{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T00:48:50Z","timestamp":1775868530933,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642370564","type":"print"},{"value":"9783642370571","type":"electronic"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-37057-1_15","type":"book-chapter","created":{"date-parts":[[2013,2,18]],"date-time":"2013-02-18T19:37:04Z","timestamp":1361216224000},"page":"210-225","source":"Crossref","is-referenced-by-count":90,"title":["Andromeda: Accurate and Scalable Security Analysis of Web Applications"],"prefix":"10.1007","author":[{"given":"Omer","family":"Tripp","sequence":"first","affiliation":[]},{"given":"Marco","family":"Pistoia","sequence":"additional","affiliation":[]},{"given":"Patrick","family":"Cousot","sequence":"additional","affiliation":[]},{"given":"Radhia","family":"Cousot","sequence":"additional","affiliation":[]},{"given":"Salvatore","family":"Guarnieri","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"15_CR1","unstructured":"Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, Copenhagen, Denmark (May 1994)"},{"key":"15_CR2","doi-asserted-by":"crossref","unstructured":"Ashcraft, K., Engler, D.: Using Programmer-Written Compiler Extensions to Catch Security Holes. In: S&P (2002)","DOI":"10.21236\/ADA419600"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Bacon, D.F., Sweeney, P.F.: Fast static analysis of c++ virtual function calls. In: OOPSLA, pp. 324\u2013341 (1996)","DOI":"10.1145\/236338.236371"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Chang, W., Streiff, B., Lin, C.: Efficient and Extensible Security Enforcement Using Dynamic Data Flow Analysis. In: CCS (2008)","DOI":"10.1145\/1455770.1455778"},{"key":"15_CR5","doi-asserted-by":"crossref","unstructured":"Cheng, B., Hwu, W.W.: Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In: Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, pp. 57\u201369 (2000)","DOI":"10.1145\/358438.349311"},{"key":"15_CR6","doi-asserted-by":"crossref","unstructured":"Cousot, P., Cousot, R.: Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: POPL, pp. 238\u2013252 (1977)","DOI":"10.1145\/512950.512973"},{"key":"15_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/3-540-49538-X_5","volume-title":"ECOOP \u201995 - Object-Oriented Programming","author":"J. Dean","year":"1995","unstructured":"Dean, J., Grove, D., Chambers, C.: Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol.\u00a0952, pp. 77\u2013101. Springer, Heidelberg (1995)"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Denning, D.E.: A Lattice Model of Secure Information Flow. CACM\u00a019(5) (1976)","DOI":"10.1145\/360051.360056"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"Denning, D.E., Denning, P.J.: Certification of Programs for Secure Information Flow. CACM\u00a020(7) (1977)","DOI":"10.1145\/359636.359712"},{"key":"15_CR10","unstructured":"Deutsch, A.: A Storeless Model of Aliasing and Its Abstractions Using Finite Representations of Right-regular Equivalence Relations. In: ICCL (1992)"},{"key":"15_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/11531142_4","volume-title":"ECOOP 2005 - Object-Oriented Programming","author":"R. Fuhrer","year":"2005","unstructured":"Fuhrer, R., Tip, F., Kie\u017cun, A., Dolby, J., Keller, M.: Efficiently Refactoring Java Applications to Use Generic Libraries. In: Gao, X.-X. (ed.) ECOOP 2005. LNCS, vol.\u00a03586, pp. 71\u201396. Springer, Heidelberg (2005)"},{"key":"15_CR12","doi-asserted-by":"crossref","unstructured":"Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: S&P (1982)","DOI":"10.1109\/SP.1982.10014"},{"key":"15_CR13","doi-asserted-by":"crossref","unstructured":"Guarnieri, S., Pistoia, M., Tripp, O., Dolby, J., Teilhet, S.: Saving the World Wide Web from Vulnerable JavaScript. In: ISSTA (2011)","DOI":"10.1145\/2001420.2001442"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Hammer, C., Krinke, J., Snelting, G.: Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In: S&P (2006)","DOI":"10.1145\/1111542.1111552"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Heintze, N., Tardieu, O.: Demand-Driven Pointer Analysis. In: PLDI (2001)","DOI":"10.1145\/378795.378802"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Lhot\u00e1k, O., Hendren, L.J.: Context-Sensitive Points-to Analysis: Is It Worth It. In: CC (2006)","DOI":"10.1007\/11688839_5"},{"key":"15_CR17","unstructured":"Livshits, V.B., Lam, M.S.: Finding Security Vulnerabilities in Java Applications with Static Analysis. In: USENIX Security (2005)"},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"McCamant, S., Ernst, M.D.: Quantitative Information Flow as Network Flow Capacity. In: PLDI (2008)","DOI":"10.1145\/1375581.1375606"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Minamide, Y.: Static Approximation of Dynamically Generated Web Pages. In: WWW (2005)","DOI":"10.1145\/1060745.1060809"},{"key":"15_CR20","doi-asserted-by":"crossref","unstructured":"Myers, A.C.: JFlow: Practical Mostly-static Information Flow Control. In: POPL (1999)","DOI":"10.1145\/292540.292561"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Myers, A.C., Liskov, B.: A Decentralized Model for Information Flow Control. In: SOSP (1997)","DOI":"10.1145\/268998.266669"},{"key":"15_CR22","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: NDSS (2005)"},{"key":"15_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1007\/11531142_16","volume-title":"ECOOP 2005 - Object-Oriented Programming","author":"M. Pistoia","year":"2005","unstructured":"Pistoia, M., Flynn, R.J., Koved, L., Sreedhar, V.C.: Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In: Gao, X.