{"id":"https://openalex.org/W4383221452","doi":"https://doi.org/10.1145/3579856.3590330","title":"BinWrap: Hybrid Protection against Native Node.js Add-ons","display_name":"BinWrap: Hybrid Protection against Native Node.js Add-ons","publication_year":2023,"publication_date":"2023-07-05","ids":{"openalex":"https://openalex.org/W4383221452","doi":"https://doi.org/10.1145/3579856.3590330"},"language":"en","primary_location":{"id":"doi:10.1145/3579856.3590330","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3579856.3590330","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3590330","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3590330","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101957387","display_name":"George Christou","orcid":null},"institutions":[{"id":"https://openalex.org/I4210121775","display_name":"FORTH Institute of Computer Science","ror":"https://ror.org/02tf48g55","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210121775","https://openalex.org/I8901234"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"George Christou","raw_affiliation_strings":["FORTH-ICS, Greece"],"affiliations":[{"raw_affiliation_string":"FORTH-ICS, Greece","institution_ids":["https://openalex.org/I4210121775"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073682091","display_name":"Grigoris Ntousakis","orcid":"https://orcid.org/0000-0003-1158-3056"},"institutions":[{"id":"https://openalex.org/I25055547","display_name":"Hellenic American University","ror":"https://ror.org/0423r3m86","country_code":"US","type":"education","lineage":["https://openalex.org/I25055547"]},{"id":"https://openalex.org/I27804330","display_name":"Brown University","ror":"https://ror.org/05gq02987","country_code":"US","type":"education","lineage":["https://openalex.org/I27804330"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Grigoris Ntousakis","raw_affiliation_strings":["Brown University, United States of America and TU Crete, Greece"],"affiliations":[{"raw_affiliation_string":"Brown University, United States of America and TU Crete, Greece","institution_ids":["https://openalex.org/I25055547","https://openalex.org/I27804330"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083947224","display_name":"Eric Lahtinen","orcid":"https://orcid.org/0009-0003-9792-7354"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Eric Lahtinen","raw_affiliation_strings":["Aarno Labs, United States of America"],"affiliations":[{"raw_affiliation_string":"Aarno Labs, United States of America","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022073151","display_name":"Sotiris Ioannidis","orcid":"https://orcid.org/0000-0001-9340-2241"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sotiris Ioannidis","raw_affiliation_strings":["TU Crete, Greece and FORTH-ICS, Greece"],"affiliations":[{"raw_affiliation_string":"TU Crete, Greece and FORTH-ICS, Greece","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006944216","display_name":"Vasileios P. Kemerlis","orcid":"https://orcid.org/0000-0002-6528-437X"},"institutions":[{"id":"https://openalex.org/I175594653","display_name":"John Brown University","ror":"https://ror.org/02ct41q97","country_code":"US","type":"education","lineage":["https://openalex.org/I175594653"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vasileios P. Kemerlis","raw_affiliation_strings":["Brown University, United States of America"],"affiliations":[{"raw_affiliation_string":"Brown University, United States of America","institution_ids":["https://openalex.org/I175594653"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034441711","display_name":"Nikos Vasilakis","orcid":"https://orcid.org/0000-0001-7347-298X"},"institutions":[{"id":"https://openalex.org/I175594653","display_name":"John Brown University","ror":"https://ror.org/02ct41q97","country_code":"US","type":"education","lineage":["https://openalex.org/I175594653"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nikos Vasilakis","raw_affiliation_strings":["Brown University, USA"],"affiliations":[{"raw_affiliation_string":"Brown University, USA","institution_ids":["https://openalex.org/I175594653"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101957387"],"corresponding_institution_ids":["https://openalex.org/I4210121775"],"apc_list":null,"apc_paid":null,"fwci":1.2075,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.82985068,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"429","last_page":"442"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9824000000953674,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.8623844385147095},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8382908701896667},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5231212973594666},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.488591730594635},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.485835999250412},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.4573904275894165},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43917882442474365},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.417648583650589},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.37946105003356934}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.8623844385147095},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8382908701896667},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5231212973594666},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.488591730594635},