{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T13:37:14Z","timestamp":1769002634427,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662488980","type":"print"},{"value":"9783662488997","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-48899-7_10","type":"book-chapter","created":{"date-parts":[[2015,11,21]],"date-time":"2015-11-21T03:59:28Z","timestamp":1448078368000},"page":"130-145","source":"Crossref","is-referenced-by-count":17,"title":["Boolean Formulas for the Static Identification of Injection Attacks in Java"],"prefix":"10.1007","author":[{"given":"Michael D.","family":"Ernst","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alberto","family":"Lovato","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Damiano","family":"Macedonio","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ciprian","family":"Spiridon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fausto","family":"Spoto","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,11,22]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Appelt, D., Nguyen, C.D., Briand, L.C., Alshahwan, N.: Automated testing for SQL injection vulnerabilities: an input mutation approach. In: ISSTA, pp. 259\u2013269, San Jose, CA, USA (2014)","DOI":"10.1145\/2610384.2610403"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI, p. 29, Edinburgh, UK, June 2014","DOI":"10.1145\/2594291.2594299"},{"issue":"5","key":"10_CR3","doi-asserted-by":"publisher","first-page":"1032","DOI":"10.1017\/S0960129512000850","volume":"23","author":"G Barthe","year":"2013","unstructured":"Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference java bytecode verifier. Math. Struct. Comput. Sci. 23(5), 1032\u20131081 (2013)","journal-title":"Math. Struct. Comput. Sci."},{"issue":"2","key":"10_CR4","first-page":"35","volume":"33","author":"G Barthe","year":"2007","unstructured":"Barthe, G., Rezk, T., Basu, A.: Security types preserving compilation. Comput. Lang. Syst. Struct. 33(2), 35\u201359 (2007)","journal-title":"Comput. Lang. Syst. Struct."},{"issue":"1","key":"10_CR5","first-page":"3","volume":"28","author":"D Clark","year":"2002","unstructured":"Clark, D., Hankin, C., Hunt, S.: Information flow for ALGOL-like languages. Comput. Lang. 28(1), 3\u201328 (2002)","journal-title":"Comput. Lang."},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Cousot, P., Cousot, R.: Abstract Interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238\u2013252 (1977)","DOI":"10.1145\/512950.512973"},{"key":"10_CR7","series-title":"Communications in Computer and Information Science","doi-asserted-by":"crossref","first-page":"400","DOI":"10.1007\/978-3-662-44966-0_39","volume-title":"Security in Computing and Communications","author":"JC Doshi","year":"2014","unstructured":"Doshi, J.C., Christian, M., Trivedi, B.H.: SQL FILTER \u2013 SQL Injection prevention and logging using dynamic network filter. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds.) SSCC 2014. CCIS, vol. 467, pp. 400\u2013406. Springer, Heidelberg (2014)"},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Ernst, M.D., Lovato, A., Macedonio, D., Spiridon, C., Spoto, F.: Boolean Formulas for the Static Identification of Injection Attacks in Java. Technical Report UW-CSE-15-09-03, University of Washington Department of Computer Science and Engineering, Seattle, WA, USA, September 2015","DOI":"10.1007\/978-3-662-48899-7_10"},{"key":"10_CR9","unstructured":"Genaim, S., Giacobazzi, R., Mastroeni, I.: Modeling secure information flow with boolean functions. In: Peter Ryan, editor, WITS 2004, April 2004"},{"key":"10_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"346","DOI":"10.1007\/978-3-540-30579-8_23","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"S Genaim","year":"2005","unstructured":"Genaim, S., Spoto, F.: Information flow analysis for java bytecode. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 346\u2013362. Springer, Heidelberg (2005)"},{"key":"10_CR11","unstructured":"Genaim, S., Spoto, F.: Constancy Analysis. In: Huisman, M. (ed.), FTfJP, Paphos, Cyprus, July 2008. Radboud University"},{"key":"10_CR12","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1016\/j.cose.2014.04.007","volume":"44","author":"Y-S Jang","year":"2014","unstructured":"Jang, Y.-S., Choi, J.-Y.: Detecting SQL injection attacks using query result size. Comput. Secur. 44, 104\u2013118 (2014)","journal-title":"Comput. Secur."},{"key":"10_CR13","unstructured":"Kobayashi, N., Shirane, K.: Type-based information flow analysis for low-level languages. In: APLAS (2002)"},{"issue":"1","key":"10_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-014-0219-6","volume":"11","author":"DG Kumar","year":"2015","unstructured":"Kumar, D.G., Chatterjee, M.: MAC based solution for SQL injection. J. Comput. Virol. Hacking Tech. 11(1), 1\u20137 (2015)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/3-540-45309-1_6","volume-title":"Programming Languages and Systems","author":"P Laud","year":"2001","unstructured":"Laud, P.: Semantics and program analysis of computationally secure information flow. