{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:14:13Z","timestamp":1763468053462},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642258206"},{"type":"electronic","value":"9783642258213"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-25821-3_25","type":"book-chapter","created":{"date-parts":[[2011,12,5]],"date-time":"2011-12-05T06:09:36Z","timestamp":1323065376000},"page":"491-511","source":"Crossref","is-referenced-by-count":7,"title":["SafeWeb: A Middleware for Securing Ruby-Based Web Applications"],"prefix":"10.1007","author":[{"given":"Petr","family":"Hosek","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matteo","family":"Migliavacca","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ioannis","family":"Papagiannis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David M.","family":"Eyers","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Evans","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brian","family":"Shand","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jean","family":"Bacon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter","family":"Pietzuch","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"25_CR1","doi-asserted-by":"crossref","unstructured":"Bell, D., LaPadula, L.: Secure computer system: Unified exposition and Multics interpretation. Technical report, MITRE Corporation (1976)","DOI":"10.21236\/ADA023588"},{"key":"25_CR2","first-page":"1","volume-title":"WebApps","author":"J. Burket","year":"2011","unstructured":"Burket, J., Mutchler, P., Weaver, M., Zaveri, M., Evans, D.: GuardRails: A data-centric web application security framework. In: WebApps, pp. 1\u201312. USENIX, Portland (2011)"},{"key":"25_CR3","volume-title":"Computer and Communications Security","author":"A. Chaudhuri","year":"2010","unstructured":"Chaudhuri, A., Foster, J.: Symbolic security analysis of Ruby-on-Rails web applications. In: Computer and Communications Security. ACM, Chicago (2010)"},{"key":"25_CR4","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1145\/1655121.1655125","volume-title":"Workshop on Secure Web Services (SWS)","author":"E. Chin","year":"2009","unstructured":"Chin, E., Wagner, D.: Efficient character-level taint tracking for Java. In: Workshop on Secure Web Services (SWS), pp. 3\u201312. ACM, Chicago (2009)"},{"key":"25_CR5","unstructured":"CouchRest, http:\/\/github.com\/couchrest (Accessed September 5, 2011)"},{"key":"25_CR6","unstructured":"Department of Defense. Trusted Computer System Evaluation Criteria (1983)"},{"issue":"2","key":"25_CR7","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1145\/857076.857078","volume":"35","author":"P.T. Eugster","year":"2003","unstructured":"Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.-M.: The many faces of publish\/subscribe. ACM Computing Surveys\u00a035(2), 114\u2013131 (2003)","journal-title":"ACM Computing Surveys"},{"key":"25_CR8","unstructured":"EventMachine, http:\/\/rubyeventmachine.com (Accessed September 5, 2011)"},{"key":"25_CR9","volume-title":"World Wide Web (WWW)","author":"Y.-W. Huang","year":"2004","unstructured":"Huang, Y.-W., Yu, F., et al.: Securing web application code by static analysis and runtime protection. In: World Wide Web (WWW). ACM, New York (2004)"},{"key":"25_CR10","first-page":"258","volume-title":"Symposium on Security and Privacy","author":"N. Jovanovic","year":"2006","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A static analysis tool for detecting web application vulnerabilities. In: Symposium on Security and Privacy, pp. 258\u2013263. IEEE, Berkeley (2006)"},{"key":"25_CR11","unstructured":"Miglivacca, M., Papagiannis, I., Eyers, D., Shand, B., Bacon, J., Pietzuch, P.: High-performance event processing with information security. In: USENIX Annual Technical Conference, Boston, MA (2010)"},{"issue":"4","key":"25_CR12","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1145\/363516.363526","volume":"9","author":"A. Myers","year":"2000","unstructured":"Myers, A., Liskov, B.: Protecting privacy using the decentralized label model. Transactions on Software Engineering and Methodology\u00a09(4), 410\u2013442 (2000)","journal-title":"Transactions on Software Engineering and Methodology"},{"issue":"1","key":"25_CR13","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.entcs.2007.10.010","volume":"197","author":"S. Nair","year":"2008","unstructured":"Nair, S., Simpson, P., Crispo, B., Tanenbaum, A.: A virtual machine based information flow control system for policy enforcement. Electronic Notes in Theoretical Computer Science\u00a0197(1), 3\u201316 (2008)","journal-title":"Electronic Notes in Theoretical Computer Science"},{"key":"25_CR14","volume-title":"Middleware","author":"S. Nanda","year":"2007","unstructured":"Nanda, S., Lam, L.-C., Chiueh, T.