{"id":"https://openalex.org/W3015181157","doi":"https://doi.org/10.3233/jcs-191342","title":"Maybe tainted data: Theory and a case study","display_name":"Maybe tainted data: Theory and a case study","publication_year":2020,"publication_date":"2020-04-01","ids":{"openalex":"https://openalex.org/W3015181157","doi":"https://doi.org/10.3233/jcs-191342","mag":"3015181157"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-191342","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191342","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5019772090","display_name":"Christian Skalka","orcid":"https://orcid.org/0000-0002-0402-809X"},"institutions":[{"id":"https://openalex.org/I111236770","display_name":"University of Vermont","ror":"https://ror.org/0155zta11","country_code":"US","type":"education","lineage":["https://openalex.org/I111236770"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Christian Skalka","raw_affiliation_strings":["Department of Computer Science, University of Vermont, USA. E-mails:\u00a0,\u00a0","Department of Computer Science, University of Vermont, USA. E-mails:\u00a0ceskalka@uvm.edu,\u00a0samuel.clark@uvm.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Vermont, USA. E-mails:\u00a0,\u00a0","institution_ids":["https://openalex.org/I111236770"]},{"raw_affiliation_string":"Department of Computer Science, University of Vermont, USA. E-mails:\u00a0ceskalka@uvm.edu,\u00a0samuel.clark@uvm.edu","institution_ids":["https://openalex.org/I111236770"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020738225","display_name":"Sepehr Amir-Mohammadian","orcid":"https://orcid.org/0000-0002-2301-4283"},"institutions":[{"id":"https://openalex.org/I108541056","display_name":"Pacific University Oregon","ror":"https://ror.org/03g873n36","country_code":"US","type":"education","lineage":["https://openalex.org/I108541056"]},{"id":"https://openalex.org/I119942576","display_name":"University of the Pacific","ror":"https://ror.org/05ma4gw77","country_code":"US","type":"education","lineage":["https://openalex.org/I119942576"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sepehr Amir-Mohammadian","raw_affiliation_strings":["Department of Computer Science, University of the Pacific, USA. E-mail:\u00a0","Department of Computer Science, University of the Pacific, USA. E-mail:\u00a0samirmohammadian@pacific.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of the Pacific, USA. E-mail:\u00a0","institution_ids":["https://openalex.org/I108541056"]},{"raw_affiliation_string":"Department of Computer Science, University of the Pacific, USA. E-mail:\u00a0samirmohammadian@pacific.edu","institution_ids":["https://openalex.org/I119942576"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063372237","display_name":"Samuel J. Clark","orcid":"https://orcid.org/0000-0002-4929-6231"},"institutions":[{"id":"https://openalex.org/I111236770","display_name":"University of Vermont","ror":"https://ror.org/0155zta11","country_code":"US","type":"education","lineage":["https://openalex.org/I111236770"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Samuel Clark","raw_affiliation_strings":["Department of Computer Science, University of Vermont, USA. E-mails:\u00a0,\u00a0","Department of Computer Science, University of Vermont, USA. E-mails:\u00a0ceskalka@uvm.edu,\u00a0samuel.clark@uvm.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Vermont, USA. E-mails:\u00a0,\u00a0","institution_ids":["https://openalex.org/I111236770"]},{"raw_affiliation_string":"Department of Computer Science, University of Vermont, USA. E-mails:\u00a0ceskalka@uvm.edu,\u00a0samuel.clark@uvm.edu","institution_ids":["https://openalex.org/I111236770"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5019772090"],"corresponding_institution_ids":["https://openalex.org/I111236770"],"apc_list":null,"apc_paid":null,"fwci":0.544,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.72792546,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":"28","issue":"3","first_page":"295","last_page":"335"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9873999953269958,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8912190794944763},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5652570128440857},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.5473586916923523},{"id":"https://openalex.org/keywords/data-integrity","display_name":"Data integrity","score":0.5380539298057556},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.43483835458755493},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4254434406757355},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4162501096725464},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3412960171699524}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8912190794944763},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5652570128440857},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.5473586916923523},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.5380539298057556},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.43483835458755493},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4254434406757355},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4162501096725464},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3412960171699524},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3233/jcs-191342","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191342","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:scholarlycommons.pacific.edu:soecs-facarticles-1106","is_oa":false,"landing_page_url":"https://scholarlycommons.pacific.edu/soecs-facarticles/106","pdf_url":null,"source":{"id":"https://openalex.org/S4306400314","display_name":"Scholarly