{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T01:34:57Z","timestamp":1773192897819,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2005,6,13]]},"DOI":"10.1145\/1065167.1065169","type":"proceedings-article","created":{"date-parts":[[2005,8,3]],"date-time":"2005-08-03T08:31:47Z","timestamp":1123057907000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":125,"title":["Context-sensitive program analysis as database queries"],"prefix":"10.1145","author":[{"given":"Monica S.","family":"Lam","sequence":"first","affiliation":[{"name":"Stanford University, Stanford, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Whaley","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V. Benjamin","family":"Livshits","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael C.","family":"Martin","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dzintars","family":"Avots","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Carbin","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"Unkel","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2005,6,13]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.23"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062520"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/0743-1066(87)90004-5"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/645880.672077"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/6012.15399"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/781131.781144"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/1760267.1760270"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/950792.951386"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.1986.1676819"},{"key":"e_1_3_2_1_11_1","volume-title":"Hacking Exposed: J2EE and Java: Developing Secure Applications with Java Technology","author":"Buege B.","year":"2002","unstructured":"B. Buege , R. Layman , and A. Taylor . Hacking Exposed: J2EE and Java: Developing Secure Applications with Java Technology . McGraw-Hill\/Osborne , 2002 .]] B. Buege, R. Layman, and A. Taylor. Hacking Exposed: J2EE and Java: Developing Secure Applications with Java Technology. McGraw-Hill\/Osborne, 2002.]]"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1002\/(SICI)1097-024X(200006)30:7%3C775::AID-SPE309%3E3.0.CO;2-H"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/83229"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/0743-1066(85)90002-0"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/227595.227597"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.111"},{"key":"e_1_3_2_1_17_1","unstructured":"H. Cohen. BuDDy - a Binary Decision Diagram package. http:\/\/buddy. sourceforge.net\/.]]  H. Cohen. BuDDy - a Binary Decision Diagram package. http:\/\/buddy. sourceforge.net\/.]]"},{"key":"e_1_3_2_1_18_1","unstructured":"S. Cook. A Web developer's guide to cross-site scripting. http:\/\/www.giac.org\/practical\/GSEC\/Steve_Cook_GSEC. pdf 2003.]]  S. Cook. A Web developer's guide to cross-site scripting. http:\/\/www.giac.org\/practical\/GSEC\/Steve_Cook_GSEC. pdf 2003.]]"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/646449.692605"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/647170.718301"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/178243.178264"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/349299.349332"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0004-3702(02)00209-6"},{"key":"e_1_3_2_1_24_1","unstructured":"J. Grossman. WASC activities and U.S. Web application security trends. http:\/\/www.whitehatsec.com\/presentations\/WASC_WASF_1.02.pdf 2004.]]  J. Grossman. WASC activities and U.S. Web application security trends. http:\/\/www.whitehatsec.com\/presentations\/WASC_WASF_1.02.pdf 2004.]]"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/1622420.1622423"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512539"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/378795.378855"},{"key":"e_1_3_2_1_28_1","unstructured":"G. Hulme. New software may improve application security. http:\/\/www.informationweek.com\/story\/IWK20010209S0003 2001.]]  G. Hulme. New software may improve application security. http:\/\/www.informationweek.com\/story\/IWK20010209S0003 2001.]]"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/645480.655263"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251375.1251384"},{"key":"e_1_3_2_1_31_1","unstructured":"A. Klein. Divide and conquer: HTTP response splitting Web cache poisoning attacks and related topics. http:\/\/www.sanctuminc.com\/pdf\/Whitepaper_HTTPResponse.pdf 2004.]]  A. Klein. Divide and conquer: HTTP response splitting Web cache poisoning attacks and related topics. http:\/\/www.sanctuminc.com\/pdf\/Whitepaper_HTTPResponse.pdf 2004.]]"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/155090.155096"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/1765931.1765948"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/996841.996861"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/888251.888268"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/647171.716101"},{"key":"e_1_3_2_1_37_1","first-page":"640","volume-title":"Computational Logic - Essays in Honor of Alan Robinson","author":"Naughton J. F.","year":"1991","unstructured":"J. F. Naughton and R. Ramakrishnan . Bottom-up evaluation of logic programs . In Computational Logic - Essays in Honor of Alan Robinson , pages 640 -- 700 , 1991 .]] J. F. Naughton and R. Ramakrishnan. Bottom-up evaluation of logic programs. In Computational Logic - Essays in Honor of Alan Robinson, pages 640--700, 1991.]]"