{"id":"https://openalex.org/W4389164865","doi":"https://doi.org/10.1145/3611643.3613889","title":"Compositional Taint Analysis for Enforcing Security Policies at Scale","display_name":"Compositional Taint Analysis for Enforcing Security Policies at Scale","publication_year":2023,"publication_date":"2023-11-30","ids":{"openalex":"https://openalex.org/W4389164865","doi":"https://doi.org/10.1145/3611643.3613889"},"language":"en","primary_location":{"id":"doi:10.1145/3611643.3613889","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3611643.3613889","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613889","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613889","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013922094","display_name":"Subarno Banerjee","orcid":"https://orcid.org/0000-0001-5449-2264"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Subarno Banerjee","raw_affiliation_strings":["Amazon Web Services, Seattle, United States"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, United States","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022238214","display_name":"Siwei Cui","orcid":"https://orcid.org/0000-0002-0302-1064"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Siwei Cui","raw_affiliation_strings":["Texas A&amp;M University, College Station, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061209906","display_name":"Michael Emmi","orcid":"https://orcid.org/0009-0002-6283-5890"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Emmi","raw_affiliation_strings":["Amazon Web Services, Seattle, USA"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, USA","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083739081","display_name":"Antonio Filieri","orcid":"https://orcid.org/0000-0001-9646-646X"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Antonio Filieri","raw_affiliation_strings":["Amazon Web Services, Seattle, United States"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, United States","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010594542","display_name":"Liana Hadarean","orcid":"https://orcid.org/0009-0007-2146-7303"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Liana Hadarean","raw_affiliation_strings":["Amazon Web Services, Seattle, USA"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, USA","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107249782","display_name":"Peixuan Li","orcid":"https://orcid.org/0009-0005-9392-3481"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peixuan Li","raw_affiliation_strings":["Amazon Web Services, Seattle, United States"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, United States","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022152776","display_name":"Linghui Luo","orcid":"https://orcid.org/0000-0003-2054-0373"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Linghui Luo","raw_affiliation_strings":["Amazon Web Services, Berlin, Germany"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Berlin, Germany","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077569016","display_name":"Goran Piskachev","orcid":"https://orcid.org/0000-0003-4424-5838"},"institutions":[{"id":"https://openalex.org/I4210089985","display_name":"Amazon (Germany)","ror":"https://ror.org/00b9ktm87","country_code":"DE","type":"company","lineage":["https://openalex.org/I1311688040","https://openalex.org/I4210089985"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Goran Piskachev","raw_affiliation_strings":["Amazon Web Services, Berlin, Germany"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Berlin, Germany","institution_ids":["https://openalex.org/I4210089985"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083103482","display_name":"Nicol\u00e1s Rosner","orcid":"https://orcid.org/0000-0002-0742-8101"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nicol\u00e1s Rosner","raw_affiliation_strings":["Amazon Web Services, Seattle, USA"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, USA","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107243687","display_name":"Aritra Sengupta","orcid":"https://orcid.org/0000-0003-0138-9858"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aritra Sengupta","raw_affiliation_strings":["Amazon Web Services, Seattle, USA"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, USA","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056497737","display_name":"Omer Tripp","orcid":"https://orcid.org/0000-0002-2393-854X"},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Omer Tripp","raw_affiliation_strings":["Amazon Web Services, Seattle, United States"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services, Seattle, United States","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100456758","display_name":"Jingbo Wang","orcid":"https://orcid.org/0000-0001-5877-2677"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jingbo Wang","raw_affiliation_strings":["University of Southern California, Los Angeles, USA"],"affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, USA","institution_ids":["https://openalex.org/I1174212"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":12,"corresponding_author_ids":["https://openalex.org/A5013922094"],"corresponding_institution_ids":["https://openalex.org/I1311688040"],"apc_list":null,"apc_paid":null,"fwci":0.7924,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.72647241,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1985","last_page":"1996"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8362340927124023},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.7439008951187134},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.5925464034080505},{"id":"https://openalex.org/keywords/dataflow","display_name":"Dataflow","score":0.5779211521148682},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5698596239089966},{"id":"https://openalex.org/keywords/principle-of-compositionality","display_name":"Principle of