{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T03:53:17Z","timestamp":1769745197151,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":83,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["N66001-22-C-4028"],"award-info":[{"award-number":["N66001-22-C-4028"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["1943100, 1920462, 2114074, 1908494"],"award-info":[{"award-number":["1943100, 1920462, 2114074, 1908494"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006785","name":"Google","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006785","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100005801","name":"Facebook","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100005801","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3559381","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"2459-2473","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Cerberus"],"prefix":"10.1145","author":[{"given":"Tamjid Al","family":"Rahat","sequence":"first","affiliation":[{"name":"University of California, Los Angeles, Los Angeles, CA, USA"}]},{"given":"Yu","family":"Feng","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, Santa Barbara, CA, USA"}]},{"given":"Yuan","family":"Tian","sequence":"additional","affiliation":[{"name":"University of California, Los Angeles, Los Angeles, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2015. \"Json Web Token\". https:\/\/datatracker.ietf.org\/doc\/html\/rfc7519.  2015. \"Json Web Token\". https:\/\/datatracker.ietf.org\/doc\/html\/rfc7519."},{"key":"e_1_3_2_1_2_1","unstructured":"2018. \"Facebook Security Update\". https:\/\/about.fb.com\/news\/2018\/09\/security- update.  2018. \"Facebook Security Update\". https:\/\/about.fb.com\/news\/2018\/09\/security- update."},{"key":"e_1_3_2_1_3_1","unstructured":"2020. \"Apifest Oauth2\". https:\/\/github.com\/apifest\/apifest-oauth20.  2020. \"Apifest Oauth2\". https:\/\/github.com\/apifest\/apifest-oauth20."},{"key":"e_1_3_2_1_4_1","unstructured":"2020. \"Microsoft Azure Account Takeover\". https:\/\/www.cyberark.com\/ resources\/threat-research-blog\/blackdirect-microsoft-azure-account-takeover.  2020. \"Microsoft Azure Account Takeover\". https:\/\/www.cyberark.com\/ resources\/threat-research-blog\/blackdirect-microsoft-azure-account-takeover."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. \"ApiFest API Security\". http:\/\/www.apifest.org.  2021. \"ApiFest API Security\". http:\/\/www.apifest.org."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. \"Clouway: Oauth2 Server\". https:\/\/github.com\/clouway\/oauth2-server.  2021. \"Clouway: Oauth2 Server\". https:\/\/github.com\/clouway\/oauth2-server."},{"key":"e_1_3_2_1_7_1","unstructured":"2021. \"GluuFederation: oxAuth\". https:\/\/github.com\/GluuFederation\/oxAuth.  2021. \"GluuFederation: oxAuth\". https:\/\/github.com\/GluuFederation\/oxAuth."},{"key":"e_1_3_2_1_8_1","unstructured":"2021. \"Node Oauth2 Server\". https:\/\/github.com\/oauthjs\/node-oauth2-server.  2021. \"Node Oauth2 Server\". https:\/\/github.com\/oauthjs\/node-oauth2-server."},{"key":"e_1_3_2_1_9_1","unstructured":"2021. \"Node Oidc Provider\". https:\/\/github.com\/panva\/node-oidc-provider.  2021. \"Node Oidc Provider\". https:\/\/github.com\/panva\/node-oidc-provider."},{"key":"e_1_3_2_1_10_1","unstructured":"2021. \"OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens\". https:\/\/tools.ietf.org\/html\/rfc8705.  2021. \"OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens\". https:\/\/tools.ietf.org\/html\/rfc8705."},{"key":"e_1_3_2_1_11_1","unstructured":"2021. \"OAuth 2.0 Security Best Current Practice\". https:\/\/datatracker.ietf.org\/ doc\/html\/draft-ietf-oauth-security-topics.  