-X. (ed.) ECOOP 2005. LNCS, vol.\u00a03586, pp. 362\u2013386. Springer, Heidelberg (2005)"},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Reps, T., Horwitz, S., Sagiv, M.: Precise Interprocedural Dataflow Analysis via Graph Reachability. In: POPL (1995)","DOI":"10.1145\/199448.199462"},{"key":"15_CR25","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A. Sabelfeld","year":"2003","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based Information-flow Security. IEEE Journal on Selected Areas in Communications\u00a021, 5\u201319 (2003)","journal-title":"IEEE Journal on Selected Areas in Communications"},{"key":"15_CR26","unstructured":"Saha, D.: Incremental Evaluation of Tabled Logic Programs. PhD thesis, State University of New York at Stony Brook, Stony Brook, NY, USA (2006)"},{"key":"15_CR27","unstructured":"Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting Format String Vulnerabilities with Type Qualifiers. In: USENIX Security (2001)"},{"key":"15_CR28","doi-asserted-by":"crossref","unstructured":"Snelting, G., Robschink, T., Krinke, J.: Efficent Path Conditions in Dependence Graphs for Software Safety Analysis. TOSEM, 15(4) (2006)","DOI":"10.1145\/1178625.1178628"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Sridharan, M., Artzi, S., Pistoia, M., Guarnieri, S., Tripp, O., Berg, R.: F4F: Taint Analysis of Framework-based Web Applications. In: OOPSLA (2011)","DOI":"10.1145\/2048066.2048145"},{"key":"15_CR30","doi-asserted-by":"crossref","unstructured":"Sridharan, M., Fink, S.J., Bod\u00edk, R.: Thin Slicing. In: PLDI (2007)","DOI":"10.1145\/1250734.1250748"},{"key":"15_CR31","doi-asserted-by":"crossref","unstructured":"Sridharan, M., Bod\u00edk, R.: Refinement-based Context-sensitive Points-to Analysis for Java. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2006), Ottawa, ON, Canada, pp. 387\u2013400 (June 2006)","DOI":"10.1145\/1133981.1134027"},{"key":"15_CR32","doi-asserted-by":"crossref","unstructured":"Tateishi, T., Pistoia, M., Tripp, O.: Path- and Index-sensitive String Analysis Based on Monadic Second-order Logic. In: ISSTA (2011)","DOI":"10.1145\/2001420.2001441"},{"key":"15_CR33","unstructured":"Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: Effective Taint Analysis of Web Applications. In: PLDI (2009)"},{"key":"15_CR34","doi-asserted-by":"crossref","unstructured":"Volpano, D., Irvine, C., Smith, G.: A Sound Type System for Secure Flow Analysis. JCS 4(2-3) (1996)","DOI":"10.3233\/JCS-1996-42-304"},{"issue":"2","key":"15_CR35","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1348246.1348247","volume":"40","author":"I. Vosloo","year":"2008","unstructured":"Vosloo, I., Kourie, D.G.: Server-centric web frameworks: An overview. ACM Comput. Surv.\u00a040(2), 4:1\u20134:33 (2008)","journal-title":"ACM Comput. Surv."},{"key":"15_CR36","doi-asserted-by":"crossref","unstructured":"Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: PLDI (2007)","DOI":"10.1145\/1250734.1250739"},{"key":"15_CR37","doi-asserted-by":"crossref","unstructured":"Wassermann, G., Su, Z.: Static Detection of Cross-site Scripting Vulnerabilities. In: ICSE 2008 (2008)","DOI":"10.1145\/1368088.1368112"},{"key":"15_CR38","doi-asserted-by":"crossref","unstructured":"Whaley, J., Lam, M.S.: Cloning Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams. In: PLDI (2004)","DOI":"10.1145\/996841.996859"},{"key":"15_CR39","doi-asserted-by":"crossref","unstructured":"Yan, D., Xu, G., Rountev, A.: Demand-driven context-sensitive alias analysis for java. In: Proceedings of the 2011 International Symposium on Software Testing and Analysis, pp. 155\u2013165 (2011)","DOI":"10.1145\/2001420.2001440"},{"key":"15_CR40","doi-asserted-by":"crossref","unstructured":"Zheng, X., Rugina, R.: Demand-driven alias analysis for c. In: Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 197\u2013208 (2008)","DOI":"10.1145\/1328438.1328464"}],"container-title":["Lecture Notes in Computer Science","Fundamental Approaches to Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-37057-1_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,8]],"date-time":"2022-02-08T22:08:06Z","timestamp":1644358086000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-37057-1_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642370564","9783642370571"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-37057-1_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}