{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:12:37Z","timestamp":1763467957827,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,10,11]],"date-time":"2009-10-11T00:00:00Z","timestamp":1255219200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,10,11]]},"DOI":"10.1145\/1629575.1629604","type":"proceedings-article","created":{"date-parts":[[2009,10,13]],"date-time":"2009-10-13T15:11:11Z","timestamp":1255446671000},"page":"291-304","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":101,"title":["Improving application security with data flow assertions"],"prefix":"10.1145","author":[{"given":"Alexander","family":"Yip","sequence":"first","affiliation":[{"name":"MIT, Cambridge, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xi","family":"Wang","sequence":"additional","affiliation":[{"name":"MIT, Cambridge, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nickolai","family":"Zeldovich","sequence":"additional","affiliation":[{"name":"MIT, Cambridge, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M. Frans","family":"Kaashoek","sequence":"additional","affiliation":[{"name":"MIT, Cambridge, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2009,10,11]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_1_1_1","DOI":"10.5555\/1444452.1445705"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.5555\/998684.1006926"},{"unstructured":"J. Bae. Vulnerability of uploading files with multiple extensions in phpBB attachment mod. http:\/\/seclists.org\/fulldisclosure\/2004\/Dec\/0347.html.CVE-2004-1404.  J. Bae. Vulnerability of uploading files with multiple extensions in phpBB attachment mod. http:\/\/seclists.org\/fulldisclosure\/2004\/Dec\/0347.html.CVE-2004-1404.","key":"e_1_3_2_1_3_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_4_1","DOI":"10.1145\/1542207.1542238"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_5_1","DOI":"10.1007\/11804192_17"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1007\/978-3-540-30569-9_3"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_7_1","DOI":"10.1145\/1065010.1065047"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_8_1","DOI":"10.1145\/1455770.1455778"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_9_1","DOI":"10.1145\/1294261.1294265"},{"key":"e_1_3_2_1_10_1","first-page":"1","volume-title":"Proc. of the 16th USENIX Security Symposium","author":"Chong S.","year":"2007","unstructured":"S. Chong , K. Vikram , and A.C. Myers . SIF: Enforcing confidentiality and integrity in web applications . In Proc. of the 16th USENIX Security Symposium , pages 1 -- 16 , Boston, MA , August 2007 . S. Chong, K. Vikram, and A.C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In Proc. of the 16th USENIX Security Symposium, pages 1--16, Boston, MA, August 2007."},{"unstructured":"CWH Underground. Kwalbum arbitrary file upload vulnerabilities. http:\/\/www.milw0rm.com\/exploits\/6664.CVE-2008-5677.  CWH Underground. Kwalbum arbitrary file upload vulnerabilities. http:\/\/www.milw0rm.com\/exploits\/6664.CVE-2008-5677.","key":"e_1_3_2_1_11_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_12_1","DOI":"10.5555\/646962.712108"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1145\/360051.360056"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_14_1","DOI":"10.1145\/1352592.1352624"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_15_1","DOI":"10.1145\/1095810.1095813"},{"unstructured":"Emory University. Multiple vulnerabilities in AWStats Totals. http:\/\/userwww.service.emory.edu\/~ekenda2\/EMORY-2008-01.txt. CVE-2008-3922.  