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.485835999250412},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.4573904275894165},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43917882442474365},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.417648583650589},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.37946105003356934},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3579856.3590330","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3579856.3590330","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3590330","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3579856.3590330","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3579856.3590330","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3590330","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G12811887","display_name":null,"funder_award_id":"958478, 883540","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"},{"id":"https://openalex.org/G1692276411","display_name":null,"funder_award_id":"HR001120C0191","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G2314275188","display_name":"Towards a Sophisticated SIEM Marketplace for Blockchain-based Threat Intelligence and Security-as-a-Service","funder_award_id":"883540","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G4956428346","display_name":null,"funder_award_id":"Horizon 2020 research and innovatio","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G5036817778","display_name":null,"funder_award_id":"European Union's Horizon 2020 research and innov","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G7900376265","display_name":null,"funder_award_id":"HR001120C0191, HR001120C0155","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G804146523","display_name":null,"funder_award_id":"CNS-2238467","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8318064016","display_name":null,"funder_award_id":"Horizon","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8441874136","display_name":null,"funder_award_id":"958478","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8633428685","display_name":null,"funder_award_id":"European Union's Horizon 2020 research and innovat","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8919204292","display_name":null,"funder_award_id":"HR001120C0155","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320332815","display_name":"Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4383221452.pdf","grobid_xml":"https://content.openalex.org/works/W4383221452.grobid-xml"},"referenced_works_count":14,"referenced_works":["https://openalex.org/W2039999720","https://openalex.org/W2774510177","https://openalex.org/W2792952820","https://openalex.org/W2939057911","https://openalex.org/W2947243817","https://openalex.org/W2978757628","https://openalex.org/W3015513242","https://openalex.org/W3092347617","https://openalex.org/W3181370975","https://openalex.org/W3194460284","https://openalex.org/W4235202118","https://openalex.org/W4298112463","https://openalex.org/W4402262144","https://openalex.org/W6768779726"],"related_works":["https://openalex.org/W2374086689","https://openalex.org/W3176279093","https://openalex.org/W2373945265","https://openalex.org/W17155033","https://openalex.org/W2370203001","https://openalex.org/W1912565424","https://openalex.org/W4246410201","https://openalex.org/W1968505275","https://openalex.org/W2959939328","https://openalex.org/W2781863720"],"abstract_inverted_index":{"Modern":[0],"applications,":[1],"written":[2],"in":[3],"high-level":[4,41],"programming":[5],"languages,":[6],"enjoy":[7],"the":[8,26,35,40,52,57,64,116,121],"security":[9,36],"benefits":[10],"of":[11,28,60,115,136,145],"memory":[12],"and":[13,43,83,97,130,163],"type":[14],"safety.":[15],"Unfortunately,":[16],"even":[17],"a":[18,49,71,80,94,101,134,142],"single":[19],"memory-unsafe":[20],"library":[21],"can":[22],"wreak":[23],"havoc":[24],"on":[25,107],"rest":[27],"an":[29,165],"otherwise":[30],"safe":[31],"application,":[32],"nullifying":[33],"all":[34,92,113],"guarantees":[37],"offered":[38],"by":[39],"language":[42],"its":[44,84,128],"managed":[45],"runtime.":[46],"We":[47,119],"perform":[48],"study":[50],"across":[51],"Node.js":[53],"ecosystem":[54],"to":[55,109,141,156],"understand":[56],"use":[58],"patterns":[59],"binary":[61,81,129],"add-ons.":[62],"Taking":[63],"identified":[65],"trends":[66],"into":[67],"account,":[68],"we":[69,148],"propose":[70],"new":[72],"hybrid":[73,102],"permission":[74,88,123],"model":[75,89],"aimed":[76],"at":[77],"protecting":[78],"both":[79,127],"add-on":[82,96],"language-specific":[85],"wrapper.":[86],"The":[87],"is":[90,98],"applied":[91],"around":[93],"native":[95,117,146],"enforced":[99],"through":[100],"language-binary":[103],"scheme":[104],"that":[105,150,167],"interposes":[106],"accesses":[108],"sensitive":[110,157],"resources":[111],"from":[112],"parts":[114],"library.":[118],"infer":[120],"add-on\u2019s":[122],"set":[124,135],"automatically":[125],"over":[126],"JavaScript":[131],"sides,":[132],"via":[133],"novel":[137],"program":[138],"analyses.":[139],"Applied":[140],"wide":[143],"variety":[144],"add-ons,":[147],"show":[149],"our":[151],"framework,":[152],"BinWrap,":[153],"reduces":[154],"access":[155],"resources,":[158],"defends":[159],"against":[160],"real-world":[161],"exploits,":[162],"imposes":[164],"overhead":[166],"ranges":[168],"between":[169],"0.71%\u201310.4%.":[170]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}