://openalex.org/W1585530051","https://openalex.org/W1606436461","https://openalex.org/W1861561811","https://openalex.org/W2012921353","https://openalex.org/W2023040061","https://openalex.org/W2027376813","https://openalex.org/W2046067623","https://openalex.org/W2072978486","https://openalex.org/W2086585882","https://openalex.org/W2087226776","https://openalex.org/W2089775132","https://openalex.org/W2092919558","https://openalex.org/W2103475742","https://openalex.org/W2112995928","https://openalex.org/W2115675703","https://openalex.org/W2121845793","https://openalex.org/W2126123233","https://openalex.org/W2127456326","https://openalex.org/W2130422196","https://openalex.org/W2133723082","https://openalex.org/W2143504694","https://openalex.org/W2164253698","https://openalex.org/W2185211012","https://openalex.org/W2217843339","https://openalex.org/W2283736639","https://openalex.org/W2398053170","https://openalex.org/W2399231848","https://openalex.org/W2408152660","https://openalex.org/W2484102177","https://openalex.org/W2952470631","https://openalex.org/W6606179964","https://openalex.org/W7000605267"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4285370786","https://openalex.org/W2296488620","https://openalex.org/W2358353312","https://openalex.org/W2098681705"],"abstract_inverted_index":{"Motivated":[0],"by":[1,184],"the":[2,8,108,111,123,133,137,161,179,185,191],"prevalence":[3],"of":[4,13,33,52,79,110,126,143,163,193,229],"OAuth-related":[5],"vulnerabilities":[6,35,47,89,213],"in":[7,36,75,94],"wild,":[9],"large-scale":[10,68,141],"security":[11,69,220],"testing":[12,43,63,100,142,196],"real-world":[14],"OAuth":[15,37,53,72,128,144,198,233],"2.0":[16,38,73,199],"implementations":[17,39,74,162],"have":[18,147],"received":[19],"increasing":[20],"attention":[21],"lately":[22],"[31,37,42].":[23],"However,":[24],"these":[25],"existing":[26,88,212],"works":[27],"either":[28],"rely":[29],"on":[30,197],"manual":[31,138],"discovery":[32],"new":[34,92,223],"or":[40],"perform":[41,66],"automated":[42,96],"for":[44,71,122,140,225],"specific,":[45],"previously-known":[46],"across":[48],"a":[49,226],"large":[50,227],"number":[51,228],"implementations.":[54,145],"In":[55],"this":[56],"work,":[57],"we":[58,159],"propose":[59],"an":[60,95],"adaptive":[61,194],"model-based":[62,195],"framework":[64],"to":[65,86,120,135,152,209],"automated,":[67],"assessments":[70],"practice.":[76],"Key":[77],"advantages":[78],"our":[80,154],"approach":[81],"include":[82],"(1)":[83],"its":[84,118],"ability":[85,119],"identify":[87,216],"and":[90,116,149,174,222],"discover":[91],"ones":[93],"manner;":[97],"(2)":[98],"improved":[99],"coverage":[101],"as":[102,168,170],"all":[103],"possible":[104],"execution":[105],"paths":[106],"within":[107],"scope":[109],"model":[112],"will":[113],"be":[114],"checked":[115],"(3)":[117],"cater":[121],"implementation":[124],"differences":[125],"practical":[127],"systems/":[129],"applications,":[130],"which":[131,177],"enables":[132],"analyst":[134],"offload":[136],"efforts":[139],"We":[146],"designed":[148],"implemented":[150],"OAuthTester":[151,205],"realize":[153],"proposed":[155],"framework.":[156],"Using":[157],"OAuthTester,":[158],"examine":[160],"4":[164],"major":[165],"Identity":[166],"Providers":[167],"well":[169],"500":[171],"top-ranked":[172],"US":[173],"Chinese":[175],"websites":[176],"use":[178],"OAuth-based":[180],"Single-Sign-On":[181],"service":[182],"provided":[183],"formers.":[186],"Our":[187],"empirical":[188],"findings":[189],"demonstrate":[190],"efficacy":[192],"deployments":[200],"at":[201],"scale.":[202],"More":[203],"importantly,":[204],"not":[206],"only":[207],"manages":[208],"rediscover":[210],"various":[211],"but":[214],"also":[215],"several":[217],"previously":[218],"unknown":[219],"flaws":[221],"exploits":[224],"eal-world":[230],"applications":[231],"implementing":[232],"2.0.":[234]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":2}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}