{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T01:11:01Z","timestamp":1777338661594,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-14-1-0119, FA9550-14-1-0173"],"award-info":[{"award-number":["FA9550-14-1-0119, FA9550-14-1-0173"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1453011, 1516425"],"award-info":[{"award-number":["1453011, 1516425"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3134089","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"799-813","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":43,"title":["AUTHSCOPE"],"prefix":"10.1145","author":[{"given":"Chaoshun","family":"Zuo","sequence":"first","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qingchuan","family":"Zhao","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"\"Facebook app-speciic ids \" https:\/\/developers.facebook.com\/docs\/graph-api\/reference\/user\/."},{"key":"e_1_3_2_2_2_1","volume-title":"https:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616.html. Last accessed","year":"2017","unstructured":"Hypertext transfer protocol. https:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616.html. Last accessed in May 2017."},{"key":"e_1_3_2_2_3_1","unstructured":"\"Plain text ofenders \" last accessed in May 2017."},{"key":"e_1_3_2_2_4_1","volume-title":"last accessed","year":"2017","unstructured":"\"Robotium,\" https:\/\/code.google.com\/p\/robotium\/, last accessed in May 2017."},{"key":"e_1_3_2_2_5_1","volume-title":"last accessed","year":"2017","unstructured":"\"Using burp proxy,\" https:\/\/portswigger.net\/burp\/help\/proxy_using.html, last accessed in May 2017."},{"key":"e_1_3_2_2_6_1","unstructured":"\"Xposed module repository \" http:\/\/repo.xposed.info\/."},{"key":"e_1_3_2_2_7_1","unstructured":"\"Ui\/application exerciser monkey \" https:\/\/developer.android.com\/tools\/help\/monkey.html 2017."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393666"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_2_10_1","volume-title":"Authscan: Automatic extraction of web authentication protocols from implementations.\" in NDSS","author":"Bai G.","year":"2013","unstructured":"G. Bai, J. Lei, G. Meng, S. S. Venkatraman, P. Saxena, J. Sun, Y. Liu, and J. S. Dong, \"Authscan: Automatic extraction of web authentication protocols from implementations.\" in NDSS, 2013."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17533-1_18"},{"key":"e_1_3_2_2_13_1","unstructured":"M. Beddoe \"he protocol informatics project \" 2017 https:\/\/github.com\/wolever\/Protocol-Informatics."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315286"},{"key":"e_1_3_2_2_15_1","first-page":"892","volume-title":"ACM","author":"Chen E. Y.","year":"2014","unstructured":"E. Y. Chen, Y. Pei, S. Chen, Y. Tian, R. Kotcher, and P. Tague, \"Oauth demystiied for mobile application developers,\" in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014, pp. 892--903."},{"key":"e_1_3_2_2_16_1","first-page":"1","volume-title":"Obfuscation-resilient privacy leak detection for mobile apps through diferential analysis,\" in Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS)","author":"Continella A.","year":"2017","unstructured":"A. Continella, Y. Fratantonio, M. Lindorfer, A. Pucceti, A. Zand, C. Kruegel, and G. Vigna, \"Obfuscation-resilient privacy leak detection for mobile apps through diferential analysis,\" in Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2017, pp. 1--16."},{"key":"e_1_3_2_2_17_1","volume-title":"MA","author":"Cui W.","year":"2007","unstructured":"W. Cui, J. Kannan, and H. J. Wang, \"Discoverer: Automatic protocol reverse engineering from network traces,\" in Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455820"},{"key":"e_1_3_2_2_19_1","first-page":"267","article-title":"Nemesis: Preventing authentication & access control vulnerabilities in web applications","author":"Dalton M.","year":"2009","unstructured":"M. Dalton, C. Kozyrakis, and N. Zeldovich, \"Nemesis: Preventing authentication & access control vulnerabilities in web applications.\" in USENIX Security Symposium, 2009, pp. 267--282.","journal-title":"USENIX Security Symposium"},{"key":"e_1_3_2_2_21_1","first-page":"13","article-title":"A classiication of sql-injection atacks and countermeasures","volume":"1","author":"Halfond W. G.","year":"2006","unstructured":"W. G. Halfond, J. Viegas, and A. Orso, \"A classiication of sql-injection atacks and countermeasures,\" in Proceedings of the IEEE International Symposium on Secure Sotware Engineering, vol. 1. IEEE, 2006, pp. 13--15.","journal-title":"Proceedings of the IEEE International Symposium on Secure Sotware Engineering"},{"key":"e_1_3_2_2_22_1","volume-title":"CA","author":"Lin Z.","year":"2008","unstructured":"Z. Lin, X. Jiang, D. Xu, and X. Zhang, \"Automatic protocol format reverse engineering through context-aware monitored