{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T23:29:49Z","timestamp":1725578989914},"reference-count":50,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,11,24]],"date-time":"2021-11-24T00:00:00Z","timestamp":1637712000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,11,24]],"date-time":"2021-11-24T00:00:00Z","timestamp":1637712000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,11,24]],"date-time":"2021-11-24T00:00:00Z","timestamp":1637712000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,11,24]]},"DOI":"10.1109\/icsrs53853.2021.9660640","type":"proceedings-article","created":{"date-parts":[[2022,1,3]],"date-time":"2022-01-03T20:18:24Z","timestamp":1641241104000},"page":"190-197","source":"Crossref","is-referenced-by-count":1,"title":["Software Reuse Exploits in Node.js Web Apps"],"prefix":"10.1109","author":[{"given":"Tuong Phi","family":"Lau","sequence":"first","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-51280-4_35"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2989002"},{"key":"ref33","first-page":"127","article-title":"Change-aware dynamic program analysis for JavaScript","author":"murthy","year":"2018","journal-title":"Proceedings of the IEEE International Conference on Software Maintenance and Evolution (ICSME)"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884864"},{"key":"ref31","first-page":"49","article-title":"Event-based remote attacks in html5-based mobile apps","author":"lau","year":"2019","journal-title":"Proceedings of 2nd International Workshop on Information and Operational Technology Security Systems (ESORICS International Workshops IOSec MSTEC FINSEC)"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134091"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/DAPPCON.2019.00017"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464836"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-55415-5_12"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09792-9"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23236"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2018.00032"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_2"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3371151"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813680"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00150"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/SANER50967.2021.00050"},{"key":"ref21","first-page":"78","article-title":"A large-scale empirical study on software reuse in mobile apps","author":"israel","year":"2013","journal-title":"IEEE Software 31 4"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417234"},{"key":"ref23","first-page":"62","article-title":"Juxtapp: A scalable system for detecting code reuse among android applications","author":"steve","year":"2012","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SEAA.2019.00022"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ASWEC.2018.00027"},{"year":"0","key":"ref50"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384757"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409745"},{"key":"ref40","first-page":"280","article-title":"IccTA: detecting inter-component privacy leaks in Android apps","author":"li","year":"2015","journal-title":"Proceedings of the International Conference on Software Engineering ICSE'94"},{"key":"ref12","article-title":"Small world with high risks: a study of security threats in the npm ecosystem","author":"zimmermann","year":"2019","journal-title":"arXiv preprint arXiv 1902 11152"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23071"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-020-10014-7"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"ref16","first-page":"934","article-title":"A tough call: Mitigating advanced code-reuse attacks at the binary level","author":"veen","year":"2016","journal-title":"IEEE Symposium on Security and Privacy (SP)"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.52"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417867"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00033"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065916"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00010"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236027"},{"key":"ref5","first-page":"361","article-title":"Freezing the web: a study of redos vulnerabilities in javascript-based web servers","author":"staicu","year":"2018","journal-title":"Proceedings of 27th USENIX Security Symposium"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54580-5_1"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238159"},{"year":"0","key":"ref49"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3447852.3458716"},{"year":"0","key":"ref46"},{"journal-title":"ReDoS attacks","year":"0","key":"ref45"},{"year":"0","key":"ref48"},{"year":"0","key":"ref47"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-35092-5_3"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"journal-title":"Node js Foundation","year":"0","key":"ref44"},{"journal-title":"Node js npm modules","year":"0","key":"ref43"}],"event":{"name":"2021 5th International Conference on System Reliability and Safety (ICSRS)","start":{"date-parts":[[2021,11,24]]},"location":"Palermo, Italy","end":{"date-parts":[[2021,11,26]]}},"container-title":["2021 5th International Conference on System Reliability and Safety (ICSRS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9660621\/9660622\/09660640.pdf?arnumber=9660640","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T16:56:42Z","timestamp":1652201802000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9660640\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,24]]},"references-count":50,"URL":"https:\/\/doi.org\/10.1109\/icsrs53853.2021.9660640","relation":{},"subject":[],"published":{"date-parts":[[2021,11,24]]}}}