{"id":"https://openalex.org/W3000788914","doi":"https://doi.org/10.1145/3341105.3373855","title":"Raccoon: automated verification of guarded race conditions in web applications","display_name":"Raccoon: automated verification of guarded race conditions in web applications","publication_year":2020,"publication_date":"2020-03-30","ids":{"openalex":"https://openalex.org/W3000788914","doi":"https://doi.org/10.1145/3341105.3373855","mag":"3000788914"},"language":"en","primary_location":{"id":"mag:3000788914","is_oa":false,"landing_page_url":"https://dblp.uni-trier.de/db/conf/sac/sac2020.html#KochSJP20","pdf_url":null,"source":{"id":"https://openalex.org/S4306417581","display_name":"ACM Symposium on Applied Computing","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":"ACM Symposium on Applied Computing","raw_type":null},"type":"article","indexed_in":[],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038164971","display_name":"Simon Koch","orcid":"https://orcid.org/0000-0002-7638-4982"},"institutions":[{"id":"https://openalex.org/I94509681","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66","country_code":"DE","type":"education","lineage":["https://openalex.org/I94509681"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Simon Koch","raw_affiliation_strings":["TU Braunschweig , Braunschweig , Germany"],"raw_orcid":"https://orcid.org/0000-0002-7638-4982","affiliations":[{"raw_affiliation_string":"TU Braunschweig , Braunschweig , Germany","institution_ids":["https://openalex.org/I94509681"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029217710","display_name":"Timothy Sauer","orcid":"https://orcid.org/0000-0002-8501-8722"},"institutions":[{"id":"https://openalex.org/I94509681","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66","country_code":"DE","type":"education","lineage":["https://openalex.org/I94509681"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Timothy Sauer","raw_affiliation_strings":["TU Braunschweig , Braunschweig , Germany"],"raw_orcid":"https://orcid.org/0000-0002-8501-8722","affiliations":[{"raw_affiliation_string":"TU Braunschweig , Braunschweig , Germany","institution_ids":["https://openalex.org/I94509681"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002067855","display_name":"Martin Johns","orcid":"https://orcid.org/0000-0003-2574-5060"},"institutions":[{"id":"https://openalex.org/I94509681","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66","country_code":"DE","type":"education","lineage":["https://openalex.org/I94509681"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Martin Johns","raw_affiliation_strings":["TU Braunschweig , Braunschweig , Germany"],"raw_orcid":"https://orcid.org/0000-0003-2574-5060","affiliations":[{"raw_affiliation_string":"TU Braunschweig , Braunschweig , Germany","institution_ids":["https://openalex.org/I94509681"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087556256","display_name":"Giancarlo Pellegrino","orcid":"https://orcid.org/0009-0007-6223-8945"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Giancarlo Pellegrino","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"],"raw_orcid":"https://orcid.org/0009-0007-6223-8945","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9904,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.75397828,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1678","last_page":"1687"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9822999835014343,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8193622827529907},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.7922828197479248},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.6311181783676147},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5916882157325745},{"id":"https://openalex.org/keywords/interleaving","display_name":"Interleaving","score":0.5856747031211853},{"id":"https://openalex.org/keywords/asynchronous-communication","display_name":"Asynchronous communication","score":0.5715659856796265},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.4348020553588867},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.42945927381515503},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.41483333706855774},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.37076812982559204},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3190913796424866},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.29429638385772705},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.2900269627571106},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.18078911304473877},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11804023385047913}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8193622827529907},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.7922828197479248},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.6311181783676147},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5916882157325745},{"id":"https://openalex.org/C28034677","wikidata":"https://www.wikidata.org/wiki/Q17092530","display_name":"Interleaving","level":2,"score":0.5856747031211853},{"id":"https://openalex.org/C151319957","wikidata":"https://www.wikidata.org/wiki/Q752739","display_name":"Asynchronous