-C.: Dynamic multi-process information flow tracking for web application security. In: Middleware. ACM, Toronto (2007)"},{"key":"25_CR15","unstructured":"Papagiannis, I., Migliavacca, M., Eyers, D.M., Shand, B., et al.: Enforcing user privacy in web applications using Erlang. In: W2SP, Oakland, CA (2010)"},{"key":"25_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1007\/11663812_7","volume-title":"Recent Advances in Intrusion Detection","author":"T. Pietraszek","year":"2006","unstructured":"Pietraszek, T., Berghe, C.: Defending Against Injection Attacks Through Context-Sensitive String Evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 124\u2013145. Springer, Heidelberg (2006)"},{"key":"25_CR17","unstructured":"Rack:Csrf, http:\/\/github.com\/baldowl\/rack_csrf (Accessed September 5, 2011)"},{"key":"25_CR18","unstructured":"RailsXSS, http:\/\/github.com\/rails\/rails_xss (Accessed September 5, 2011)"},{"key":"25_CR19","doi-asserted-by":"crossref","unstructured":"Roy, I., Porter, D., Bond, M., McKinley, K., Witchel, E.: Laminar: Practical fine-grained decentralized information flow control. In: PLDI, Dublin, Ireland (2009)","DOI":"10.1145\/1542476.1542484"},{"key":"25_CR20","unstructured":"Rubinius, http:\/\/rubini.us (Accessed September 5, 2011)"},{"key":"25_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-642-19125-1_9","volume-title":"Engineering Secure Software and Systems","author":"P.D. Ryck","year":"2011","unstructured":"Ryck, P.D., Desmet, L., Joosen, W.: Middleware Support for Complex and Distributed Security Services in Multi-Tier web Applications. In: Erlingsson, \u00da., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol.\u00a06542, pp. 114\u2013127. Springer, Heidelberg (2011)"},{"key":"25_CR22","unstructured":"Sinatra, http:\/\/www.sinatrarb.com (Accessed September 5, 2011)"},{"key":"25_CR23","unstructured":"Stomp protocol, http:\/\/stomp.github.com (Accessed September 5, 2011)"},{"key":"25_CR24","unstructured":"StompServer, http:\/\/stompserver.rubyforge.org (Accessed September 5, 2011)"},{"key":"25_CR25","unstructured":"UK Information Commissioner\u2019s Office. Data breaches to incur up to \u00a3500,000 penalty, http:\/\/www.ico.gov.uk\/~\/media\/documents\/pressreleases\/2010\/PENALTIES_GUIDANCE_120110.ashx (Accessed September 5, 2011)"},{"key":"25_CR26","doi-asserted-by":"crossref","unstructured":"Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: An empirical analysis of XSS sanitization in web application frameworks. Technical report, UC Berkeley (2011)","DOI":"10.1007\/978-3-642-23822-2_9"},{"key":"25_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-540-76778-7_19","volume-title":"Middleware 2007","author":"A. Wun","year":"2007","unstructured":"Wun, A., Jacobsen, H.-A.: A Policy Management Framework for Content-Based Publish\/Subscribe Middleware. In: Cerqueira, R., Pasquale, F. (eds.) Middleware 2007. LNCS, vol.\u00a04834, pp. 368\u2013388. Springer, Heidelberg (2007)"},{"key":"25_CR28","first-page":"121","volume-title":"Security Symposium","author":"W. Xu","year":"2006","unstructured":"Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: Security Symposium, pp. 121\u2013136. USENIX, Vancouver (2006)"},{"key":"25_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-642-16599-3_14","volume-title":"The Smart Internet","author":"C. Ye","year":"2010","unstructured":"Ye, C., Jacobsen, H.-A.: Event Exposure for Web Services: A Grey-Box Approach to Compose and Evolve Web Services. In: Chignell, M., Cordy, J., Ng, J., Yesha, Y. (eds.) The Smart Internet. LNCS, vol.\u00a06400, pp. 197\u2013215. Springer, Heidelberg (2010)"},{"key":"25_CR30","volume-title":"SOSP","author":"A. Yip","year":"2009","unstructured":"Yip, A., Wang, X., Zeldovich, N., Kaashoek, M.F.: Improving Application Security With Data Flow Assertions. In: SOSP. ACM, Big Sky (2009)"},{"key":"25_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/978-3-540-74835-9_18","volume-title":"Computer Security \u2013 ESORICS 2007","author":"S. Yoshihama","year":"2007","unstructured":"Yoshihama, S., Yoshizawa, T., Watanabe, Y., Kudoh, M., Oyanagi, K.: Dynamic Information Flow Control Architecture for Web Applications. In: Biskup, J., L\u00f3pez, J. (eds.) ESORICS 2007. LNCS, vol.\u00a04734, pp. 267\u2013282. Springer, Heidelberg (2007)"}],"container-title":["Lecture Notes in Computer Science","Middleware 2011"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-25821-3_25.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:58:32Z","timestamp":1606186712000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-25821-3_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642258206","9783642258213"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-25821-3_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}