{"id":"https://openalex.org/W4402526509","doi":"https://doi.org/10.1145/3679007.3685065","title":"Dynamic Possible Source Count Analysis for Data Leakage Prevention","display_name":"Dynamic Possible Source Count Analysis for Data Leakage Prevention","publication_year":2024,"publication_date":"2024-09-13","ids":{"openalex":"https://openalex.org/W4402526509","doi":"https://doi.org/10.1145/3679007.3685065"},"language":"en","primary_location":{"id":"doi:10.1145/3679007.3685065","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3679007.3685065","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075970941","display_name":"E.T. Ogawa","orcid":"https://orcid.org/0009-0009-8081-9641"},"institutions":[{"id":"https://openalex.org/I4210145865","display_name":"IBM Research - Tokyo","ror":"https://ror.org/04915qk43","country_code":"JP","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210145865"]},{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Eri Ogawa","raw_affiliation_strings":["The University of Tokyo, Tokyo, Japan / IBM Research, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo, Tokyo, Japan / IBM Research, Tokyo, Japan","institution_ids":["https://openalex.org/I4210145865","https://openalex.org/I74801974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059407520","display_name":"Tetsuro Yamazaki","orcid":"https://orcid.org/0000-0002-2065-5608"},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tetsuro Yamazaki","raw_affiliation_strings":["The University of Tokyo, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo, Tokyo, Japan","institution_ids":["https://openalex.org/I74801974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102797966","display_name":"Ryota Shioya","orcid":"https://orcid.org/0000-0002-9309-5875"},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Ryota Shioya","raw_affiliation_strings":["The University of Tokyo, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo, Tokyo, Japan","institution_ids":["https://openalex.org/I74801974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5075970941"],"corresponding_institution_ids":["https://openalex.org/I4210145865","https://openalex.org/I74801974"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.13357011,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"98","last_page":"111"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/count-data","display_name":"Count data","score":0.6838852167129517},{"id":"https://openalex.org/keywords/leakage","display_name":"Leakage (economics)","score":0.6661827564239502},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6156219244003296},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.19964441657066345},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.11158150434494019}],"concepts":[{"id":"https://openalex.org/C33643355","wikidata":"https://www.wikidata.org/wiki/Q5176731","display_name":"Count data","level":3,"score":0.6838852167129517},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.6661827564239502},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6156219244003296},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.19964441657066345},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.11158150434494019},{"id":"https://openalex.org/C139719470","wikidata":"https://www.wikidata.org/wiki/Q39680","display_name":"Macroeconomics","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C100906024","wikidata":"https://www.wikidata.org/wiki/Q205692","display_name":"Poisson distribution","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3679007.3685065","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3679007.3685065","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W1481952923","https://openalex.org/W1598083179","https://openalex.org/W1809063480","https://openalex.org/W1966973702","https://openalex.org/W1969275903","https://openalex.org/W1969883639","https://openalex.org/W1984435105","https://openalex.org/W1995290095","https://openalex.org/W1996256636","https://openalex.org/W2037017056","https://openalex.org/W2040867586","https://openalex.org/W2061640969","https://openalex.org/W2097151854","https://openalex.org/W2100666033","https://openalex.org/W2129482816","https://openalex.org/W2133217855","https://openalex.org/W2146717998","https://openalex.org/W2151135920","https://openalex.org/W2153684747","https://openalex.org/W2534034776","https://openalex.org/W2898614297","https://openalex.org/W2899752583","https://openalex.org/W3032434649","https://openalex.org/W3143236401","https://openalex.org/W4229813464","https://openalex.org/W4230176856","https://openalex.org/W4232955467","https://openalex.org/W4232973962","https://openalex.org/W4242789606","https://openalex.org/W4242958069","https://openalex.org/W4288400169","https://openalex.org/W4297927038","https://openalex.org/W4300420355","https://openalex.org/W4306406237","https://openalex.org/W4315746341","https://openalex.org/W4403507628"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2974887920","https://openalex.org/W4214644238","https://openalex.org/W2971731486","https://openalex.org/W31711046","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2910481370","https://openalex.org/W4396701345"],"abstract_inverted_index":{"Dynamic":[0,175],"Taint":[1],"Analysis":[2,179],"(DTA)":[3],"is":[4,26,62,90,96,188,235],"a":[5,27,50,124,145,189,242],"widely":[6],"studied":[7],"technique":[8],"that":[9,67,107,137,143,191,223,234,240],"can":[10,37,70,196,229],"effectively":[11,230],"detect":[12],"various":[13],"attacks":[14],"and":[15,54,74,114,141,157,173,205,238],"information":[16,23],"leakage.":[17],"In":[18],"the":[19,44,83,111,166,201,207,219,225],"context":[20],"of":[21,46,82,86,126,168,185,209,221],"detecting":[22],"leakage,":[24],"taint":[25,89],"flag":[28],"added":[29],"to":[30,32,119,133],"data":[31,36,48,57,61,79,95,151,211,222,233,239],"indicate":[33],"whether":[34],"secret":[35,56,94,112],"be":[38,197],"inferred":[39],"from":[40],"it.":[41],"DTA":[42],"tracks":[43,182,204],"flow":[45],"tainted":[47,60],"in":[49,77,149,154],"language":[51],"runtime":[52],"environment":[53],"identifies":[55],"leakage":[58],"when":[59],"transmitted":[63],"externally.":[64],"We":[65],"found":[66],"existing":[68,129],"DTAs":[69],"produce":[71],"false":[72,75,155,158],"negatives":[73],"positives":[76,156],"complex":[78,150],"flows":[80],"because":[81],"binary":[84],"nature":[85],"taint.":[87,186],"Since":[88],"binary,":[91],"meaning":[92],"either":[93],"inferable":[97],"(=1)":[98],"or":[99,121],"non-inferable":[100],"(=0),":[101],"it":[102],"cannot":[103],"represent":[104],"intermediate":[105],"states":[106,116],"may":[108],"slightly":[109],"infer":[110],"data,":[113],"these":[115],"are":[117,131,138],"quantized":[118],"0":[120],"1.":[122],"As":[123],"result":[125],"this":[127,162],"quantization,":[128],"methods":[130],"unable":[132],"distinguish":[134,231],"between":[135,232],"outputs":[136],"practically":[139,236],"secure":[140,237],"those":[142],"pose":[144],"real":[146],"security":[147,243],"threat":[148],"flows,":[152],"resulting":[153],"negatives.":[159],"To":[160],"address":[161],"problem,":[163],"we":[164],"introduce":[165],"concept":[167],"Possible":[169,176],"Source":[170],"Count":[171,178],"(PSC)":[172],"propose":[174],"source":[177],"(DPCA),":[180],"which":[181],"PSC":[183,187,208,220],"instead":[184],"metric":[190],"indicates":[192],"how":[193],"many":[194],"secrets":[195],"identified":[198],"by":[199],"observing":[200],"data.":[202],"DPCA":[203,228],"computes":[206],"each":[210],"item":[212],"using":[213],"dynamic":[214],"symbolic":[215],"execution.":[216],"By":[217],"evaluating":[218],"reaches":[224],"sink":[226],"point,":[227],"poses":[241],"threat.":[244]},"counts_by_year":[],"updated_date":"2025-12-21T23:12:01.093139","created_date":"2025-10-10T00:00:00"}