Commons (University of the Pacific)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I119942576","host_organization_name":"University of the Pacific","host_organization_lineage":["https://openalex.org/I119942576"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"All Faculty Articles - School of Engineering and Computer Science","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.46000000834465027,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":49,"referenced_works":["https://openalex.org/W72335960","https://openalex.org/W1497744324","https://openalex.org/W1534212008","https://openalex.org/W1569728954","https://openalex.org/W1699577049","https://openalex.org/W1821004526","https://openalex.org/W1963971515","https://openalex.org/W1976730071","https://openalex.org/W1977764760","https://openalex.org/W1989790414","https://openalex.org/W2002251314","https://openalex.org/W2008158744","https://openalex.org/W2012500378","https://openalex.org/W2033348393","https://openalex.org/W2036910349","https://openalex.org/W2049452590","https://openalex.org/W2066905287","https://openalex.org/W2107406536","https://openalex.org/W2116774218","https://openalex.org/W2120109169","https://openalex.org/W2122049982","https://openalex.org/W2129278597","https://openalex.org/W2132699727","https://openalex.org/W2138788987","https://openalex.org/W2145820326","https://openalex.org/W2145846275","https://openalex.org/W2157575657","https://openalex.org/W2157606397","https://openalex.org/W2161688581","https://openalex.org/W2162755110","https://openalex.org/W2165078378","https://openalex.org/W2189465261","https://openalex.org/W2285121019","https://openalex.org/W2381524979","https://openalex.org/W2464350869","https://openalex.org/W2474190571","https://openalex.org/W2518790240","https://openalex.org/W2536778960","https://openalex.org/W2539382385","https://openalex.org/W2604787077","https://openalex.org/W2625809717","https://openalex.org/W2745053513","https://openalex.org/W2773293699","https://openalex.org/W2997473338","https://openalex.org/W3088518643","https://openalex.org/W3136699861","https://openalex.org/W4231239798","https://openalex.org/W4232242439","https://openalex.org/W4250728693"],"related_works":["https://openalex.org/W1667647204","https://openalex.org/W2404647514","https://openalex.org/W4247536566","https://openalex.org/W2018477250","https://openalex.org/W3119814709","https://openalex.org/W4241418540","https://openalex.org/W1508895727","https://openalex.org/W2725786787","https://openalex.org/W4283160672","https://openalex.org/W1875930651"],"abstract_inverted_index":{"Dynamic":[0],"taint":[1,54,70,168,231],"analysis":[2,71],"is":[3,21,35,58,162,176,208,219,250],"often":[4,59],"used":[5,37],"as":[6,45,119],"a":[7,46,51,65,120,136,183],"defense":[8,22],"against":[9,23],"low-integrity":[10],"data":[11],"in":[12,28,38,50,61],"applications":[13],"with":[14,30,78,158,188,200,229,234],"untrusted":[15],"user":[16],"interfaces.":[17,32],"An":[18,213],"important":[19],"example":[20],"XSS":[24],"and":[25,41,100,104],"injection":[26],"attacks":[27],"programs":[29],"web":[31],"Data":[33],"sanitization":[34,57,77,88],"commonly":[36],"this":[39,112,129,248],"context,":[40],"can":[42,116],"be":[43,117],"treated":[44],"precondition":[47],"for":[48,72,91,102,135,143,167],"endorsement":[49,206],"dynamic":[52,68],"integrity":[53,69,160,181],"analysis.":[55,145,169],"However,":[56],"incomplete":[60],"practice.":[62],"We":[63,109,126],"develop":[64],"model":[66],"of":[67,87,155,165,173,179,215,238],"Java":[73],"that":[74,140,194,221,247],"addresses":[75],"imperfect":[76],"an":[79,163,235],"in-depth":[80,230],"approach.":[81],"To":[82],"avoid":[83],"false":[84],"positives,":[85],"results":[86,245],"are":[89,98],"endorsed":[90],"access":[92],"control":[93],"(aka":[94,106],"prospective":[95],"security),":[96],"but":[97],"tracked":[99],"logged":[101],"auditing":[103],"accountability":[105],"retrospective":[107],"security).":[108],"show":[110,246],"how":[111],"heterogeneous":[113],"prospective/retrospective":[114],"mechanism":[115],"specified":[118],"uniform":[121],"policy,":[122],"separate":[123],"from":[124],"code.":[125],"then":[127],"use":[128],"policy":[130],"to":[131,182,210],"establish":[132],"correctness":[133],"conditions":[134,147],"program":[137],"rewriting":[138,217],"algorithm":[139,218],"instruments":[141],"code":[142],"the":[144,153,177,223,239],"These":[146],"synergize":[148],"our":[149,174,216],"previous":[150,192],"work":[151,175],"on":[152],"semantics":[154],"audit":[156],"logging":[157],"explicit":[159,180],"which":[161,207],"analogue":[164],"noninterference":[166],"A":[170],"technical":[171],"contribution":[172],"extension":[178],"high-level":[184],"functional":[185],"language":[186],"setting":[187],"structured":[189],"data,":[190],"vs.":[191],"systems":[193],"only":[195],"address":[196,211],"low":[197],"level":[198],"languages":[199],"unstructured":[201],"data.":[202],"Our":[203,244],"approach":[204],"considers":[205],"crucial":[209],"sanitization.":[212],"implementation":[214],"presented":[220],"hardens":[222],"OpenMRS":[224],"medical":[225],"records":[226],"software":[227],"system":[228],"analysis,":[232],"along":[233],"empirical":[236],"evaluation":[237],"overhead":[240],"imposed":[241],"by":[242],"instrumentation.":[243],"instrumentation":[249],"practical.":[251]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1}],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}