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 77\u201391. Springer, Heidelberg (2001)"},{"key":"10_CR16","unstructured":"Lindholm, T., Yellin, F., Bracha, G., Buckley, A.: The Java Virtual Machine Specification, Java SE 7 Edition. Addison-Wesley Professional, 1st edition (2013)"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Liu, L., Xu, J., Li, M., Yang, J.: A Dynamic SQL injection vulnerability test case generation model based on the multiple phases detection approach. In: COMPSAC, pp. 256\u2013261, Kyoto, Japan (2013)","DOI":"10.1109\/COMPSAC.2013.42"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Makiou, A., Begriche, Y., Serhrouchni, A.: Improving web application firewalls to detect advanced SQL injection attacks. In: IAS, pp. 35\u201340. Okinawa, Japan 2014","DOI":"10.1109\/ISIAS.2014.7064617"},{"key":"10_CR19","unstructured":"MITRE\/SANS. Top 25 Most Dangerous Software Errors. http:\/\/cwe.mitre.org\/top25 , September 2011"},{"key":"10_CR20","unstructured":"Mizuno, M.: A least fixed point approach to inter-procedural information flow control. In: NCSC, pp. 558\u2013570 (1989)"},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Naghmeh, N.M., Sheykhkanloo, M.: Employing neural networks for the detection of SQL injection attack. In: SIN, pp. 318, Glasgow, Scotland, UK (2014)","DOI":"10.1145\/2659651.2659675"},{"issue":"4","key":"10_CR22","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1145\/2529990","volume":"35","author":"D Nikoli\u0107","year":"2013","unstructured":"Nikoli\u0107, D., Spoto, F.: Reachability analysis of program variables. ACM Trans. Program. Lang. Syst. 35(4), 14 (2013)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"10_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1007\/978-3-540-74061-2_28","volume-title":"Static Analysis","author":"\u00c9 Payet","year":"2007","unstructured":"Payet, \u00c9., Spoto, F.: Magic-sets transformation for the analysis of java bytecode. In: Riis Nielson, H., Fil\u00e9, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 452\u2013467. Springer, Heidelberg (2007)"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Resp, T.W., Horwitz, S., Sagiv, S.: Precise interprocedural dataflow analysis via graph reachability. In: POPL 1995, pp. 49\u201361. San Francisco, California, USA, January 1995","DOI":"10.1145\/199448.199462"},{"issue":"1","key":"10_CR25","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A Sabelfeld","year":"2003","unstructured":"Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5\u201319 (2003)","journal-title":"IEEE J. Sel. Areas Commun."},{"issue":"1","key":"10_CR26","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1023\/A:1011553200337","volume":"14","author":"A Sabelfeld","year":"2001","unstructured":"Sabelfeld, A., Sands, D.: A PER model of secure information flow in sequential programs. High. Order Symbolic Comput. 14(1), 59\u201391 (2001)","journal-title":"High. Order Symbolic Comput."},{"key":"10_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/11547662_22","volume-title":"Static Analysis","author":"S Secci","year":"2005","unstructured":"Secci, S., Spoto, F.: Pair-sharing analysis of object-oriented programs. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 320\u2013335. Springer, Heidelberg (2005)"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Shahriar, H., Zulkernine, M.: Information-theoretic detection of SQL injection attacks. In: HASE, pp. 40\u201347. Omaha, NE, USA (2012)","DOI":"10.1109\/HASE.2012.31"},{"issue":"3","key":"10_CR29","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1109\/MC.2012.283","volume":"46","author":"LK Shar","year":"2013","unstructured":"Shar, L.K., Tan, K.: H. B. defeating SQL injection. IEEE Comput. 46(3), 69\u201377 (2013)","journal-title":"IEEE Comput."},{"key":"10_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/978-3-642-36563-8_15","volume-title":"Engineering Secure Software and Systems","author":"B Simic","year":"2013","unstructured":"Simic, B., Walden, J.: Eliminating SQL injection and cross site scripting using aspect oriented programming. In: J\u00fcrjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 213\u2013228. Springer, Heidelberg (2013)"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Skalka, C., Smith, S.: Static enforcement of security with types. In: ICFP, pp. 254\u2013267. ACM press (2000)","DOI":"10.1145\/351240.351244"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Spoto, F.: Nullness analysis in boolean form. In: SEFM, pp. 21\u201330. IEEE, Washington, DC, USA (2008)","DOI":"10.1109\/SEFM.2008.8"},{"issue":"6","key":"10_CR33","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/1543135.1542486","volume":"44","author":"O Tripp","year":"2009","unstructured":"Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. SIGPLAN Not. 44(6), 87\u201397 (2009)","journal-title":"SIGPLAN Not."},{"issue":"2,3","key":"10_CR34","doi-asserted-by":"crossref","first-page":"167","DOI":"10.3233\/JCS-1996-42-304","volume":"4","author":"D Volpano","year":"1996","unstructured":"Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2,3), 167\u2013187 (1996)","journal-title":"J. Comput. Secur."},{"key":"10_CR35","series-title":"advances in intelligent systems and computing","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1007\/978-3-319-12286-1_38","volume-title":"Genetic and Evolutionary Computing","author":"T-Y Wu","year":"2015","unstructured":"Wu, T.-Y., Pan, J.-S., Chen, C.-M., Lin, C.-W.: Towards SQL injection attacks detection mechanism using parse tree. In: Sun, H., Yang, C.-Y., Lin, C.-W., Pan, J.-S., Snasel, V., Abraham, A. (eds.) Genetic and Evolutionary Computing. AISC, vol. 329, pp. 371\u2013380. Springer, Heidelberg (2015)"}],"container-title":["Lecture Notes in Computer Science","Logic for Programming, Artificial Intelligence, and Reasoning"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-48899-7_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T13:28:15Z","timestamp":1748698095000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-48899-7_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662488980","9783662488997"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-48899-7_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}