{"id":"https://openalex.org/W2900152012","doi":"https://doi.org/10.1145/3290388","title":"LWeb: information flow security for multi-tier web applications","display_name":"LWeb: information flow security for multi-tier web applications","publication_year":2019,"publication_date":"2019-01-02","ids":{"openalex":"https://openalex.org/W2900152012","doi":"https://doi.org/10.1145/3290388","mag":"2900152012"},"language":"en","primary_location":{"id":"doi:10.1145/3290388","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3290388","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3290388","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3290388","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059759222","display_name":"James Parker","orcid":null},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"James Parker","raw_affiliation_strings":["University of Maryland, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland, USA","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078144924","display_name":"Niki Vazou","orcid":"https://orcid.org/0000-0003-0732-5476"},"institutions":[{"id":"https://openalex.org/I4210162154","display_name":"IMDEA Software","ror":"https://ror.org/04xvfkh51","country_code":"ES","type":"facility","lineage":["https://openalex.org/I105140100","https://openalex.org/I4210162154"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Niki Vazou","raw_affiliation_strings":["IMDEA Software Institute, Spain"],"affiliations":[{"raw_affiliation_string":"IMDEA Software Institute, Spain","institution_ids":["https://openalex.org/I4210162154"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5046625836","display_name":"Michael Hicks","orcid":"https://orcid.org/0000-0002-2759-9223"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Hicks","raw_affiliation_strings":["University of Maryland, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland, USA","institution_ids":["https://openalex.org/I66946132"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5059759222"],"corresponding_institution_ids":["https://openalex.org/I66946132"],"apc_list":null,"apc_paid":null,"fwci":2.8901,"has_fulltext":true,"cited_by_count":28,"citation_normalized_percentile":{"value":0.92781333,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"3","issue":"POPL","first_page":"1","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9850000143051147,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/haskell","display_name":"Haskell","score":0.8942887187004089},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8585693836212158},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.692557692527771},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.4952193796634674},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.45474904775619507},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.45379364490509033},{"id":"https://openalex.org/keywords/monad","display_name":"Monad (category theory)","score":0.42755216360092163},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.4175349473953247},{"id":"https://openalex.org/keywords/functional-programming","display_name":"Functional programming","score":0.33217287063598633},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.25004178285598755},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11947962641716003}],"concepts":[{"id":"https://openalex.org/C2780624054","wikidata":"https://www.wikidata.org/wiki/Q34010","display_name":"Haskell","level":3,"score":0.8942887187004089},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8585693836212158},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.692557692527771},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.4952193796634674},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.45474904775619507},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.45379364490509033},{"id":"https://openalex.org/C33959348","wikidata":"https://www.wikidata.org/wiki/Q1630568","display_name":"Monad (category theory)","level":3,"score":0.42755216360092163},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.4175349473953247},{"id":"https://openalex.org/C42383842","wikidata":"https://www.wikidata.org/wiki/Q193076","display_name":"Functional programming","level":2,"score":0.33217287063598633},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.25004178285598755},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11947962641716003},{"id":"https://openalex.org/C118615104","wikidata":"https://www.wikidata.org/wiki/Q121416","display_name":"Discrete mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C156772000","wikidata":"https://www.wikidata.org/wiki/Q864475","display_name":"Functor","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3290388","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3290388","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3290388","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:1901.07665","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1901.07665","pdf_url":"https://arxiv.org/pdf/1901.07665","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3290388","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3290388","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3290388","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6000000238418579,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G4293762969","display_name":null,"funder_award_id":"CNS-1801545","