{"id":"https://openalex.org/W4280563401","doi":"https://doi.org/10.48550/arxiv.2205.06911","title":"Blockaid: Data Access Policy Enforcement for Web Applications","display_name":"Blockaid: Data Access Policy Enforcement for Web Applications","publication_year":2022,"publication_date":"2022-05-13","ids":{"openalex":"https://openalex.org/W4280563401","doi":"https://doi.org/10.48550/arxiv.2205.06911"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2205.06911","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2205.06911","pdf_url":"https://arxiv.org/pdf/2205.06911","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2205.06911","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101791753","display_name":"Wen Zhang","orcid":"https://orcid.org/0009-0007-3721-2882"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Zhang, Wen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069304487","display_name":"Eric Sheng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sheng, Eric","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101827388","display_name":"Michael Chang","orcid":"https://orcid.org/0000-0003-3063-6723"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chang, Michael","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073895064","display_name":"Aurojit Panda","orcid":"https://orcid.org/0000-0001-9664-4377"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Panda, Aurojit","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002512849","display_name":"Mooly Sagiv","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sagiv, Mooly","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5040529929","display_name":"Scott Shenker","orcid":"https://orcid.org/0000-0002-1357-7533"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shenker, Scott","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101791753"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.97079998254776,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9650999903678894,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.818275511264801},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.7692253589630127},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.5793759822845459},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5379899144172668},{"id":"https://openalex.org/keywords/data-access","display_name":"Data access","score":0.5090177059173584},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.49333086609840393},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.32902467250823975},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.22891181707382202}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.818275511264801},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.7692253589630127},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.5793759822845459},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5379899144172668},{"id":"https://openalex.org/C47487241","wikidata":"https://www.wikidata.org/wiki/Q5227230","display_name":"Data access","level":2,"score":0.5090177059173584},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.49333086609840393},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.32902467250823975},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.22891181707382202},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2205.06911","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2205.06911","pdf_url":"https://arxiv.org/pdf/2205.06911","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"doi:10.48550/arxiv.2205.06911","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2205.06911","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2205.06911","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2205.06911","pdf_url":"https://arxiv.org/pdf/2205.06911","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7200000286102295,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4226026301","https://openalex.org/W4360993851","https://openalex.org/W2099704814","https://openalex.org/W3046446793","https://openalex.org/W3125992077","https://openalex.org/W1580010780","https://openalex.org/W2138148318","https://openalex.org/W3121915999","https://openalex.org/W4252664052","https://openalex.org/W4251875448"],"abstract_inverted_index":{"Modern":[0],"web":[1,68,85,131],"applications":[2,132],"serve":[3],"large":[4],"amounts":[5],"of":[6],"sensitive":[7],"user":[8],"data,":[9],"access":[10],"to":[11,24,95],"which":[12],"is":[13,22,71,81,100],"typically":[14],"governed":[15],"by":[16],"data-access":[17],"policies.":[18],"Enforcing":[19],"such":[20],"policies":[21],"crucial":[23],"preventing":[25],"improper":[26],"data":[27],"access,":[28],"and":[29,80,102,115,117,138],"prior":[30,39],"work":[31],"has":[32],"proposed":[33],"many":[34],"enforcement":[35,74],"mechanisms.":[36],"However,":[37],"these":[38],"methods":[40],"either":[41],"alter":[42],"application":[43,58,78],"semantics":[44,79],"or":[45],"require":[46],"adopting":[47],"a":[48],"new":[49],"programming":[50],"model;":[51],"the":[52,61,92],"former":[53],"can":[54],"result":[55],"in":[56],"unexpected":[57],"behavior,":[59],"while":[60,133],"latter":[62],"cannot":[63],"be":[64],"used":[65],"with":[66,83],"existing":[67,84,130],"frameworks.":[69,86],"Blockaid":[70,128],"an":[72],"access-policy":[73],"system":[75],"that":[76,97,105,127],"preserves":[77],"compatible":[82],"It":[87,108],"intercepts":[88],"database":[89],"queries":[90,104],"from":[91],"application,":[93],"attempts":[94],"verify":[96],"each":[98],"query":[99],"policy-compliant,":[101],"blocks":[103],"are":[106],"not.":[107],"verifies":[109],"policy":[110],"compliance":[111,120],"using":[112],"SMT":[113],"solvers":[114],"generalizes":[116],"caches":[118],"previous":[119],"decisions":[121],"for":[122],"better":[123],"performance.":[124],"We":[125],"show":[126],"supports":[129],"requiring":[134],"minimal":[135],"code":[136],"changes":[137],"adding":[139],"only":[140],"modest":[141],"overheads.":[142]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":2}],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2025-10-10T00:00:00"}