execution,\" in Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1453101.1453114"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177123"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491450"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2003.1287256"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.14"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382756.2382798"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/0022-2836(70)90057-4"},{"key":"e_1_3_2_2_31_1","first-page":"1","article-title":"Guitar: an innovative tool for automated testing of gui-driven sotware","author":"Nguyen B.","year":"2013","unstructured":"B. Nguyen, B. Robbins, I. Banerjee, and A. Memon, \"Guitar: an innovative tool for automated testing of gui-driven sotware,\" Automated Sotware Engineering, pp. 1--41, 2013.","journal-title":"Automated Sotware Engineering"},{"key":"e_1_3_2_2_32_1","volume-title":"The multics system: an examination of its structure","author":"Organick E. I.","year":"1972","unstructured":"E. I. Organick, The multics system: an examination of its structure. MIT press, 1972."},{"key":"e_1_3_2_2_33_1","volume-title":"Toward black-box detection of logic laws in web applications.\" in NDSS","author":"Pellegrino G.","year":"2014","unstructured":"G. Pellegrino and D. Balzaroti, \"Toward black-box detection of logic laws in web applications.\" in NDSS, 2014."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435379"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","unstructured":"D. Sounthiraraj J. Sahs G. Greenwood Z. Lin and L. Khan \"Smv-hunter: Large scale automated detection of ssl\/tls man-in-the-middle vulnerabilities in android apps \" in Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS'14) San Diego CA February 2014. 10.14722\/ndss.2014.23205","DOI":"10.14722\/ndss.2014.23205"},{"key":"e_1_3_2_2_36_1","first-page":"378","volume-title":"ACM","author":"Sun S.-T.","year":"2012","unstructured":"S.-T. Sun and K. Beznosov, \"he devil is in the (implementation) details: an empirical analysis of oauth sso systems,\" in Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 2012, pp. 378--390."},{"key":"e_1_3_2_2_37_1","first-page":"12","article-title":"Cross site scripting prevention with dynamic data tainting and static analysis","volume":"2007","author":"Vogt P.","year":"2007","unstructured":"P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, \"Cross site scripting prevention with dynamic data tainting and static analysis.\" in NDSS, vol. 2007, 2007, p. 12.","journal-title":"NDSS"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.30"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.26"},{"key":"e_1_3_2_2_40_1","volume-title":"Explicating sdks: Uncovering assumptions underlying secure authentication and authorization.\" in USENIX Security","author":"Wang R.","year":"2013","unstructured":"R. Wang, Y. Zhou, S. Chen, S. Qadeer, D. Evans, and Y. Gurevich, \"Explicating sdks: Uncovering assumptions underlying secure authentication and authorization.\" in USENIX Security, vol. 13, 2013."},{"key":"e_1_3_2_2_41_1","volume-title":"CA","author":"Wondracek G.","year":"2008","unstructured":"G. Wondracek, P. Milani, C. Kruegel, and E. Kirda, \"Automatic network protocol analysis,\" in Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23118"},{"key":"e_1_3_2_2_43_1","volume-title":"Integuard: Toward automatic protection of third-party web service integrations.\" in NDSS","author":"Xing L.","year":"2013","unstructured":"L. Xing, Y. Chen, X. Wang, and S. Chen, \"Integuard: Toward automatic protection of third-party web service integrations.\" in NDSS, 2013."},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.32"},{"key":"e_1_3_2_2_45_1","first-page":"495","article-title":"Ssoscan: Automated testing of web applications for single sign-on vulnerabilities","author":"Zhou Y.","year":"2014","unstructured":"Y. Zhou and D. Evans, \"Ssoscan: Automated testing of web applications for single sign-on vulnerabilities.\" in USENIX Security, 2014, pp. 495--510.","journal-title":"USENIX Security"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052609"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","unstructured":"C. Zuo W. Wang R. Wang and Z. Lin \"Automatic forgery of cryptographically consistent messages to identify security vulnerabilities in mobile services \" in Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS'16) San Diego CA February 2016. 10.14722\/ndss.2016.23146","DOI":"10.14722\/ndss.2016.23146"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134089","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134089","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134089","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:03Z","timestamp":1750212663000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134089"}},"subtitle":["Towards Automatic Discovery of Vulnerable Authorizations in Online Services"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":46,"alternative-id":["10.1145\/3133956.3134089","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3134089","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}