{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T09:12:06Z","timestamp":1743066726704,"version":"3.40.3"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031236891"},{"type":"electronic","value":"9783031236907"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-23690-7_12","type":"book-chapter","created":{"date-parts":[[2022,12,10]],"date-time":"2022-12-10T05:02:50Z","timestamp":1670648570000},"page":"202-219","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Preventing Privacy-Violating Information Flows in\u00a0JavaScript Applications Using Dynamic Labelling"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3063-6080","authenticated-orcid":false,"given":"Sandip","family":"Ghosal","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R. K.","family":"Shyamasundar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,12,11]]},"reference":[{"key":"12_CR1","unstructured":"Ecmascript 2023 language specification. https:\/\/tc39.es\/ecma262\/"},{"key":"12_CR2","unstructured":"Most popular technologies. https:\/\/insights.stackoverflow.com\/survey\/2020#most-popular-technologies"},{"key":"12_CR3","unstructured":"Cross-domain security woes. the strange zen of javascript (2005). http:\/\/jszen.blogspot.com\/2005\/03\/cross-domain-security-woes.html"},{"key":"12_CR4","unstructured":"Defining safer json-p (2020). https:\/\/json-p.org\/"},{"key":"12_CR5","doi-asserted-by":"publisher","unstructured":"Askarov, A., Hunt, S., Sabelfeld, A., Sands, D.: Termination-insensitive noninterference leaks more than just a bit. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 333\u2013348. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-88313-5_22","DOI":"10.1007\/978-3-540-88313-5_22"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: Proceedings of the ACM SIGPLAN 4th Workshop on PLAS, pp. 113\u2013124 (2009)","DOI":"10.1145\/1554339.1554353"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Flanagan, C.: Multiple facets for dynamic information flow. In: Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 165\u2013178 (2012)","DOI":"10.1145\/2103621.2103677"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Barth, A.: The web origin concept. Technical report (2011)","DOI":"10.17487\/rfc6454"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Bauer, L., Cai, S., Jia, L., Passaro, T., Stroucken, M., Tian, Y.: Run-time monitoring and formal analysis of information flows in chromium. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23295"},{"key":"12_CR10","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1016\/j.cose.2017.04.001","volume":"71","author":"A Bedford","year":"2017","unstructured":"Bedford, A., Chong, S., Desharnais, J., Kozyri, E., Tawbi, N.: A progress-sensitive flow-sensitive inlined information-flow control monitor (extended version). Comput. Secur. 71, 114\u2013131 (2017)","journal-title":"Comput. Secur."},{"key":"12_CR11","doi-asserted-by":"publisher","unstructured":"Bichhawat, A., Rajani, V., Garg, D., Hammer, C.: Information Flow Control in WebKit\u2019s JavaScript Bytecode. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 159\u2013178. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54792-8_9","DOI":"10.1007\/978-3-642-54792-8_9"},{"key":"12_CR12","doi-asserted-by":"publisher","unstructured":"Broberg, N., van Delft, B., Sands, D.: Paragon for practical programming with information-flow control. In: Shan, C.-C. (ed.) APLAS 2013. LNCS, vol. 8301, pp. 217\u2013232. Springer, Cham (2013). https:\/\/doi.org\/10.1007\/978-3-319-03542-0_16","DOI":"10.1007\/978-3-319-03542-0_16"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Chudnov, A., Naumann, D.A.: Inlined information flow monitoring for javascript. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 629\u2013643 (2015)","DOI":"10.1145\/2810103.2813684"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for javascript. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 50\u201362 (2009)","DOI":"10.1145\/1543135.1542483"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"De Groef, W., Devriese, D., Nikiforakis, N., Piessens, F.: Flowfox: a web browser with flexible and precise information flow control. