{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:34:23Z","timestamp":1763458463296,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,8,25]],"date-time":"2017-08-25T00:00:00Z","timestamp":1503619200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-1423623"],"award-info":[{"award-number":["CCF-1423623"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,8,25]]},"DOI":"10.1145\/2970276.2970350","type":"proceedings-article","created":{"date-parts":[[2016,8,26]],"date-time":"2016-08-26T08:40:09Z","timestamp":1472200809000},"page":"155-166","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Finding access control bugs in web applications with CanCheck"],"prefix":"10.1145","author":[{"given":"Ivan","family":"Boci\u0107","sequence":"first","affiliation":[{"name":"University of California at Santa Barbara, USA"}]},{"given":"Tevfik","family":"Bultan","sequence":"additional","affiliation":[{"name":"University of California at Santa Barbara, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,8,25]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"ekremkaraca\/awesome-rails: A collection \/ list of awesome projects sites made with Rails."},{"key":"e_1_3_2_1_2_1","first-page":"50","volume-title":"Proceedings 10th International Workshop on Automated Specification and Verification of Web Systems, WWV 2014","volume":"163","author":"Ali A.","year":"2014","unstructured":"A. Ali and M. Fern\u00e1ndez. Static enforcement of role-based access control. In M. H. ter Beek and A. Ravara, editors, Proceedings 10th International Workshop on Automated Specification and Verification of Web Systems, WWV 2014, Vienna, Austria, July 18, 2014., volume 163 of EPTCS, pages 36\u201350, 2014."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/11804192_17"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568281"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818844"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.48"},{"key":"e_1_3_2_1_7_1","unstructured":"ryanb\/cancan \u2022 GitHub Nov. 2015. https:\/\/github.com\/ryanb\/cancan."},{"key":"e_1_3_2_1_8_1","unstructured":"CanCanCommunity\/cancancan \u2022 GitHub Nov. 2015. https:\/\/github.com\/CanCanCommunity\/cancancan."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866373"},{"key":"e_1_3_2_1_10_1","unstructured":"CoRM - Enfin une solution CRM simple et puissante. Jan. 2016. http:\/\/www.corm.fr\/."},{"key":"e_1_3_2_1_11_1","unstructured":"devise | RubyGems.org | your community gem host Sept. 2013. http:\/\/rubygems.org\/gems\/devise."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/11814771_51"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979280"},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. of 15th NIST-NSA National Computer Security Conference","author":"Ferraiolo D.","year":"1992","unstructured":"D. Ferraiolo and R. Kuhn. Role-based access controls. Proc. of 15th NIST-NSA National Computer Security Conference, 1992."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1809842.1809847"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512558"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062535"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314493.1314497"},{"key":"e_1_3_2_1_19_1","volume-title":"SET 2006","author":"Galeotti J. P.","year":"2006","unstructured":"J. P. Galeotti and M. F. Frias. Dynalloy as a formal method for the analysis of java programs. In Software Engineering Techniques: Design for Quality, SET 2006, October 17-20, 2006, Warsaw, Poland, pages 249\u2013260, 2006."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2009.80"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25821-3_25"},{"key":"e_1_3_2_1_22_1","first-page":"162","article-title":"Guide to attribute based access control (abac) definition and considerations","volume":"800","author":"Hu V. C.","year":"2014","unstructured":"V. C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. Guide to attribute based access control (abac) definition and considerations. NIST Special Publication, 800:162, 2014.","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-008-0087-9"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/505145.505149"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/1146359"},{"key":"e_1_3_2_1_26_1","unstructured":"kandanapp\/kandan Sept. 2013. http:\/\/github.com\/kandanapp\/kandan."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/775265.775268"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1939141.1939161"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.47"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393667"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2643012"},{"key":"e_1_3_2_1_32_1","unstructured":"Open Source Rails Jan. 2016. http:\/\/www.opensourcerails.com."},{"key":"e_1_3_2_1_33_1","volume-title":"Jan.","author":"GitHub","year":"2016","unstructured":"GitHub - elabs\/pundit: Minimal authorization throught OO design and pure Ruby classes, Jan. 2016."},{"key":"e_1_3_2_1_34_1","unstructured":"https:\/\/github.com\/elabs\/pundit."},{"key":"e_1_3_2_1_35_1","unstructured":"jdjkelly\/quant - GitHub Jan. 2016. https:\/\/github.com\/jdjkelly\/quant."},{"key":"e_1_3_2_1_36_1","unstructured":"Rails Routing from the Outside In - Ruby on Rails Guides Jan. 2016. guides.rubyonrails.org\/routing. html#crud-verbs-and-actions."},{"key":"e_1_3_2_1_37_1","unstructured":"macfanatic\/SprintApp Sept. 2014. https:\/\/github.com\/macfanatic\/SprintApp."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028078"},{"key":"e_1_3_2_1_39_1","unstructured":"Jellyfishboy\/trado - Ruby-GitHub Jan. 2016. https:\/\/github.com\/Jellyfishboy\/trado."}],"event":{"name":"ASE'16: ACM\/IEEE International Conference on Automated Software Engineering","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE-CS Computer Society"],"location":"Singapore Singapore","acronym":"ASE'16"},"container-title":["Proceedings of the 31st IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2970276.2970350","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2970276.2970350","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2970276.2970350","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:29:33Z","timestamp":1763458173000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2970276.2970350"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,8,25]]},"references-count":39,"alternative-id":["10.1145\/2970276.2970350","10.1145\/2970276"],"URL":"https:\/\/doi.org\/10.1145\/2970276.2970350","relation":{},"subject":[],"published":{"date-parts":[[2016,8,25]]},"assertion":[{"value":"2016-08-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}