Emory University. Multiple vulnerabilities in AWStats Totals. http:\/\/userwww.service.emory.edu\/~ekenda2\/EMORY-2008-01.txt. CVE-2008-3922.","key":"e_1_3_2_1_16_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.5555\/1251229.1251230"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_18_1","DOI":"10.1109\/52.976940"},{"key":"e_1_3_2_1_19_1","first-page":"554","volume-title":"Proc. of the 15th National Computer Security Conference","author":"Ferraiolo D.F.","year":"1992","unstructured":"D.F. Ferraiolo and D.R. Kuhn . Role-based access control . In Proc. of the 15th National Computer Security Conference , pages 554 -- 563 , Baltimore, MD , October 1992 . D.F. Ferraiolo and D.R. Kuhn. Role-based access control. In Proc. of the 15th National Computer Security Conference, pages 554--563, Baltimore, MD, October 1992."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1145\/1377836.1377866"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1145\/1101908.1101935"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1145\/1181775.1181797"},{"unstructured":"N. Hippert. phpMyAdmin code execution vulnerability. http:\/\/fd.the-wildcat.de\/pma_e36a091q11.php.CVE-2008-4096.  N. Hippert. phpMyAdmin code execution vulnerability. http:\/\/fd.the-wildcat.de\/pma_e36a091q11.php.CVE-2008-4096.","key":"e_1_3_2_1_23_1"},{"unstructured":"S. Kasatani. Safe ERB plugin. http:\/\/agilewebdevelopment.com\/plugins\/safe_erb.  S. Kasatani. Safe ERB plugin. http:\/\/agilewebdevelopment.com\/plugins\/safe_erb.","key":"e_1_3_2_1_24_1"},{"key":"e_1_3_2_1_25_1","first-page":"273","volume-title":"Proc. of the 2003 USENIX Annual Technical Conference, FREENIX track","author":"Kilpatrick D.","year":"2003","unstructured":"D. Kilpatrick . Privman : A library for partitioning applications . In Proc. of the 2003 USENIX Annual Technical Conference, FREENIX track , pages 273 -- 284 , San Antonio, TX , June 2003 . D. Kilpatrick. Privman: A library for partitioning applications. In Proc. of the 2003 USENIX Annual Technical Conference, FREENIX track, pages 273--284, San Antonio, TX, June 2003."},{"key":"e_1_3_2_1_26_1","volume-title":"Proc. of the Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems","author":"Kohler E.","year":"2008","unstructured":"E. Kohler . Hot crap! In Proc. of the Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems , San Francisco, CA , April 2008 . E. Kohler. Hot crap! In Proc. of the Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, San Francisco, CA, April 2008."},{"key":"e_1_3_2_1_27_1","first-page":"185","volume-title":"Proc. of the 2004 USENIX Annual Technical Conference","author":"Krohn M.","year":"2004","unstructured":"M. Krohn . Building secure high-performance web services with OKWS . In Proc. of the 2004 USENIX Annual Technical Conference , pages 185 -- 198 , Boston, MA, June- July 2004 . M. Krohn. Building secure high-performance web services with OKWS. In Proc. of the 2004 USENIX Annual Technical Conference, pages 185--198, Boston, MA, June-July 2004."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_28_1","DOI":"10.1145\/1294261.1294293"},{"key":"e_1_3_2_1_29_1","first-page":"271","volume-title":"Proc. of the 14th USENIX Security Symposium","author":"Livshits V.B.","year":"2005","unstructured":"V.B. Livshits and M.S. Lam . Finding security vulnerabilities in Java applications with static analysis . In Proc. of the 14th USENIX Security Symposium , pages 271 -- 286 , Baltimore, MD , August 2005 . V.B. Livshits and M.S. Lam. Finding security vulnerabilities in Java applications with static analysis. In Proc. of the 14th USENIX Security Symposium, pages 271--286, Baltimore, MD, August 2005."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/1094811.1094840"},{"unstructured":"MoinMoin. The MoinMoin wiki engine. http:\/\/moinmoin.wikiwikiweb.de\/.  