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 748\u2013759 (2012)","DOI":"10.1145\/2382196.2382275"},{"issue":"5","key":"12_CR16","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1145\/360051.360056","volume":"19","author":"DE Denning","year":"1976","unstructured":"Denning, D.E.: A lattice model of secure information flow. CACM 19(5), 236\u2013243 (1976)","journal-title":"CACM"},{"issue":"7","key":"12_CR17","doi-asserted-by":"publisher","first-page":"504","DOI":"10.1145\/359636.359712","volume":"20","author":"DE Denning","year":"1977","unstructured":"Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504\u2013513 (1977)","journal-title":"Commun. ACM"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: 2010 IEEE Symposium on Security and Privacy, pp. 109\u2013124. IEEE (2010)","DOI":"10.1109\/SP.2010.15"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Dhawan, M., Ganapathy, V.: Analyzing information flow in javascript-based browser extensions. In: 2009 Annual Computer Security Applications Conference, pp. 382\u2013391. IEEE (2009)","DOI":"10.1109\/ACSAC.2009.43"},{"issue":"2","key":"12_CR20","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1093\/comjnl\/17.2.143","volume":"17","author":"JS Fenton","year":"1974","unstructured":"Fenton, J.S.: Memoryless subsystems. Comput. J. 17(2), 143\u2013147 (1974)","journal-title":"Comput. J."},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Ghosal, S., Shyamasundar, R.K., Kumar, N.V.N.: Static security certification of programs via dynamic labelling. In: Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 - Volume 2: SECRYPT, 26\u201328 July 2018, pp. 400\u2013411 Porto, Portugal (2018)","DOI":"10.5220\/0006868602340245"},{"key":"12_CR22","doi-asserted-by":"publisher","unstructured":"Ghosal, S., Shyamasundar, R., Kumar, N.N.: Compile-time security certification of imperative programming languages. In: Obaidat, M.S. (ed.) ICETE 2018. CCIS, vol. 1118, pp. 159\u2013182. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34866-3_8","DOI":"10.1007\/978-3-030-34866-3_8"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, pp. 11\u201311. IEEE (1982)","DOI":"10.1109\/SP.1982.10014"},{"key":"12_CR24","unstructured":"Graf, J., Hecker, M., Mohr, M.: Using joana for information flow control in java programs - a practical guide. In: Proceedings of the 6th Working Conference on Programming Languages (ATPS 2013). LNI, vol. 215, pp. 123\u2013138. Springer, Berlin (2013)"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: Jsflow: tracking information flow in javascript and its apis. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1663\u20131671 (2014)","DOI":"10.1145\/2554850.2554909"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Hedin, D., Sabelfeld, A.: Information-flow security for a core of javascript. In: Computer Security Foundations Symposium (CSF), 2012 IEEE 25th, pp. 3\u201318. IEEE (2012)","DOI":"10.1109\/CSF.2012.19"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Hicks, B., Ahmadizadeh, K., McDaniel, P.: From languages to systems: Understanding practical application development in security-typed languages. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 153\u2013164. IEEE (2006)","DOI":"10.1109\/ACSAC.2006.30"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in javascript web applications. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 270\u2013283 (2010)","DOI":"10.1145\/1866307.1866339"},{"key":"12_CR29","unstructured":"Jang, D., Jhala, R., Lerner, S., Shacham, H.: Rewriting-based dynamic information flow for javascript. In: 17th ACM Conference on Computer and Communications Security (2010)"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"Just, S., Cleary, A., Shirley, B., Hammer, C.: Information flow analysis for javascript. In: Proceedings of the 1st ACM SIGPLAN International Workshop on Programming Language and Systems Technologies for Internet Clients, pp. 9\u201318 (2011)","DOI":"10.1145\/2093328.2093331"},{"key":"12_CR31","unstructured":"King, D., Jha, S., Jaeger, T., Jha, S., Seshia, S.A.: On automatic placement of declassifiers for information-flow security. Technical report, Technical Report NASTR-0083-2007, Network and Security Research Center (2007)"},{"key":"12_CR32","doi-asserted-by":"publisher","unstructured":"Kumar, N.V.N., Shyamasundar, R.: A complete generative label model for\u00a0lattice-based access control models. In: Cimatti, A., Sirjani, M. (eds.) SEFM 2017. LNCS, vol. 10469, pp. 35\u201353. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66197-1_3","DOI":"10.1007\/978-3-319-66197-1_3"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Mitropoulos, D., Louridas, P., Salis, V., Spinellis, D.: Time present and time past: analyzing the evolution of javascript code in the wild. In: 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR), pp. 126\u2013137. IEEE (2019)","DOI":"10.1109\/MSR.2019.00029"},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Moore, S., Askarov, A., Chong, S.: Precise enforcement of progress-sensitive security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 881\u2013893. ACM (2012)","DOI":"10.1145\/2382196.2382289"},{"key":"12_CR35","doi-asserted-by":"crossref","unstructured":"Myers, A.C., Liskov, B.: A Decentralized Model for Information Flow Control, vol. 31. ACM (1997)","DOI":"10.1145\/268998.266669"},{"issue":"4","key":"12_CR36","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1145\/363516.363526","volume":"9","author":"AC Myers","year":"2000","unstructured":"Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Software Eng. Methodol. 