{"id":"https://openalex.org/W2954688697","doi":"https://doi.org/10.1145/3338504.3357339","title":"An Empirical Study of Information Flows in Real-World JavaScript","display_name":"An Empirical Study of Information Flows in Real-World JavaScript","publication_year":2019,"publication_date":"2019-11-07","ids":{"openalex":"https://openalex.org/W2954688697","doi":"https://doi.org/10.1145/3338504.3357339","mag":"2954688697"},"language":"en","primary_location":{"id":"doi:10.1145/3338504.3357339","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338504.3357339","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1906.11507","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068174067","display_name":"Cristian-Alexandru Staicu","orcid":"https://orcid.org/0000-0002-6542-2226"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Cristian-Alexandru Staicu","raw_affiliation_strings":["TU Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"TU Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044906965","display_name":"Daniel Schoepe","orcid":"https://orcid.org/0009-0006-1187-9569"},"institutions":[{"id":"https://openalex.org/I66862912","display_name":"Chalmers University of Technology","ror":"https://ror.org/040wg7k59","country_code":"SE","type":"education","lineage":["https://openalex.org/I66862912"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Daniel Schoepe","raw_affiliation_strings":["Chalmers University of Technology, Gothenburg, Sweden","Chalmers University of Technology, Gothenburg, Sweden,"],"affiliations":[{"raw_affiliation_string":"Chalmers University of Technology, Gothenburg, Sweden","institution_ids":["https://openalex.org/I66862912"]},{"raw_affiliation_string":"Chalmers University of Technology, Gothenburg, Sweden,","institution_ids":["https://openalex.org/I66862912"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073362414","display_name":"Musard Balliu","orcid":"https://orcid.org/0000-0001-6005-5992"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Musard Balliu","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden","KTH Royal Institute of Technology,, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"KTH Royal Institute of Technology,, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013438083","display_name":"Michael Pradel","orcid":"https://orcid.org/0000-0003-1623-498X"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Pradel","raw_affiliation_strings":["TU Darmstadt, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"TU Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070340953","display_name":"Andrei Sabelfeld","orcid":null},"institutions":[{"id":"https://openalex.org/I66862912","display_name":"Chalmers University of Technology","ror":"https://ror.org/040wg7k59","country_code":"SE","type":"education","lineage":["https://openalex.org/I66862912"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Andrei Sabelfeld","raw_affiliation_strings":["Chalmers University of Technology, Gothenburg, Sweden","Chalmers University of Technology, Gothenburg, Sweden,"],"affiliations":[{"raw_affiliation_string":"Chalmers University of Technology, Gothenburg, Sweden","institution_ids":["https://openalex.org/I66862912"]},{"raw_affiliation_string":"Chalmers University of Technology, Gothenburg, Sweden,","institution_ids":["https://openalex.org/I66862912"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5068174067"],"corresponding_institution_ids":["https://openalex.org/I31512782"],"apc_list":null,"apc_paid":null,"fwci":0.289,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.65983939,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"45","last_page":"59"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8024286031723022},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6818109750747681},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5821632742881775},{"id":"https://openalex.org/keywords/information-flow","display_name":"Information flow","score":0.5813135504722595},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.5391336679458618},{"id":"https://openalex.org/keywords/unobtrusive-javascript","display_name":"Unobtrusive JavaScript","score":0.513738751411438},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.49202653765678406},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.46465864777565},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.17414772510528564},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.13018646836280823}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8024286031723022},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6818109750747681},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5821632742881775},{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.5813135504722595},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.5391336679458618},{"id":"https://openalex.org/C198240166","wikidata":"https://www.wikidata.org/wiki/Q2298909","display_name":"Unobtrusive JavaScript","level":4,"score":0.513738751411438},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.49202653765678406},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.46465864777565},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.17414772510528564},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.13018646836280823},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C103048170","wikidata":"https://www.wikidata.org/wiki/Q725485","display_name":"Rich Internet application","level":3,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1145/3338504.3357339","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338504.3357339","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1906.11507","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.11507","pdf_url":"https://arxiv.org/pdf/1906.11507","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:2954688697","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1906.11507v1","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"pmh:oai:research.chalmers.se:514371","is_oa":false,"landing_page_url":"https://research.chalmers.se/en/publication/514371","pdf_url":null,"source":{"id":"https://openalex.org/S4306402469","display_name":"Chalmers Research (Chalmers