{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T22:13:09Z","timestamp":1729635189719,"version":"3.28.0"},"reference-count":48,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,10]]},"DOI":"10.1109\/ase.2017.8115636","type":"proceedings-article","created":{"date-parts":[[2017,11,23]],"date-time":"2017-11-23T17:03:57Z","timestamp":1511456637000},"page":"229-239","source":"Crossref","is-referenced-by-count":1,"title":["Static detection of asymptotic resource side-channel vulnerabilities in web applications"],"prefix":"10.1109","author":[{"given":"Jia","family":"Chen","sequence":"first","affiliation":[]},{"given":"Oswaldo","family":"Olivo","sequence":"additional","affiliation":[]},{"given":"Isil","family":"Dillig","sequence":"additional","affiliation":[]},{"given":"Calvin","family":"Lin","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892230"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094840"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190251"},{"key":"ref31","article-title":"Finding security vulnerabilities in java applications with static analysis","author":"livshits","year":"2005","journal-title":"USENIX Security Symposium"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315282"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2016.34"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2009.11.015"},{"key":"ref35","article-title":"Jif: Java information flow","volume":"2005","author":"myers","year":"2001","journal-title":"Software Release"},{"key":"ref34","article-title":"Web timing attacks made practical","author":"morgan","year":"2015","journal-title":"Black Hat"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242656"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908092"},{"key":"ref11","article-title":"Remote timing attacks are practical","author":"brumley","year":"2003","journal-title":"USENIX Security Symposium USENIX Association"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2737924.2737955"},{"key":"ref13","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1145\/3009837.3009858","article-title":"Relational cost analysis","author":"\u00e7i\u00e7ek","year":"2017","journal-title":"Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages ser POPL 2017"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046737"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.20"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2007-15302"},{"key":"ref17","first-page":"989","article-title":"Static detection of second-order vulnerabilities in web applications","author":"dahse","year":"2014","journal-title":"USENIX Security Symposium USENIX Association"},{"key":"ref18","first-page":"337","article-title":"Z3: An efficient smt solver","author":"de moura","year":"2008","journal-title":"Tools and Algorithms for the Construction and Analysis of Systems"},{"key":"ref19","first-page":"431","article-title":"Cacheau-dit: A tool for the static analysis of cache side channels","author":"doychev","year":"2013","journal-title":"Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13) USENIX"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3009837.3009842"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.18"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660283"},{"key":"ref29","first-page":"104","article-title":"Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems","author":"kocher","year":"1996","journal-title":"Advances in Cryptology Springer-Verlag"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950362"},{"key":"ref8","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1109\/CSFW.2004.1310735","article-title":"Secure information flow by self-composition","author":"barthe","year":"2004","journal-title":"Computer Security Foundations Workshop 2004 Proceedings 17th IEEE"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21437-0_17"},{"key":"ref2","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/2594291.2594299","article-title":"Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps","author":"arzt","year":"2014","journal-title":"Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23822-2_21"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71316-6_12"},{"key":"ref46","article-title":"Static detection of security vulnerabilities in scripting languages","author":"xie","year":"2006","journal-title":"Usenix Security"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352606"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866374"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44709-3_14"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254078"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813688"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813632"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02658-4_7"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/11547662_24"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1982.10014"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1926385.1926427"},{"key":"ref43","first-page":"447","article-title":"Request and conquer: Exposing cross-origin resource size","author":"van goethem","year":"2016","journal-title":"USENIX Security Symposium USENIX Association"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1594834.1480898"}],"event":{"name":"2017 32nd IEEE\/ACM International Conference on Automated Software Engineering (ASE)","start":{"date-parts":[[2017,10,30]]},"location":"Urbana, IL","end":{"date-parts":[[2017,11,3]]}},"container-title":["2017 32nd IEEE\/ACM International Conference on Automated Software Engineering (ASE)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8106906\/8115603\/08115636.pdf?arnumber=8115636","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,8]],"date-time":"2022-08-08T01:54:57Z","timestamp":1659923697000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/8115636\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10]]},"references-count":48,"URL":"https:\/\/doi.org\/10.1109\/ase.2017.8115636","relation":{},"subject":[],"published":{"date-parts":[[2017,10]]}}}