communication","level":2,"score":0.5715659856796265},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.4348020553588867},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.42945927381515503},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.41483333706855774},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.37076812982559204},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3190913796424866},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.29429638385772705},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.2900269627571106},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.18078911304473877},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11804023385047913},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.0},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"mag:3000788914","is_oa":false,"landing_page_url":"https://dblp.uni-trier.de/db/conf/sac/sac2020.html#KochSJP20","pdf_url":null,"source":{"id":"https://openalex.org/S4306417581","display_name":"ACM Symposium on Applied Computing","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":"ACM Symposium on Applied Computing","raw_type":null}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7099999785423279,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1501456447","https://openalex.org/W2052987550","https://openalex.org/W2127456326","https://openalex.org/W2147874879","https://openalex.org/W2158326123","https://openalex.org/W2538793708","https://openalex.org/W2613747361","https://openalex.org/W2752602409"],"related_works":["https://openalex.org/W1501456447","https://openalex.org/W2618852163","https://openalex.org/W1963718849","https://openalex.org/W1505465226","https://openalex.org/W2156370972","https://openalex.org/W2039146868","https://openalex.org/W2025268205","https://openalex.org/W2761769434","https://openalex.org/W2766898821","https://openalex.org/W2919602801","https://openalex.org/W2173013550","https://openalex.org/W2209872464","https://openalex.org/W2069268700","https://openalex.org/W2951199893","https://openalex.org/W2337540898","https://openalex.org/W2037068142","https://openalex.org/W1973593263","https://openalex.org/W2517814849","https://openalex.org/W2071751474","https://openalex.org/W2265444728"],"abstract_inverted_index":{"Web":[0],"applications":[1,5,32,125],"are":[2,13],"distributed,":[3],"asynchronous":[4],"that":[6,39,171],"can":[7],"span":[8],"multiple":[9],"concurrent":[10,29],"processes.":[11],"They":[12],"intended":[14],"to":[15,34,81,160],"be":[16],"used":[17],"by":[18],"a":[19,115,163],"large":[20],"amount":[21],"of":[22,99,117],"users":[23],"at":[24],"the":[25,105,156],"same":[26],"time.":[27],"As":[28],"applications,":[30],"web":[31,89,124],"have":[33,61],"account":[35],"for":[36],"race":[37,58,85,94,133],"conditions":[38,95,134],"may":[40],"occur":[41],"when":[42],"database":[43,107,148],"access":[44],"happens":[45],"concurrently.":[46],"Unlike":[47],"vulnerability":[48],"classes,":[49],"such":[50],"as":[51],"XSS":[52],"or":[53,147],"SQL":[54],"Injection,":[55],"dbms":[56],"based":[57],"condition":[59,86],"flaws":[60],"received":[62],"little":[63],"attention":[64],"even":[65],"though":[66],"their":[67],"impact":[68],"is":[69],"potentially":[70],"severe.":[71],"In":[72],"this":[73],"paper,":[74],"we":[75,113],"present":[76],"Raccoon,":[77],"an":[78],"automated":[79],"approach":[80],"detect":[82],"and":[83,126,130],"verify":[84,174],"vulnerabilities":[87],"in":[88,154],"application.":[90],"Raccoon":[91,138,167],"identifies":[92],"potential":[93],"through":[96],"interleaving":[97],"execution":[98],"user":[100],"traces":[101],"while":[102,150],"tightly":[103],"monitoring":[104],"resulting":[106],"activity.":[108],"Based":[109],"on":[110],"our":[111],"methodology":[112],"create":[114],"proof":[116],"concept":[118],"implementation.":[119],"We":[120],"test":[121],"four":[122],"different":[123],"ten":[127],"use":[128],"cases":[129],"discover":[131],"six":[132],"with":[135],"security":[136,141],"implications.":[137],"requires":[139],"neither":[140],"expertise":[142],"nor":[143],"knowledge":[144],"about":[145],"implementation":[146],"layout,":[149],"only":[151],"reporting":[152],"vulnerabilities,":[153],"which":[155],"tool":[157],"was":[158],"able":[159],"successfully":[161],"replicate":[162],"practical":[164],"attack.":[165],"Thus,":[166],"complements":[168],"previous":[169],"approaches":[170],"did":[172],"not":[173],"detected":[175],"possible":[176],"vulnerabilities.":[177]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}