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4713059963","display_name":null,"funder_award_id":"FA8750","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G7679333351","display_name":null,"funder_award_id":"1801545","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8039803440","display_name":null,"funder_award_id":"FA8750-16-C-0022","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2900152012.pdf","grobid_xml":"https://content.openalex.org/works/W2900152012.grobid-xml"},"referenced_works_count":62,"referenced_works":["https://openalex.org/W1461884856","https://openalex.org/W1488890761","https://openalex.org/W1606774834","https://openalex.org/W1608712340","https://openalex.org/W1613776191","https://openalex.org/W1699577049","https://openalex.org/W1967845068","https://openalex.org/W1969883639","https://openalex.org/W1972999341","https://openalex.org/W1977764760","https://openalex.org/W1978267236","https://openalex.org/W2005421574","https://openalex.org/W2005525408","https://openalex.org/W2009775190","https://openalex.org/W2014950794","https://openalex.org/W2027961147","https://openalex.org/W2028705369","https://openalex.org/W2033178475","https://openalex.org/W2034527657","https://openalex.org/W2045900383","https://openalex.org/W2060493407","https://openalex.org/W2060710422","https://openalex.org/W2061056245","https://openalex.org/W2086234010","https://openalex.org/W2094873755","https://openalex.org/W2100233145","https://openalex.org/W2122049982","https://openalex.org/W2129592257","https://openalex.org/W2130427425","https://openalex.org/W2132185316","https://openalex.org/W2145653610","https://openalex.org/W2153684747","https://openalex.org/W2158126684","https://openalex.org/W2162022335","https://openalex.org/W2162283517","https://openalex.org/W2166510103","https://openalex.org/W2166743230","https://openalex.org/W2171182387","https://openalex.org/W2171239903","https://openalex.org/W2202148857","https://openalex.org/W2267469130","https://openalex.org/W2294395356","https://openalex.org/W2296133386","https://openalex.org/W2307994931","https://openalex.org/W2350778671","https://openalex.org/W2397565816","https://openalex.org/W2538446731","https://openalex.org/W2613920541","https://openalex.org/W2625599531","https://openalex.org/W2751092273","https://openalex.org/W2751848028","https://openalex.org/W2752188526","https://openalex.org/W2767258384","https://openalex.org/W2898994572","https://openalex.org/W3024337755","https://openalex.org/W3099049262","https://openalex.org/W3100118001","https://openalex.org/W3125985216","https://openalex.org/W4206358530","https://openalex.org/W4238764625","https://openalex.org/W4243963980","https://openalex.org/W4300948847"],"related_works":["https://openalex.org/W2754859507","https://openalex.org/W2319624920","https://openalex.org/W2112263414","https://openalex.org/W3004782279","https://openalex.org/W1911419940","https://openalex.org/W2466718051","https://openalex.org/W2373472360","https://openalex.org/W2995031344","https://openalex.org/W154014553","https://openalex.org/W2913635267"],"abstract_inverted_index":{"This":[0,114],"paper":[1],"presents":[2],"LWeb,":[3],"a":[4,17,46,132,164],"framework":[5],"for":[6],"enforcing":[7,72,78],"label-based,":[8],"information":[9],"flow":[10],"policies":[11,74],"in":[12,100,111,123],"database-using":[13],"web":[14,30,134],"applications.":[15],"In":[16],"nutshell,":[18],"LWeb":[19,99,103,129,162,198],"marries":[20],"the":[21,28,41,96,101,107,117,137,175,180,187,193],"LIO":[22,44],"Haskell":[23],"IFC":[24],"enforcement":[25],"library":[26],"with":[27],"Yesod":[29],"programming":[31,145],"framework.":[32],"The":[33,147],"implementation":[34],"has":[35],"two":[36],"parts.":[37],"First,":[38],"we":[39,59],"extract":[40],"core":[42,56],"of":[43,98,109,168,186,192],"into":[45],"monad":[47],"transformer":[48],"(LMonad)":[49],"and":[50,65,71,77,91,105,153,190],"then":[51],"apply":[52],"it":[53,143],"to":[54,68,130,157,171,183],"Yesod\u2019s":[55,61],"monad.":[57],"Second,":[58],"extend":[60],"table":[62],"definition":[63],"DSL":[64],"query":[66,81],"functionality":[67],"permit":[69],"defining":[70],"label-based":[73],"on":[75],"tables":[76,152],"them":[79],"during":[80],"processing.":[82],"LWeb\u2019s":[83],"policy":[84],"language":[85],"is":[86],"expressive,":[87],"permitting":[88],"dynamic":[89],"per-table":[90],"per-row":[92],"policies.":[93,155],"We":[94,126],"formalize":[95],"essence":[97],"\u03bb":[102],"calculus":[104],"mechanize":[106],"proof":[108,120],"noninterference":[110],"Liquid":[112,124],"Haskell.":[113,125],"mechanization":[115],"constitutes":[116],"first":[118],"metatheoretic":[119],"carried":[121],"out":[122],"also":[127],"used":[128],"build":[131],"substantial":[133],"site":[135,148],"hosting":[136],"Build":[138],"it,":[139,141],"Break":[140],"Fix":[142],"security-oriented":[144],"contest.":[146],"involves":[149],"40":[150],"data":[151],"sophisticated":[154],"Compared":[156],"manually":[158],"checking":[159],"security":[160],"policies,":[161],"imposes":[163],"modest":[165],"runtime":[166],"overhead":[167],"between":[169],"2%":[170],"21%.":[172],"It":[173],"reduces":[174],"trusted":[176],"code":[177,194],"base":[178],"from":[179],"whole":[181],"application":[182,188],"just":[184],"1%":[185],"code,":[189],"21%":[191],"overall":[195],"(when":[196],"counting":[197],"too).":[199]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}