compositionality","score":0.5640001893043518},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5614181756973267},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5343173146247864},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5109524130821228},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.47084590792655945},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.46742743253707886},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.4422215223312378},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.42491039633750916},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.39174652099609375},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.38177943229675293},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.34917354583740234},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.31678298115730286},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.20081698894500732}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8362340927124023},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.7439008951187134},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.5925464034080505},{"id":"https://openalex.org/C96324660","wikidata":"https://www.wikidata.org/wiki/Q205446","display_name":"Dataflow","level":2,"score":0.5779211521148682},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5698596239089966},{"id":"https://openalex.org/C121375916","wikidata":"https://www.wikidata.org/wiki/Q936559","display_name":"Principle of compositionality","level":2,"score":0.5640001893043518},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5614181756973267},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5343173146247864},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5109524130821228},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.47084590792655945},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.46742743253707886},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.4422215223312378},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.42491039633750916},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.39174652099609375},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.38177943229675293},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34917354583740234},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31678298115730286},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.20081698894500732},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3611643.3613889","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3611643.3613889","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613889","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:spiral.imperial.ac.uk:10044/1/107376","is_oa":false,"landing_page_url":"http://hdl.handle.net/10044/1/107376","pdf_url":null,"source":{"id":"https://openalex.org/S4306401396","display_name":"Spiral (Imperial College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I47508984","host_organization_name":"Imperial College London","host_organization_lineage":["https://openalex.org/I47508984"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)","raw_type":"Conference Paper"}],"best_oa_location":{"id":"doi:10.1145/3611643.3613889","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3611643.3613889","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3611643.3613889","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.47999998927116394,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4389164865.pdf","grobid_xml":"https://content.openalex.org/works/W4389164865.grobid-xml"},"referenced_works_count":25,"referenced_works":["https://openalex.org/W777621473","https://openalex.org/W1517071433","https://openalex.org/W1520648475","https://openalex.org/W1536098516","https://openalex.org/W1974608873","https://openalex.org/W2043100293","https://openalex.org/W2064296229","https://openalex.org/W2078197322","https://openalex.org/W2080573945","https://openalex.org/W2396234346","https://openalex.org/W2553375745","https://openalex.org/W2604520577","https://openalex.org/W2761352457","https://openalex.org/W2763994238","https://openalex.org/W2900044545","https://openalex.org/W2910404958","https://openalex.org/W2920740222","https://openalex.org/W2927576984","https://openalex.org/W2963900765","https://openalex.org/W2964232059","https://openalex.org/W3033653001","https://openalex.org/W3108350045","https://openalex.org/W4244726870","https://openalex.org/W4247889999","https://openalex.org/W4251075015"],"related_works":["https://openalex.org/W2005010039","https://openalex.org/W2127761335","https://openalex.org/W4226168309","https://openalex.org/W2972987610","https://openalex.org/W4290692412","https://openalex.org/W2016796784","https://openalex.org/W4212926335","https://openalex.org/W2101310246","https://openalex.org/W3213594138","https://openalex.org/W3140345960"],"abstract_inverted_index":{"Automated":[0],"static":[1],"dataflow":[2],"analysis":[3,29],"is":[4,31,39,76,112],"an":[5,28,77],"effective":[6],"technique":[7],"for":[8],"detecting":[9],"security":[10],"critical":[11],"issues":[12],"like":[13],"sensitive":[14],"data":[15],"leak,":[16],"and":[17,25,34,45,47],"vulnerability":[18],"to":[19,41,49,116,120],"injection":[20],"attacks.":[21],"Ensuring":[22],"high":[23,43],"precision":[24,44],"recall":[26,46],"requires":[27],"that":[30,128],"context,":[32],"field":[33],"object":[35],"sensitive.":[36],"However,":[37,110],"it":[38,111],"challenging":[40],"attain":[42],"scale":[48],"large":[50],"industrial":[51],"code":[52],"bases.":[53],"Compositional":[54],"style":[55],"analyses":[56,83,119],"in":[57,84,130],"which":[58],"individual":[59],"software":[60,102],"components":[61,103],"are":[62],"analyzed":[63],"separately,":[64],"independent":[65],"from":[66],"their":[67],"usage":[68],"contexts,":[69],"compute":[70],"reusable":[71],"summaries":[72],"of":[73,101,124],"components.":[74],"This":[75],"essential":[78],"feature":[79],"when":[80,90],"deploying":[81],"such":[82,118],"CI/CD":[85],"at":[86],"code-review":[87],"time":[88],"or":[89],"scanning":[91],"deployed":[92],"container":[93],"images.":[94],"In":[95],"both":[96],"these":[97],"settings":[98],"the":[99,105,122],"majority":[100],"stay":[104],"same":[106],"between":[107],"subsequent":[108],"scans.":[109],"not":[113],"obvious":[114],"how":[115],"extend":[117],"check":[121],"kind":[123],"contextual":[125],"taint":[126],"specifications":[127],"arise":[129],"practice,":[131],"while":[132],"maintaining":[133],"compositionality.":[134]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2023-12-01T00:00:00"}