{"id":"https://openalex.org/W4396758731","doi":"https://doi.org/10.1145/3589334.3645579","title":"Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis","display_name":"Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis","publication_year":2024,"publication_date":"2024-05-08","ids":{"openalex":"https://openalex.org/W4396758731","doi":"https://doi.org/10.1145/3589334.3645579"},"language":"en","primary_location":{"id":"doi:10.1145/3589334.3645579","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3589334.3645579","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3589334.3645579","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061569351","display_name":"Mikhail Shcherbakov","orcid":"https://orcid.org/0000-0002-2621-5179"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Mikhail Shcherbakov","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0000-0002-2621-5179","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077582473","display_name":"Paul Moosbrugger","orcid":"https://orcid.org/0009-0002-9111-2667"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Paul Moosbrugger","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0009-0002-9111-2667","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073362414","display_name":"Musard Balliu","orcid":"https://orcid.org/0000-0001-6005-5992"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Musard Balliu","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0000-0001-6005-5992","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I86987016"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1800","last_page":"1811"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.8612624406814575},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8037645816802979},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.7295600175857544},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6947686076164246},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6339606046676636},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5899443030357361},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.5307310223579407},{"id":"https://openalex.org/keywords/object","display_name":"Object (grammar)","score":0.4540988504886627},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4462135434150696},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4354555606842041},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4176555573940277},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.36264026165008545},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.08088940382003784},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.06325456500053406}],"concepts":[{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.8612624406814575},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8037645816802979},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.7295600175857544},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6947686076164246},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6339606046676636},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5899443030357361},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.5307310223579407},{"id":"https://openalex.org/C2781238097","wikidata":"https://www.wikidata.org/wiki/Q175026","display_name":"Object (grammar)","level":2,"score":0.4540988504886627},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4462135434150696},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4354555606842041},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4176555573940277},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.36264026165008545},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.08088940382003784},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.06325456500053406},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3589334.3645579","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3589334.3645579","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3589334.3645579","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3589334.3645579","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5899999737739563}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W40327287","https://openalex.org/W1969501726","https://openalex.org/W1987647365","https://openalex.org/W2069902027","https://openalex.org/W2151152024","https://openalex.org/W2162800072","https://openalex.org/W2258876169","https://openalex.org/W2350778671","https://openalex.org/W2591793539","https://openalex.org/W2765755114","https://openalex.org/W2788565238","https://openalex.org/W2790761820","https://openalex.org/W2804093830","https://openalex.org/W2898614297","https://openalex.org/W3040715571","https://openalex.org/W3046732376","https://openalex.org/W3095615032","https://openalex.org/W3194926883","https://openalex.org/W4385412470","https://openalex.org/W6948347007"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W2007597182","https://openalex.org/W2368911326","https://openalex.org/W2137424589","https://openalex.org/W4313563662"],"abstract_inverted_index":{"Prototype-based":[0],"languages":[1],"like":[2],"JavaScript":[3],"are":[4],"susceptible":[5],"to":[6,13,56],"prototype":[7],"pollution":[8],"vulnerabilities,":[9],"enabling":[10],"an":[11,18,46],"attacker":[12,22],"inject":[14],"arbitrary":[15,64],"properties":[16,29],"into":[17],"object's":[19],"prototype.":[20],"The":[21,43],"can":[23],"subsequently":[24],"capitalize":[25],"on":[26,50],"the":[27,51],"injected":[28],"by":[30],"executing":[31],"otherwise":[32],"benign":[33],"pieces":[34],"of":[35,45,53],"code,":[36],"so-called":[37],"gadgets,":[38,54],"that":[39],"perform":[40],"security-sensitive":[41],"operations.":[42],"success":[44],"attack":[47],"largely":[48],"depends":[49],"presence":[52],"leading":[55],"high-profile":[57],"exploits":[58],"such":[59],"as":[60],"privilege":[61],"escalation":[62],"and":[63],"code":[65],"execution":[66],"(ACE).":[67]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2026-07-15T18:14:33.161393","created_date":"2025-10-10T00:00:00"}
