{"id":"https://openalex.org/W3013946938","doi":"https://doi.org/10.5220/0009371207840795","title":"Verifying Sanitizer Correctness through Black-Box Learning: A Symbolic Finite Transducer Approach","display_name":"Verifying Sanitizer Correctness through Black-Box Learning: A Symbolic Finite Transducer Approach","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3013946938","doi":"https://doi.org/10.5220/0009371207840795","mag":"3013946938"},"language":"en","primary_location":{"id":"doi:10.5220/0009371207840795","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0009371207840795","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th International Conference on Information Systems Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.5220/0009371207840795","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005542869","display_name":"Sophie Lathouwers","orcid":"https://orcid.org/0000-0002-7544-447X"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Sophie Lathouwers","raw_affiliation_strings":["Formal Methods and Tools, University of Twente, Enschede, The Netherlands, --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Formal Methods and Tools, University of Twente, Enschede, The Netherlands, --- Select a Country ---","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090771774","display_name":"Maarten H. Everts","orcid":null},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Maarten Everts","raw_affiliation_strings":["Services and Cybersecurity, University of Twente & TNO, Enschede, The Netherlands, --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Services and Cybersecurity, University of Twente & TNO, Enschede, The Netherlands, --- Select a Country ---","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5045181048","display_name":"Marieke Huisman","orcid":"https://orcid.org/0000-0003-4467-072X"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Marieke Huisman","raw_affiliation_strings":["Formal Methods and Tools, University of Twente, Enschede, The Netherlands, --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Formal Methods and Tools, University of Twente, Enschede, The Netherlands, --- Select a Country ---","institution_ids":["https://openalex.org/I94624287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5005542869"],"corresponding_institution_ids":["https://openalex.org/I94624287"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.03920995,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"784","last_page":"795"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9916999936103821,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.8601961135864258},{"id":"https://openalex.org/keywords/hand-sanitizer","display_name":"Hand sanitizer","score":0.7595049142837524},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.743627667427063},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6567014455795288},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.5156837701797485},{"id":"https://openalex.org/keywords/string","display_name":"String (physics)","score":0.5088289380073547},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.49425530433654785},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.41593778133392334},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.37838461995124817},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3503261208534241},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.1733609139919281}],"concepts":[{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.8601961135864258},{"id":"https://openalex.org/C143432726","wikidata":"https://www.wikidata.org/wiki/Q520181","display_name":"Hand sanitizer","level":2,"score":0.7595049142837524},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.743627667427063},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6567014455795288},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.5156837701797485},{"id":"https://openalex.org/C157486923","wikidata":"https://www.wikidata.org/wiki/Q1376436","display_name":"String (physics)","level":2,"score":0.5088289380073547},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.49425530433654785},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.41593778133392334},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.37838461995124817},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3503261208534241},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.1733609139919281},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.0},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.0},{"id":"https://openalex.org/C37914503","wikidata":"https://www.wikidata.org/wiki/Q156495","display_name":"Mathematical physics","level":1,"score":0.0},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.5220/0009371207840795","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0009371207840795","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th International Conference on Information Systems Security and