},{"key":"e_1_3_2_1_38_1","unstructured":"Open Web Application Security Project. The ten most critical Web application security vulnerabilities. http:\/\/umn.dl.sourceforge.net\/sourceforge\/owasp\/OWASPTopTen2004.pdf 2004.]]  Open Web Application Security Project. The ten most critical Web application security vulnerabilities. http:\/\/umn.dl.sourceforge.net\/sourceforge\/owasp\/OWASPTopTen2004.pdf 2004.]]"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/645916.671996"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/170035.170067"},{"key":"e_1_3_2_1_41_1","first-page":"163","volume-title":"Applications of Logic Databases","author":"Reps T.","year":"1994","unstructured":"T. Reps . Demand interprocedural program analysis using logic databases . Applications of Logic Databases , pages 163 -- 196 , 1994 .]] T. Reps. Demand interprocedural program analysis using logic databases. Applications of Logic Databases, pages 163--196, 1994.]]"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.5555\/647472.727424"},{"key":"e_1_3_2_1_43_1","first-page":"159","volume-title":"Proceedings of the 11th Annual Network and Distributed System Security Symposium","author":"Ruwase O.","year":"2004","unstructured":"O. Ruwase and M. S. Lam . A practical dynamic buffer overflow detector . In Proceedings of the 11th Annual Network and Distributed System Security Symposium , pages 159 -- 169 , 2004 .]] O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, pages 159--169, 2004.]]"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/572741"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251327.1251343"},{"key":"e_1_3_2_1_46_1","first-page":"189","volume-title":"Program Flow Analysis: Theory and Applications","author":"Sharir M.","year":"1981","unstructured":"M. Sharir and A. Pnueli . Two approaches to interprocedural data-flow analyis . In S. Muchnick and N. D. Jones, editors, Program Flow Analysis: Theory and Applications , chapter 7, pages 189 -- 234 . Prentice-Hall , 1981 .]] M. Sharir and A. Pnueli. Two approaches to interprocedural data-flow analyis. In S. Muchnick and N. D. Jones, editors, Program Flow Analysis: Theory and Applications, chapter 7, pages 189--234. Prentice-Hall, 1981.]]"},{"key":"e_1_3_2_1_47_1","unstructured":"N. J. A. Sloane. The on-line encyclopedia of integer sequences: A000670. http:\/\/www.research.att.com\/as\/sequences 2003.]]  N. J. A. Sloane. The on-line encyclopedia of integer sequences: A000670. http:\/\/www.research.att.com\/as\/sequences 2003.]]"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/237721.237727"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/645520.655970"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/73721.73736"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.5555\/533142"},{"key":"e_1_3_2_1_52_1","volume-title":"Apr.","author":"Vernon M.","year":"2004","unstructured":"M. Vernon . Top five threats. ComputerWeekly.com (http:\/\/www.computerweekly.com\/Article129980.htm) , Apr. 2004 .]] M. Vernon. Top five threats. ComputerWeekly.com (http:\/\/www.computerweekly.com\/Article129980.htm), Apr. 2004.]]"},{"key":"e_1_3_2_1_53_1","first-page":"3","volume-title":"Proceedings of Network and Distributed Systems Security Symposium","author":"Wagner D.","year":"2000","unstructured":"D. Wagner , J. Foster , E. Brewer , and A. Aiken . A first step towards automated detection of buffer overrun vulnerabilities . In Proceedings of Network and Distributed Systems Security Symposium , pages 3 -- 17 , 2000 .]] D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of Network and Distributed Systems Security Symposium, pages 3--17, 2000.]]"},{"key":"e_1_3_2_1_54_1","unstructured":"WebCohort Inc. Only 10% of Web applications are secured against common hacking techniques. http:\/\/www.imperva.com\/company\/news\/2004-feb-02.html 2004.]]  WebCohort Inc. Only 10% of Web applications are secured against common hacking techniques. http:\/\/www.imperva.com\/company\/news\/2004-feb-02.html 2004.]]"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/996841.996859"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.5555\/647171.718318"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/320384.320400"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/207110.207111"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.5555\/647171.718323"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/774572.774594"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/996841.996860"}],"event":{"name":"SIGMOD\/PODS05: International Conference on Management of Data and Symposium on Principles Database and Systems","location":"Baltimore Maryland","acronym":"SIGMOD\/PODS05","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGAI ACM Special Interest Group on Artificial Intelligence","SIGACT ACM Special Interest Group on Algorithms and Computation Theory"]},"container-title":["Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1065167.1065169","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,21]],"date-time":"2023-12-21T19:14:56Z","timestamp":1703186096000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1065167.1065169"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,6,13]]},"references-count":60,"alternative-id":["10.1145\/1065167.1065169","10.1145\/1065167"],"URL":"https:\/\/doi.org\/10.1145\/1065167.1065169","relation":{},"subject":[],"published":{"date-parts":[[2005,6,13]]},"assertion":[{"value":"2005-06-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}