University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I66862912","host_organization_name":"Chalmers University of Technology","host_organization_lineage":["https://openalex.org/I66862912"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"doi:10.48550/arxiv.1906.11507","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1906.11507","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1906.11507","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.11507","pdf_url":"https://arxiv.org/pdf/1906.11507","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"score":0.7699999809265137,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2220875397","display_name":null,"funder_award_id":"ConcSys","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G6743243744","display_name":null,"funder_award_id":"unknown","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2954688697.pdf","grobid_xml":"https://content.openalex.org/works/W2954688697.grobid-xml"},"referenced_works_count":48,"referenced_works":["https://openalex.org/W114581357","https://openalex.org/W131515753","https://openalex.org/W1222699389","https://openalex.org/W1527571395","https://openalex.org/W1613776191","https://openalex.org/W1882297107","https://openalex.org/W1966175380","https://openalex.org/W1969883639","https://openalex.org/W1972524097","https://openalex.org/W1977764760","https://openalex.org/W1980800818","https://openalex.org/W1987647365","https://openalex.org/W1989081620","https://openalex.org/W1991074244","https://openalex.org/W1994197051","https://openalex.org/W1995290095","https://openalex.org/W1998180710","https://openalex.org/W2024811322","https://openalex.org/W2045726900","https://openalex.org/W2066195326","https://openalex.org/W2069307783","https://openalex.org/W2085939020","https://openalex.org/W2089745089","https://openalex.org/W2094873755","https://openalex.org/W2112459589","https://openalex.org/W2112736324","https://openalex.org/W2122049982","https://openalex.org/W2129278597","https://openalex.org/W2138788987","https://openalex.org/W2143546156","https://openalex.org/W2146717998","https://openalex.org/W2149969483","https://openalex.org/W2153684747","https://openalex.org/W2154564703","https://openalex.org/W2165304392","https://openalex.org/W2293688329","https://openalex.org/W2381524979","https://openalex.org/W2396919876","https://openalex.org/W2401617229","https://openalex.org/W2405282478","https://openalex.org/W2591793539","https://openalex.org/W2602351626","https://openalex.org/W2687548538","https://openalex.org/W2745053513","https://openalex.org/W2790761820","https://openalex.org/W2806253293","https://openalex.org/W4238033972","https://openalex.org/W6981202570"],"related_works":["https://openalex.org/W2987470874","https://openalex.org/W109885913","https://openalex.org/W2043780253","https://openalex.org/W2183129972","https://openalex.org/W3089611879","https://openalex.org/W3108176635","https://openalex.org/W2311146855","https://openalex.org/W3114232014","https://openalex.org/W2977630600","https://openalex.org/W2901979139","https://openalex.org/W2912742709","https://openalex.org/W2608535653","https://openalex.org/W2276839275","https://openalex.org/W3082727832","https://openalex.org/W2061039002","https://openalex.org/W4910581","https://openalex.org/W3086320449","https://openalex.org/W570189632","https://openalex.org/W2969018427","https://openalex.org/W2960091592"],"abstract_inverted_index":{"Information":[0],"flow":[1,31,145,230],"analysis":[2,27,146,176,221,231],"prevents":[3],"secret":[4],"or":[5,12],"untrusted":[6],"data":[7],"from":[8,24,118],"flowing":[9],"into":[10],"public":[11],"trusted":[13],"sinks.":[14],"Existing":[15],"mechanisms":[16],"cover":[17],"a":[18,62,141,148,173,241,245],"wide":[19],"array":[20],"of":[21,78,128,150,164,182,228],"options,":[22],"ranging":[23],"lightweight":[25,174],"taint":[26,175],"to":[28,53,89,98,160,177,223],"heavyweight":[29],"information":[30,144,229,238],"control":[32],"that":[33,110,116,155,205,236],"also":[34],"considers":[35],"implicit":[36,67,156,208],"flows.":[37,68,101],"Dynamic":[38],"analysis,":[39],"which":[40],"is":[41,97,138,194,244],"particularly":[42],"popular":[43],"for":[44,180,188],"languages":[45],"such":[46,122],"as":[47,123],"JavaScript,":[48],"faces":[49],"the":[50,72,183,225],"question":[51],"whether":[52],"invest":[54],"in":[55,81,106,162,240],"analyzing":[56,237],"flows":[57,79,87,157,209,239],"caused":[58],"by":[59],"not":[60,201],"executing":[61],"particular":[63],"branch,":[64],"so-called":[65],"hidden":[66,207],"This":[69],"paper":[70],"addresses":[71],"questions":[73,105],"how":[74,84,94],"common":[75],"different":[76],"kinds":[77],"are":[80,88,158],"real-world":[82,113],"programs,":[83],"important":[85],"these":[86,100,104],"enforce":[90],"security":[91,120,185,213,218],"policies,":[92],"and":[93,133,147,168,220,232],"costly":[95],"it":[96],"consider":[99],"We":[102,153,171],"address":[103],"an":[107],"empirical":[108,234],"study":[109,137],"analyzes":[111],"56":[112],"JavaScript":[114],"programs":[115],"suffer":[117],"various":[119],"problems,":[121,186],"code":[124],"injection":[125],"vulnerabilities,":[126,130],"denial":[127],"service":[129],"memory":[131],"leaks,":[132],"privacy":[134],"leaks.":[135],"The":[136],"based":[139],"on":[140],"state-of-the-art":[142],"dynamic":[143],"formalization":[149],"its":[151],"core.":[152],"find":[154,172,202],"expensive":[159],"track":[161],"terms":[163],"permissiveness,":[165],"label":[166],"creep,":[167],"runtime":[169],"overhead.":[170],"be":[178],"sufficient":[179],"most":[181],"studied":[184],"while":[187],"some":[189],"privacy-related":[190],"code,":[191],"observable":[192],"tracking":[193,206],"sometimes":[195],"required.":[196],"In":[197],"contrast,":[198],"we":[199],"do":[200],"any":[203],"evidence":[204,235],"reveals":[210],"otherwise":[211],"missed":[212],"problems.":[214],"Our":[215],"results":[216],"help":[217],"analysts":[219],"designers":[222],"understand":[224],"cost-benefit":[226],"tradeoffs":[227],"provide":[233],"cost-effective":[242],"way":[243],"relevant":[246],"problem.":[247]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-04-16T08:26:57.006410","created_date":"2025-10-10T00:00:00"}