{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T14:43:45Z","timestamp":1775054625604,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540898610","type":"print"},{"value":"9783540898627","type":"electronic"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-89862-7_4","type":"book-chapter","created":{"date-parts":[[2008,12,3]],"date-time":"2008-12-03T09:01:00Z","timestamp":1228294860000},"page":"56-70","source":"Crossref","is-referenced-by-count":56,"title":["Implicit Flows: Can\u2019t Live with \u2018Em, Can\u2019t Live without \u2018Em"],"prefix":"10.1007","author":[{"given":"Dave","family":"King","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Boniface","family":"Hicks","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Hicks","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium (2002)"},{"key":"4_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BFb0055716","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"D. Bleichenbacher","year":"1998","unstructured":"Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 1\u201312. Springer, Heidelberg (1998)"},{"key":"4_CR3","unstructured":"Broadwell, P., Harren, M., Sastry, N.: Scrash: a system for generating secure crash information. In: Proceedings of the 12th conference on USENIX Security Symposium (2003)"},{"key":"4_CR4","first-page":"342","volume-title":"Beyond Assertions: Advanced Specification and Verification with JML and ESC\/Java2.","author":"P. Chalin","year":"2006","unstructured":"Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E.: Beyond Assertions: Advanced Specification and Verification with JML and ESC\/Java2., pp. 342\u2013363. Springer, Heidelberg (2006)"},{"key":"4_CR5","first-page":"171","volume-title":"Proceedings of the 11th USENIX Security Symposium","author":"H. Chen","year":"2002","unstructured":"Chen, H., Wagner, D., Dean, D.: Setuid demystified. In: Proceedings of the 11th USENIX Security Symposium, pp. 171\u2013190. USENIX Association, Berkeley (2002)"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Chen, K., Wagner, D.: Large-scale analysis of format string vulnerabilities in Debian Linux. In: Proceedings of the 2007 workshop on Programming languages and analysis for security (2007)","DOI":"10.1145\/1255329.1255344"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. In: IEEE Symposium on Security and Privacy, pp. 354\u2013368 (2008)","DOI":"10.1109\/SP.2008.32"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI, vol.\u00a037, pp. 234\u2013245 (June 2002)","DOI":"10.1145\/512529.512558"},{"key":"4_CR9","unstructured":"Fortify Software. Fortify, http:\/\/www.fortify.com\/"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Foster, J.S., F\u00e4hndrich, M., Aiken, A.: A theory of type qualifiers. In: PLDI, pp. 192\u2013203 (1999)","DOI":"10.1145\/301631.301665"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11\u201320 (1982)","DOI":"10.1109\/SP.1982.10014"},{"key":"4_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11859802_31","volume-title":"Advances in Computer Systems Architecture","author":"B. Hicks","year":"2006","unstructured":"Hicks, B., Ahmadizadeh, K., McDaniel, P.: From Languages to Systems: Understanding Practical Application Development in Security-typed Languages. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol.\u00a04186. Springer, Heidelberg (2006)"},{"key":"4_CR13","first-page":"9","volume-title":"SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium","author":"R. Johnson","year":"2004","unstructured":"Johnson, R., Wagner, D.: Finding user\/kernel pointer bugs with type inference. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, p. 9. USENIX Association, Berkeley (2004)"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-78769-3","volume-title":"Fast Software Encryption","author":"D. King","year":"2008","unstructured":"King, D., Jaeger, T., Jha, S., Seshia, S.A.: Effective blame for information-flow violations. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086. Springer, Heidelberg (2008)"},{"issue":"4","key":"4_CR15","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1145\/161494.161501","volume":"1","author":"W. Landi","year":"1992","unstructured":"Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems\u00a01(4), 323\u2013337 (1992)","journal-title":"ACM Letters on Programming Languages and Systems"},{"key":"4_CR16","first-page":"365","volume-title":"OOPLSA","author":"M. Martin","year":"2005","unstructured":"Martin, M., Livshits, B., Lam, M.S.: Finding application errors and security flaws using PQL: a program query language. In: OOPLSA, pp. 365\u2013383. ACM, New York (2005)"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: PLDI, pp. 193\u2013205 (2008)","DOI":"10.1145\/1375581.1375606"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Myers, A.C.: JFlow: Practical mostly-static information flow control. In: POPL, pp. 228\u2013241 (January 1999)","DOI":"10.1145\/292540.292561"},{"key":"4_CR19","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1145\/503272.503302","volume-title":"POPL","author":"F. Pottier","year":"2002","unstructured":"Pottier, F., Simonet, V.: Information flow inference for ML. In: POPL, pp. 319\u2013330. ACM, New York (2002)"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications\u00a021(1) (2003)","DOI":"10.1109\/JSAC.2002.806121"},{"key":"4_CR21","unstructured":"Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th conference on USENIX Security Symposium (2001)"},{"key":"4_CR22","first-page":"189","volume-title":"Program Flow Analysis: Theory and Applications","author":"M. Sharir","year":"1981","unstructured":"Sharir, M., Pnueli, A.: Two approaches to interprocedural dataflow analysis. In: Program Flow Analysis: Theory and Applications, pp. 189\u2013234. Prentice-Hall, Englewood Cliffs (1981)"},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1007\/3-540-46035-7_35","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"S. Vaudenay","year":"2002","unstructured":"Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 534\u2013546. Springer, Heidelberg (2002)"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Xie, Y., Aiken, A.: Saturn: A scalable framework for error detection using boolean satisfiability. ACM Transactions on Programming Languages and Systems\u00a029(3) (2007)","DOI":"10.1145\/1232420.1232423"},{"key":"4_CR25","first-page":"33","volume-title":"Proceedings of the 11th USENIX Security Symposium","author":"X. Zhang","year":"2002","unstructured":"Zhang, X., Edwards, A., Jaeger, T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symposium, pp. 33\u201348. USENIX Association, Berkeley (2002)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-89862-7_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,21]],"date-time":"2023-05-21T21:49:09Z","timestamp":1684705749000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-89862-7_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540898610","9783540898627"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-89862-7_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008]]}}}