Privacy","raw_type":"proceedings-article"},{"id":"pmh:oai:ris.utwente.nl:openaire_cris_publications/96fcbbf3-e78e-4814-8ffa-dd5a2b9b12fb","is_oa":false,"landing_page_url":"https://research.utwente.nl/en/publications/96fcbbf3-e78e-4814-8ffa-dd5a2b9b12fb","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lathouwers, S, Everts, M & Huisman, M 2020, Verifying Sanitizer Correctness through Black-Box Learning : A Symbolic Finite Transducer Approach. in S Furnell, P Mori, E Weippl & O Camp (eds), Proceedings of the 6th International Conference on Information Systems Security and Privacy : Volume 1: ForSE. SCITEPRESS, pp. 784-795. https://doi.org/10.5220/0009371207840795","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:oai-pmh.tno.nl:51181","is_oa":false,"landing_page_url":"https://resolver.tno.nl/uuid:bbc2201f-deaa-4831-9498-05f2933fb4ff","pdf_url":null,"source":{"id":"https://openalex.org/S7407055233","display_name":"TNO Repository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"},{"id":"pmh:oai:tudelft.nl:uuid:bbc2201f-deaa-4831-9498-05f2933fb4ff","is_oa":false,"landing_page_url":"http://resolver.tudelft.nl/uuid:bbc2201f-deaa-4831-9498-05f2933fb4ff","pdf_url":null,"source":{"id":"https://openalex.org/S4306402238","display_name":"Repository hosted by TU Delft Library (TU Delft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I98358874","host_organization_name":"Delft University of Technology","host_organization_lineage":["https://openalex.org/I98358874"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy, 6th International Conference on Information Systems Security and Privacy, ICISSP 2020, 25 February 2020 through 27 February 2020, 784-795","raw_type":"article"}],"best_oa_location":{"id":"doi:10.5220/0009371207840795","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0009371207840795","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 6th International Conference on Information Systems Security and Privacy","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Partnerships for the goals","score":0.4000000059604645,"id":"https://metadata.un.org/sdg/17"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1505875330","https://openalex.org/W1529010373","https://openalex.org/W1584684441","https://openalex.org/W1769343819","https://openalex.org/W1917555234","https://openalex.org/W1989445634","https://openalex.org/W1990467226","https://openalex.org/W2095851690","https://openalex.org/W2105242166","https://openalex.org/W2111487235","https://openalex.org/W2138124253","https://openalex.org/W2296086774","https://openalex.org/W2512416592","https://openalex.org/W2600860451","https://openalex.org/W2629288864","https://openalex.org/W2890425577","https://openalex.org/W3147903118"],"related_works":["https://openalex.org/W4210502197","https://openalex.org/W4366502726","https://openalex.org/W2023038964","https://openalex.org/W2075358766","https://openalex.org/W2150889667","https://openalex.org/W4392079573","https://openalex.org/W4233984944","https://openalex.org/W3190536237","https://openalex.org/W195300121","https://openalex.org/W2017602249"],"abstract_inverted_index":{"String":[0],"sanitizers":[1,28,167],"are":[2,29,140],"widely":[3],"used":[4],"functions":[5],"for":[6],"preventing":[7],"injection":[8],"attacks":[9],"such":[10,26,95],"as":[11],"SQL":[12],"injections":[13],"and":[14,50,90,187],"cross-site":[15],"scripting":[16],"(XSS).":[17],"It":[18],"is":[19],"therefore":[20],"crucial":[21],"that":[22,78,139,158],"the":[23,48,57,66,69,107,121,124,133,143,163,177],"implementations":[24],"of":[25,47,56,65,68,112,154,165,171],"string":[27],"correct.":[30],"We":[31,145],"present":[32],"a":[33,39,45,54,63,74,80,96,113,118,127,169],"novel":[34],"approach":[35],"to":[36,53,93,100,176],"reason":[37,131,161],"about":[38,132,162],"sanitizer's":[40],"correctness":[41,164],"by":[42,142,183],"automatically":[43,61],"generating":[44],"model":[46,55,64],"implementation":[49,67],"comparing":[51],"it":[52,159],"expected":[58],"behaviour.":[59],"To":[60],"derive":[62,94],"sanitizer,":[70],"this":[71,148],"paper":[72],"introduces":[73],"black-box":[75,86],"learning":[76],"algorithm":[77,87,149],"derives":[79],"Symbolic":[81],"Finite":[82],"Transducer":[83],"(SFT).":[84],"This":[85],"uses":[88],"membership":[89],"equivalence":[91],"oracles":[92],"model.":[97],"In":[98],"contrast":[99],"earlier":[101],"research,":[102],"SFTs":[103],"not":[104],"only":[105],"describe":[106],"input":[108,122,136],"or":[109],"output":[110,138],"language":[111],"sanitizer":[114,119],"but":[115],"also":[116],"how":[117],"transforms":[120],"into":[123,137],"output.":[125],"As":[126],"result,":[128],"we":[129,156],"can":[130,160],"transformations":[134],"from":[135],"performed":[141],"sanitizer.":[144],"have":[146],"implemented":[147],"in":[150],"an":[151],"open-source":[152],"tool":[153],"which":[155],"show":[157],"non-trivial":[166],"within":[168],"couple":[170],"minutes":[172],"without":[173],"any":[174],"adjustments":[175],"existing":[178],"sanitizers.":[179],"\u00a9":[180],"Copyright":[181],"2020":[182],"SCITEPRESS":[184],"-":[185],"Science":[186],"Technology":[188],"Publications,":[189],"Lda.":[190],"All":[191],"rights":[192],"reserved.":[193]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}