9(4), 410\u2013442 (2000)","journal-title":"ACM Trans. Software Eng. Methodol."},{"key":"12_CR37","unstructured":"Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: java information flow (2001). http:\/\/www.cs.cornell.edu\/jif"},{"key":"12_CR38","unstructured":"Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-site scripting prevention with dynamic data tainting and static analysis. In: Proceeding of the Network and Distributed System Security Symposium (NDSS 2007). Citeseer (2007)"},{"key":"12_CR39","doi-asserted-by":"crossref","unstructured":"Ngo, M., Bielova, N., Flanagan, C., Rezk, T., Russo, A., Schmitz, T.: A better facet of dynamic information flow control. In: Companion Proceedings of the The Web Conference 2018, pp. 731\u2013739 (2018)","DOI":"10.1145\/3184558.3185979"},{"key":"12_CR40","doi-asserted-by":"crossref","unstructured":"Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: 2010 23rd IEEE Computer Security Foundations Symposium, pp. 186\u2013199. IEEE (2010)","DOI":"10.1109\/CSF.2010.20"},{"key":"12_CR41","unstructured":"Ryan, P., McLean, J., Millen, J., Gligor, V.: Non-interference: who needs it? In: CSFW, p. 0237. IEEE (2001)"},{"issue":"1","key":"12_CR42","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A Sabelfeld","year":"2003","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas Commun. 21(1), 5\u201319 (2003)","journal-title":"IEEE J. Selected Areas Commun."},{"key":"12_CR43","doi-asserted-by":"publisher","unstructured":"Sabelfeld, A., Myers, A.C.: A Model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174\u2013191. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-37621-7_9","DOI":"10.1007\/978-3-540-37621-7_9"},{"key":"12_CR44","doi-asserted-by":"crossref","unstructured":"Staicu, C.A., Schoepe, D., Balliu, M., Pradel, M., Sabelfeld, A.: An empirical study of information flows in real-world javascript. In: Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, pp. 45\u201359 (2019)","DOI":"10.1145\/3338504.3357339"},{"key":"12_CR45","unstructured":"Van Kesteren, A., et al.: Cross-origin resource sharing. W3C Working Draft WD-cors-20100727, latest version available at$$<$$ (2010). http:\/\/www.w3.org\/TR\/cors (2010)"},{"issue":"2\u20133","key":"12_CR46","doi-asserted-by":"publisher","first-page":"167","DOI":"10.3233\/JCS-1996-42-304","volume":"4","author":"D Volpano","year":"1996","unstructured":"Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2\u20133), 167\u2013187 (1996)","journal-title":"J. Comput. Secur."},{"key":"12_CR47","doi-asserted-by":"crossref","unstructured":"Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proceedings 10th Computer Security Foundations Workshop, pp. 156\u2013168. IEEE (1997)","DOI":"10.1109\/CSFW.1997.596807"},{"key":"12_CR48","unstructured":"Yang, E., Stefan, D., Mitchell, J., Mazi\u00e8res, D., Marchenko, P., Karp, B.: Toward principled browser security. In: 14th Workshop on Hot Topics in Operating Systems (HotOS XIV) (2013)"},{"key":"12_CR49","unstructured":"Zalewski, M.: Browser security handbook. Google Code (2010)"},{"key":"12_CR50","unstructured":"Zdancewic, S.A., Myers, A.: Programming Languages for Information Security. Cornell University (2002)"},{"key":"12_CR51","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1016\/S1571-0661(03)50014-7","volume":"83","author":"S Zdancewic","year":"2003","unstructured":"Zdancewic, S.: A type system for robust declassification. Electron. Notes Theoretical Comput. Sci. 83, 263\u2013277 (2003)","journal-title":"Electron. Notes Theoretical Comput. Sci."},{"key":"12_CR52","doi-asserted-by":"crossref","unstructured":"Zdancewic, S., Myers, A.C.: Robust declassification. CSFW. 1, 15\u201323 (2001)","DOI":"10.1109\/CSFW.2001.930133"},{"issue":"2\u20133","key":"12_CR53","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s10207-007-0019-9","volume":"6","author":"L Zheng","year":"2007","unstructured":"Zheng, L., Myers, A.C.: Dynamic security labels and static information flow control. Int. J. Inform. Secur. 6(2\u20133), 67\u201384 (2007)","journal-title":"Int. J. Inform. Secur."}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-23690-7_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,10]],"date-time":"2024-10-10T04:55:17Z","timestamp":1728536117000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-23690-7_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031236891","9783031236907"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-23690-7_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"11 December 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tirupati","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.icissconf.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"55","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}