{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T03:47:24Z","timestamp":1772164044297,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,10,22]],"date-time":"2011-10-22T00:00:00Z","timestamp":1319241600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,10,22]]},"DOI":"10.1145\/2048066.2048146","type":"proceedings-article","created":{"date-parts":[[2011,10,25]],"date-time":"2011-10-25T08:23:06Z","timestamp":1319530986000},"page":"1069-1084","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["RoleCast"],"prefix":"10.1145","author":[{"given":"Sooel","family":"Son","sequence":"first","affiliation":[{"name":"University of Texas at Austin , Austin, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kathryn S.","family":"McKinley","sequence":"additional","affiliation":[{"name":"Microsoft Research and Universirty of Texas at Austin, Austin, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vitaly","family":"Shmatikov","sequence":"additional","affiliation":[{"name":"University of Texas at Austin, Austin, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,10,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315250"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1814217.1814218"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455778"},{"key":"e_1_3_2_1_4_1","first-page":"234","volume-title":"PLDI","author":"Chlipala A.","year":"2011","unstructured":"A. Chlipala . Static checking of dynamically-varying security policies in database-backed applications . In PLDI , pages 234 -- 245 , 2011 . A. Chlipala. Static checking of dynamically-varying security policies in database-backed applications. In PLDI, pages 234--245, 2011."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/115372.115320"},{"key":"e_1_3_2_1_6_1","first-page":"267","volume-title":"USENIX Security","author":"Dalton M.","year":"2009","unstructured":"M. Dalton , C. Kozyrakis , and N. Zeldovich . Nemesis: Preventing authentication and access control vulnerabilities in Web applications . In USENIX Security , pages 267 -- 282 , 2009 . M. Dalton, C. Kozyrakis, and N. Zeldovich. Nemesis: Preventing authentication and access control vulnerabilities in Web applications. In USENIX Security, pages 267--282, 2009."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_3_2_1_8_1","first-page":"143","volume-title":"USENIX Security","author":"Felmetsger V.","year":"2010","unstructured":"V. Felmetsger , L. Cavedon , C. Kruegel , and G. Vigna . Toward automated detection of logic vulnerabilities in Web applications . In USENIX Security , pages 143 -- 160 , 2010 . V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. Toward automated detection of logic vulnerabilities in Web applications. In USENIX Security, pages 143--160, 2010."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_11_1","unstructured":"JSP. http:\/\/java.sun.com\/products\/jsp.  JSP. http:\/\/java.sun.com\/products\/jsp."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/582419.582452"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542485"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1081706.1081754"},{"key":"e_1_3_2_1_15_1","unstructured":"PHP. http:\/\/www.php.net.  PHP. http:\/\/www.php.net."},{"key":"e_1_3_2_1_16_1","unstructured":"PHP advent 2010: Usage statistics. http:\/\/phpadvent.org\/2010\/usage-statistics-by-ilia-alshanetsky.  PHP advent 2010: Usage statistics. http:\/\/phpadvent.org\/2010\/usage-statistics-by-ilia-alshanetsky."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/11531142_16"},{"key":"e_1_3_2_1_18_1","unstructured":"Quercus. http:\/\/quercus.caucho.com.  Quercus. http:\/\/quercus.caucho.com."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368327"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2166956.2166964"},{"key":"e_1_3_2_1_21_1","unstructured":"Soot: A Java optimization framework. http:\/\/www.sable.mcgill.ca\/soot\/.  Soot: A Java optimization framework. http:\/\/www.sable.mcgill.ca\/soot\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993539"},{"key":"e_1_3_2_1_23_1","first-page":"379","volume-title":"USENIX Security","author":"Tan L.","year":"2008","unstructured":"L. Tan , X. Zhang , X. Ma , W. Xiong , and Y. Zhou . AutoISES: Automatically inferring security specifications and detecting violations . In USENIX Security , pages 379 -- 394 , 2008 . L. Tan, X. Zhang, X. Ma, W. Xiong, and Y. Zhou. AutoISES: Automatically inferring security specifications and detecting violations. In USENIX Security, pages 379--394, 2008."},{"key":"e_1_3_2_1_24_1","unstructured":"Apache Tomcat. http:\/\/tomcat.apache.org.  Apache Tomcat. http:\/\/tomcat.apache.org."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"e_1_3_2_1_26_1","first-page":"179","volume-title":"USENIX Security","author":"Xie Y.","year":"2006","unstructured":"Y. Xie and A. Aiken . Static detection of security vulnerabilities in scripting languages . In USENIX Security , pages 179 -- 192 , 2006 . Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX Security, pages 179--192, 2006."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629604"}],"event":{"name":"SPLASH '11: Conference on Systems, Programming, and Applications: Software for Humanity","location":"Portland Oregon USA","acronym":"SPLASH '11","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages"]},"container-title":["Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2048066.2048146","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2048066.2048146","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:32Z","timestamp":1750225712000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2048066.2048146"}},"subtitle":["finding missing security checks when you do not know what checks are"],"short-title":[],"issued":{"date-parts":[[2011,10,22]]},"references-count":27,"alternative-id":["10.1145\/2048066.2048146","10.1145\/2048066"],"URL":"https:\/\/doi.org\/10.1145\/2048066.2048146","relation":{"is-identical-to":[{"id-type":"doi","id":"10.1145\/2076021.2048146","asserted-by":"object"}]},"subject":[],"published":{"date-parts":[[2011,10,22]]},"assertion":[{"value":"2011-10-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}