MoinMoin. The MoinMoin wiki engine. http:\/\/moinmoin.wikiwikiweb.de\/.","key":"e_1_3_2_1_31_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_32_1","DOI":"10.1145\/363516.363526"},{"unstructured":"myPHPscripts.net. Login session script. http:\/\/www.myphpscripts.net\/?sid=7. CVE-2008-5855.  myPHPscripts.net. Login session script. http:\/\/www.myphpscripts.net\/?sid=7. CVE-2008-5855.","key":"e_1_3_2_1_33_1"},{"key":"e_1_3_2_1_34_1","first-page":"295","volume-title":"Proc. of the 20th IFIP International Information Security Conference","author":"A.","year":"2005","unstructured":"A. Nguyen-tuong, S. Guarnieri , D. Greene , J. Shirley , and D. Evans . Automatically hardening Web applications using precise tainting . In Proc. of the 20th IFIP International Information Security Conference , pages 295 -- 307 , Chiba, Japan , May 2005 . A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening Web applications using precise tainting. In Proc. of the 20th IFIP International Information Security Conference, pages 295--307, Chiba, Japan, May 2005."},{"unstructured":"Osirys. myPHPscripts login session password disclosure. http:\/\/nvd.nist.gov\/nvd.cfm?cvename=CVE-2008-5855. CVE-2008-5855.  Osirys. myPHPscripts login session password disclosure. http:\/\/nvd.nist.gov\/nvd.cfm?cvename=CVE-2008-5855. CVE-2008-5855.","key":"e_1_3_2_1_35_1"},{"unstructured":"Osirys. wPortfolio arbitrary file upload exploit. http:\/\/www.milw0rm.com\/exploits\/7165. CVE-2008-5220.  Osirys. wPortfolio arbitrary file upload exploit. http:\/\/www.milw0rm.com\/exploits\/7165. CVE-2008-5220.","key":"e_1_3_2_1_36_1"},{"unstructured":"Perl.org. Perl taint mode. http:\/\/perldoc.perl.org\/perlsec.html.  Perl.org. Perl taint mode. http:\/\/perldoc.perl.org\/perlsec.html.","key":"e_1_3_2_1_37_1"},{"unstructured":"phpMyAdmin. phpMyAdmin 3.1.0. http:\/\/www.phpmyadmin.net\/.  phpMyAdmin. phpMyAdmin 3.1.0. http:\/\/www.phpmyadmin.net\/.","key":"e_1_3_2_1_38_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_39_1","DOI":"10.1007\/11663812_7"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_40_1","DOI":"10.1109\/SP.2008.29"},{"unstructured":"The MITRE Corporation. Common vulnerabilities and exposures (CVE) database. http:\/\/cve.mitre.org\/data\/downloads\/.  The MITRE Corporation. Common vulnerabilities and exposures (CVE) database. http:\/\/cve.mitre.org\/data\/downloads\/.","key":"e_1_3_2_1_41_1"},{"key":"e_1_3_2_1_42_1","volume-title":"Pragmatic Bookshelf","author":"Thomas D.","year":"2004","unstructured":"D. Thomas , C. Fowler , and A. Hunt . Programming Ruby: The Pragmatic Programmers' Guide . Pragmatic Bookshelf , 2004 . D. Thomas, C. Fowler, and A. Hunt. Programming Ruby: The Pragmatic Programmers' Guide. Pragmatic Bookshelf, 2004."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_43_1","DOI":"10.1145\/1133058.1133081"},{"unstructured":"W. Venema. Taint support for PHP. http:\/\/wiki.php.net\/rfc\/taint.  W. Venema. Taint support for PHP. http:\/\/wiki.php.net\/rfc\/taint.","key":"e_1_3_2_1_44_1"},{"issue":"2","key":"e_1_3_2_1_45_1","first-page":"31","article-title":"Applying aspect-oriented programming to security","volume":"14","author":"Viega J.","year":"2001","unstructured":"J. Viega , J.T. Bloch , and P. Chandra . Applying aspect-oriented programming to security . Cutter IT Journal , 14 ( 2 ): 31 -- 39 , February 2001 . J. Viega, J.T. Bloch, and P. Chandra. Applying aspect-oriented programming to security. Cutter IT Journal, 14(2):31--39, February 2001.","journal-title":"Cutter IT Journal"},{"unstructured":"T. Waldmann. Check the ACL of the included page when using the rst parser's include directive. http:\/\/hg.moinmo.in\/moin\/1.6\/rev\/35ff7a9b1546. CVE-2008-6548.  