{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,9]],"date-time":"2026-07-09T15:22:25Z","timestamp":1783610545057,"version":"3.55.0"},"reference-count":82,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179352","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"1059-1076","source":"Crossref","is-referenced-by-count":21,"title":["Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability"],"prefix":"10.1109","author":[{"given":"Mingqing","family":"Kang","sequence":"first","affiliation":[{"name":"Johns Hopkins University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yichao","family":"Xu","sequence":"additional","affiliation":[{"name":"Johns Hopkins University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Song","family":"Li","sequence":"additional","affiliation":[{"name":"Zhejiang University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rigel","family":"Gjomemo","sequence":"additional","affiliation":[{"name":"University of Illinois Chicago"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jianwei","family":"Hou","sequence":"additional","affiliation":[{"name":"Remain University of China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"V. N.","family":"Venkatakrishnan","sequence":"additional","affiliation":[{"name":"University of Illinois Chicago"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yinzhi","family":"Cao","sequence":"additional","affiliation":[{"name":"Johns Hopkins University"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00052"},{"key":"ref2","article-title":"Static exploration of Taint-Style vulnerabilities found by fuzzing","volume-title":"11th USENIX Workshop on Offensive Technologies (WOOT 17)"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23071"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359813"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484745"},{"key":"ref7","volume-title":"CodeQL"},{"key":"ref8","article-title":"Mining Node.js vulnerabilities via object dependence graph and query","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Li"},{"key":"ref9","article-title":"SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript","volume-title":"International Workshop on Foundations of Object-Oriented Languages (FOOL)","volume":"10","author":"Lee"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338933"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468542"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03237-0_17"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464836"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24150"},{"key":"ref18","volume-title":"ODGen source code","author":"Li"},{"key":"ref21","volume-title":"Best Node.js CMS platforms for 2022","author":"James"},{"key":"ref22","volume-title":"Ghost CMS 4.3.2 - cross-origin admin takeover","author":"Gerste"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606621"},{"key":"ref25","volume-title":"Vulnerability disclosure policy","author":"Manion"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336758"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2398857.2384660"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491447"},{"key":"ref31","article-title":"Prototype pollution attack in NodeJS application","author":"Arteau","year":"2018","journal-title":"North-Sec"},{"key":"ref32","first-page":"1","article-title":"DAPP: automatic detection and analysis of prototype pollution vulnerability in Node.js modules","author":"Kim","year":"2021","journal-title":"International Journal of Information Security"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484535"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23055"},{"key":"ref36","first-page":"361","article-title":"Freezing the web: A study of ReDoS vulnerabilities in JavaScript-based web servers","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Staicu"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00077"},{"key":"ref38","first-page":"343","article-title":"A sense of time for JavaScript and Node.js: First-class timeouts as a cure for event handler poisoning","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Davis"},{"key":"ref39","first-page":"121","article-title":"Mininode: Reducing the attack surface of Node.js applications","volume-title":"23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)","author":"Koishybayev"},{"key":"ref40","first-page":"2951","article-title":"Abusing hidden properties to attack the Node.js ecosystem","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Xiao"},{"key":"ref41","article-title":"Silent Spring: Prototype pollution leads to remote code execution in Node.js","author":"Shcherbakov","year":"2023"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24308"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-020-00537-0"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.38"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3092282.3092295"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3236950.3236956"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"ref48","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2019.23009","article-title":"Don\u2019t trust the locals: Investigating the prevalence of persistent client-side cross-site scripting in the wild","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Steffens"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133959"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978384"},{"key":"ref51","article-title":"Pathcutter: Severing the self-propagation path of xss JavaScript worms in social web networks","author":"Cao","year":"2012","journal-title":"NDSS"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00022"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409747"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345656"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_14"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664256"},{"key":"ref57","article-title":"Malicious code detection technologies","volume-title":"US Patent","author":"Cao","year":"2015"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468577"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2013.6575317"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_14"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866387"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133996"},{"key":"ref63","first-page":"2525","article-title":"JAW: Studying client-side CSRF with hybrid property graphs and declarative traversals","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Khodayari"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23152"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24394"},{"key":"ref66","article-title":"Rendered private: Making glsl execution uniform to prevent webgl-based browser fingerprinting","author":"Wu","year":"2019","journal-title":"USENIX Security"},{"key":"ref67","article-title":"I do not know what you visited last summer: Protecting users from third-party web tracking with trackingfree browser","author":"Pan","year":"2015","journal-title":"NDSS"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23009"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3447852.3458718"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2803191"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134091"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23233"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3465413.3488573"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635904"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635916"},{"key":"ref77","article-title":"Brave PageGraph"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00005"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468556"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.3390\/technologies9010003"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2018.00028"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ICIEV.2014.6850807"},{"key":"ref83","article-title":"Evaluation of static JavaScript call graph algorithms","volume-title":"Ph.D. dissertation, Software Analysis and Transformation","author":"Dijkstra","year":"2014"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/3510457.3513059"},{"key":"ref85","article-title":"Automatic root cause quantification for missing edges in JavaScript call graphs","volume-title":"36th European Conference on Object-Oriented Programming (ECOOP 2022)","author":"Chakraborty"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.14"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/1297846.1297902"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010248"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3029052"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2005.2"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,21]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179352.pdf?arnumber=10179352","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:18:40Z","timestamp":1721452720000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179352\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":82,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179352","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}