{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T04:54:40Z","timestamp":1755838480258,"version":"3.41.0"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319276588"},{"type":"electronic","value":"9783319276595"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-27659-5_23","type":"book-chapter","created":{"date-parts":[[2015,12,29]],"date-time":"2015-12-29T12:33:52Z","timestamp":1451392432000},"page":"321-337","source":"Crossref","is-referenced-by-count":4,"title":["CrowdFlow: Efficient Information Flow Security"],"prefix":"10.1007","author":[{"given":"Christoph","family":"Kerschbaumer","sequence":"first","affiliation":[]},{"given":"Eric","family":"Hennigan","sequence":"additional","affiliation":[]},{"given":"Per","family":"Larsen","sequence":"additional","affiliation":[]},{"given":"Stefan","family":"Brunthaler","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Franz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,30]]},"reference":[{"key":"23_CR1","unstructured":"OWASP: The open web application security project (2012). https:\/\/www.owasp.org\/ . Accessed April 2013"},{"key":"23_CR2","unstructured":"The MITRE Corporation: Common weakness enumeration: A community-developed dictionary of software weakness types (2012). http:\/\/cwe.mitre.org\/top25\/ . Accessed April 2013"},{"key":"23_CR3","unstructured":"Microsoft: Microsoft Security Intelligence Report, vol. 13, January\u2013June 2012 (2012). http:\/\/www.microsoft.com\/security\/sir\/default.aspx . Accessed April 2013"},{"key":"23_CR4","doi-asserted-by":"crossref","unstructured":"Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in JavaScript web applications. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 270\u2013283. ACM (2010)","DOI":"10.1145\/1866307.1866339"},{"key":"23_CR5","unstructured":"Vogt, P., Nentwich, F., Jovanovic, N., Kruegel, C., Kirda, E., Vigna, G.: Cross site scripting prevention with dynamic data tainting and static analysis. In: Proceedings of the Annual Network and Distributed System Security Symposium. The Internet Society (2007)"},{"key":"23_CR6","doi-asserted-by":"crossref","unstructured":"Groef, W.D., Devriese, D., Nikiforakis, N., Piessens, F.: FlowFox: a web browser with flexible and precise information flow control. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 748\u2013759. ACM (2012)","DOI":"10.1145\/2382196.2382275"},{"key":"23_CR7","doi-asserted-by":"crossref","unstructured":"Just, S., Cleary, A., Shirley, B., Hammer, C.: Information flow analysis for JavaScript. In: Proceedings of the ACM SIGPLAN International Workshop on Programming Language and Systems Technologies for Internet Clients, pp. 9\u201318. ACM (2011)","DOI":"10.1145\/2093328.2093331"},{"key":"23_CR8","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Flanagan, C.: Multiple facets for dynamic information flow. In: Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principals of Programming Languages, pp. 165\u2013178. ACM (2012)","DOI":"10.1145\/2103621.2103677"},{"key":"23_CR9","unstructured":"Kerschbaumer, C., Hennigan, E., Larsen, P., Brunthaler, S., Franz, M.: Towards precise and efficient information flow control in web browsers. In: [42]"},{"key":"23_CR10","unstructured":"Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the USENIX Symposium on Operating Systems Design and Implementation, pp. 393\u2013407 (2010)"},{"key":"23_CR11","unstructured":"Provos, N.: Safe browsing - protecting web users for 5 years and counting (2012). http:\/\/googleonlinesecurity.blogspot.com\/2012\/06\/safe-browsing-protecting-web-users-for.html . Accessed April 2013"},{"key":"23_CR12","unstructured":"Microsoft: SmartScreen Filter (2012). http:\/\/windows.microsoft.com\/en-US\/internet-explorer\/products\/ie-9\/features\/smartscreen-filter . Accessed April 2013"},{"key":"23_CR13","unstructured":"WebKit: The webkit open source project (2012). http:\/\/www.webkit.org . Accessed April 2013"},{"key":"23_CR14","unstructured":"SunSpider: SunSpider JavaScript benchmark (2012). http:\/\/www2.webkit.org\/perf\/sunspider-0.9\/sunspider.html . Accessed April 2013"},{"key":"23_CR15","unstructured":"Google: V8 Benchmark Suite (2013). https:\/\/developers.google.com\/v8\/benchmarks . Accessed April 2013"},{"key":"23_CR16","unstructured":"Alexa: Alexa Global Top Sites. http:\/\/www.alexa.com\/topsites . Accessed April 2013"},{"key":"23_CR17","unstructured":"W3C - World Wide Web Consortium: Document object model (DOM) level 3 core specification (2004). http:\/\/www.w3.org\/TR\/2004\/REC-DOM-Level-3-Core-20040407\/DOM3-Core.pdf . Accessed April 2013"},{"key":"23_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-642-04444-1_6","volume-title":"Computer Security \u2013 ESORICS 2009","author":"A Russo","year":"2009","unstructured":"Russo, A., Sabelfeld, A., Chudnov, A.: Tracking information flow in dynamic tree structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 86\u2013103. Springer, Heidelberg (2009)"},{"key":"23_CR19","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Acker, S.V., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You are what you include: large-scale evaluation of remote javascript inclusions. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 736\u2013747. ACM (2012)","DOI":"10.1145\/2382196.2382274"},{"key":"23_CR20","unstructured":"Mozilla Foundation: Same origin policy for JavaScript (2008). https:\/\/developer.mozilla.org\/En\/Same_origin_policy_for_JavaScript . Accessed April 2013"},{"key":"23_CR21","unstructured":"W3C: Content security policy 1.0 (2013). http:\/\/www.w3.org\/TR\/CSP\/ . Accessed July 2013"},{"key":"23_CR22","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1145\/363516.363526","volume":"9","author":"AC Myers","year":"2000","unstructured":"Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9, 410\u2013442 (2000)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"23_CR23","unstructured":"Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow (2001). http:\/\/www.cs.cornell.edu\/jif . Accessed April 2013"},{"key":"23_CR24","unstructured":"Hennigan, E., Kerschbaumer, C., Larsen, P., Brunthaler, S., Franz, M.: First-class labels: using information flow to debug security holes. In: [42]"},{"key":"23_CR25","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A Sabelfeld","year":"2003","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 5\u201319 (2003)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"23_CR26","unstructured":"Ecma International: Standard ECMA-262. The ECMAScript language specification (2009). http:\/\/www.ecma-international.org\/publications\/standards\/Ecma-262.htm . Accessed April 2013"},{"key":"23_CR27","unstructured":"Anonymous: Web statistics when crawling the alexa top 500 web pages. Technical report, Anonymous (2013)"},{"key":"23_CR28","doi-asserted-by":"crossref","unstructured":"Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: Proceedings of the ACM International Conference on World Wide Web. ACM (2007)","DOI":"10.1145\/1242572.1242654"},{"key":"23_CR29","doi-asserted-by":"crossref","unstructured":"Myers, A.C.: Jflow: practical mostly-static information flow control. In: Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principals of Programming Languages, pp. 228\u2013241. ACM (1999)","DOI":"10.1145\/292540.292561"},{"key":"23_CR30","unstructured":"Zdancewic, S.A.: Programming Languages for information security. Ph.D. thesis, Cornell University (2002)"},{"key":"23_CR31","unstructured":"The Tor Project: Tor: Anonymity Online (2013). https:\/\/www.torproject.org\/ . Accessed April 2013"},{"key":"23_CR32","doi-asserted-by":"crossref","unstructured":"Greathouse, J.L., LeBlanc, C., Austin, T., Bertacco, V.: Highly scalable distributed dataflow analysis. In: Proceedings of the IEEE\/ACM International Symposium on Code Generation and Optimization, pp. 277\u2013288. IEEE (2011)","DOI":"10.1109\/CGO.2011.5764695"},{"key":"23_CR33","doi-asserted-by":"crossref","unstructured":"Greathouse, J.L., Austin, T.: The potential of sampling for dynamic analysis. In: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pp. 3.1\u20133.6. ACM (2011)","DOI":"10.1145\/2166956.2166959"},{"key":"23_CR34","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Flanagan, C.: Permissive dynamic information flow analysis. In: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pp. 1\u201312. ACM (2010)","DOI":"10.1145\/1814217.1814220"},{"key":"23_CR35","doi-asserted-by":"crossref","unstructured":"Devriese, D., Peissens, F.: Noninterference through secure multi-execution. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 109\u2013124. IEEE (2010)","DOI":"10.1109\/SP.2010.15"},{"key":"23_CR36","doi-asserted-by":"crossref","unstructured":"Hedin, D., Sabelfeld, A.: Information-flow security for a core of JavaScript. In: Proceedings of the IEEE Computer Security Foundations Symposium, pp. 3\u201318. IEEE (2012)","DOI":"10.1109\/CSF.2012.19"},{"key":"23_CR37","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pp. 113\u2013124. ACM (2009)","DOI":"10.1145\/1554339.1554353"},{"key":"23_CR38","doi-asserted-by":"crossref","unstructured":"Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for JavaScript. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 50\u201362. ACM (2009)","DOI":"10.1145\/1543135.1542483"},{"key":"23_CR39","unstructured":"Nadji, Y., Saxena, P., Song, D.: Document structure integrity: a robust basis for cross-site scripting defense. In: Proceedings of the Annual Network and Distributed System Security Symposium. The Internet Society (2009)"},{"key":"23_CR40","doi-asserted-by":"crossref","unstructured":"Canali, D., Cova, M., Vigna, G., Kruegel, C.: Prophiler: a fast filter for the large-scale detection of malicious web pages. In: Proceedings of the ACM International Conference on World Wide Web, pp. 197\u2013206. ACM (2011)","DOI":"10.1145\/1963405.1963436"},{"key":"23_CR41","doi-asserted-by":"crossref","unstructured":"Thomas, K., Grie, C., Ma, J., Paxson, V., Song, D.: Design and evaluation of a real-time url spam filtering service. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 447\u2013462. IEEE (2011)","DOI":"10.1109\/SP.2011.25"},{"key":"23_CR42","unstructured":"Proceedings of the 6th International Conference on Trust and Trustworthy Computing, TRUST 2013, London, UK, June 17\u201319. Springer (2013)"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-27659-5_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T23:30:32Z","timestamp":1748734232000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-27659-5_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319276588","9783319276595"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-27659-5_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}