T. Waldmann. Check the ACL of the included page when using the rst parser's include directive. http:\/\/hg.moinmo.in\/moin\/1.6\/rev\/35ff7a9b1546. CVE-2008-6548.","key":"e_1_3_2_1_46_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_47_1","DOI":"10.1145\/1250734.1250739"},{"doi-asserted-by":"crossref","unstructured":"Web Application Security Consortium. 2007 web application security statistics. http:\/\/www.webappsec.org\/projects\/statistics\/wasc_wass_2007.pdf.  Web Application Security Consortium. 2007 web application security statistics. http:\/\/www.webappsec.org\/projects\/statistics\/wasc_wass_2007.pdf.","key":"e_1_3_2_1_48_1","DOI":"10.1016\/S1353-4858(07)70094-6"},{"key":"e_1_3_2_1_49_1","first-page":"179","volume-title":"Proc. of the 15th USENIX Security Symposium","author":"Xie Y.","year":"2006","unstructured":"Y. Xie and A. Aiken . Static detection of security vulnerabilities in scripting languages . In Proc. of the 15th USENIX Security Symposium , pages 179 -- 192 , Vancouver, BC, Canada , July 2006 . Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In Proc. of the 15th USENIX Security Symposium, pages 179--192, Vancouver, BC, Canada, July 2006."},{"key":"e_1_3_2_1_50_1","first-page":"159","volume-title":"Proc. of the 4th NSDI","author":"Yumerefendi A.","year":"2007","unstructured":"A. Yumerefendi , B. Mickle , and L.P. Cox . TightLip: Keeping applications from spilling the beans . In Proc. of the 4th NSDI , pages 159 -- 172 , Cambridge, MA , April 2007 . A. Yumerefendi, B. Mickle, and L.P. Cox. TightLip: Keeping applications from spilling the beans. In Proc. of the 4th NSDI, pages 159--172, Cambridge, MA, April 2007."},{"key":"e_1_3_2_1_51_1","first-page":"263","volume-title":"Proc. of the 7th OSDI","author":"Zeldovich N.","year":"2006","unstructured":"N. Zeldovich , S. Boyd-Wickizer , E. Kohler , and D. Mazi\u00e8res . Making information flow explicit in HiStar . In Proc. of the 7th OSDI , pages 263 -- 278 , Seattle, WA , November 2006 . N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazi\u00e8res. Making information flow explicit in HiStar. In Proc. of the 7th OSDI, pages 263--278, Seattle, WA, November 2006."},{"key":"e_1_3_2_1_52_1","first-page":"293","volume-title":"Proc. of the 5th NSDI","author":"Zeldovich N.","year":"2008","unstructured":"N. Zeldovich , S. Boyd-Wickizer , and D. Mazi\u00e8res . Securing distributed systems with information flow control . In Proc. of the 5th NSDI , pages 293 -- 308 , San Francisco, CA , April 2008 . N. Zeldovich, S. Boyd-Wickizer, and D. Mazi\u00e8res. Securing distributed systems with information flow control. In Proc. of the 5th NSDI, pages 293--308, San Francisco, CA, April 2008."}],"event":{"sponsor":["SIGOPS ACM Special Interest Group on Operating Systems","ACM Association for Computing Machinery"],"acronym":"SOSP09","name":"SOSP09: ACM SIGOPS 22nd Symposium on Operating Systems Principles","location":"Big Sky Montana USA"},"container-title":["Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1629575.1629604","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1629575.1629604","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:23:27Z","timestamp":1750249407000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1629575.1629604"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,10,11]]},"references-count":52,"alternative-id":["10.1145\/1629575.1629604","10.1145\/1629575"],"URL":"https:\/\/doi.org\/10.1145\/1629575.1629604","relation":{},"subject":[],"published":{"date-parts":[[2009,10,11]]},"assertion":[{"value":"2009-10-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}