2021. \"OAuth 2.0 Security Best Current Practice\". https:\/\/datatracker.ietf.org\/ doc\/html\/draft-ietf-oauth-security-topics."},{"key":"e_1_3_2_1_12_1","unstructured":"2021. \"OAuth 2.0 Threat Model and Security Considerations\". https:\/\/tools.ietf. org\/html\/rfc6819.  2021. \"OAuth 2.0 Threat Model and Security Considerations\". https:\/\/tools.ietf. org\/html\/rfc6819."},{"key":"e_1_3_2_1_13_1","unstructured":"2021. \"Oauth2 Server\". https:\/\/github.com\/jobmission\/oauth2-server.  2021. \"Oauth2 Server\". https:\/\/github.com\/jobmission\/oauth2-server."},{"key":"e_1_3_2_1_14_1","unstructured":"2021. \"Oauth2 Server\". https:\/\/github.com\/yoichiro\/oauth2-server.  2021. \"Oauth2 Server\". https:\/\/github.com\/yoichiro\/oauth2-server."},{"key":"e_1_3_2_1_15_1","unstructured":"2021. \"Oauth2 Server Node\". https:\/\/github.com\/af83\/oauth2_server_node.  2021. \"Oauth2 Server Node\". https:\/\/github.com\/af83\/oauth2_server_node."},{"key":"e_1_3_2_1_16_1","unstructured":"2021. \"Oauth2orize\". https:\/\/github.com\/jaredhanson\/oauth2orize.  2021. \"Oauth2orize\". https:\/\/github.com\/jaredhanson\/oauth2orize."},{"key":"e_1_3_2_1_17_1","unstructured":"2021. \"OpenID Connect Core 1.0\". https:\/\/openid.net\/specs\/openid-connect- core-1_0.html.  2021. \"OpenID Connect Core 1.0\". https:\/\/openid.net\/specs\/openid-connect- core-1_0.html."},{"key":"e_1_3_2_1_18_1","unstructured":"2021. \"Proof Key for Code Exchange by OAuth Public Clients\". https:\/\/tools.ietf. org\/html\/rfc7636.  2021. \"Proof Key for Code Exchange by OAuth Public Clients\". https:\/\/tools.ietf. org\/html\/rfc7636."},{"key":"e_1_3_2_1_19_1","unstructured":"2021. \"Spring authorization server\". https:\/\/github.com\/spring-projects- experimental\/spring-authorization-server.  2021. \"Spring authorization server\". https:\/\/github.com\/spring-projects- experimental\/spring-authorization-server."},{"key":"e_1_3_2_1_20_1","unstructured":"2021. \"The OAuth 2.0 Authorization Framework\". https:\/\/tools.ietf.org\/html\/ rfc6750.  2021. \"The OAuth 2.0 Authorization Framework\". https:\/\/tools.ietf.org\/html\/ rfc6750."},{"key":"e_1_3_2_1_21_1","unstructured":"2021. \"T.J. Watson Libraries for Analysis (WALA)\". http:\/\/wala.sourceforge.net\/ wiki\/index.php\/Main_Page.  2021. \"T.J. Watson Libraries for Analysis (WALA)\". http:\/\/wala.sourceforge.net\/ wiki\/index.php\/Main_Page."},{"key":"e_1_3_2_1_22_1","unstructured":"2021. \"Twitter Redirect URI Attack\". https:\/\/hackerone.com\/reports\/110293.  2021. \"Twitter Redirect URI Attack\". https:\/\/hackerone.com\/reports\/110293."},{"key":"e_1_3_2_1_23_1","unstructured":"2022. \"Authlete Java OAuth\". https:\/\/github.com\/authlete\/java-oauth-server.  2022. \"Authlete Java OAuth\". https:\/\/github.com\/authlete\/java-oauth-server."},{"key":"e_1_3_2_1_24_1","unstructured":"2022. \"Connect OAuth2\". https:\/\/github.com\/makesites\/connect-oauth2.  2022. \"Connect OAuth2\". https:\/\/github.com\/makesites\/connect-oauth2."},{"key":"e_1_3_2_1_25_1","unstructured":"2022. \"Datalog\". https:\/\/en.wikipedia.org\/wiki\/Datalog.  2022. \"Datalog\". https:\/\/en.wikipedia.org\/wiki\/Datalog."},{"key":"e_1_3_2_1_26_1","unstructured":"2022. \"Egg OAuth2 Server\". https:\/\/github.com\/Azard\/egg-oauth2-server.  2022. \"Egg OAuth2 Server\". https:\/\/github.com\/Azard\/egg-oauth2-server."},{"key":"e_1_3_2_1_27_1","unstructured":"2022. \"Java Spring Server\". https:\/\/github.com\/mitreid-connect\/OpenID-Connect- Java-Spring-Server.  2022. \"Java Spring Server\". https:\/\/github.com\/mitreid-connect\/OpenID-Connect- Java-Spring-Server."},{"key":"e_1_3_2_1_28_1","unstructured":"2022. \"Loopback OAuth Component\". https:\/\/github.com\/strongloop\/loopback- component-oauth2.  2022. \"Loopback OAuth Component\". https:\/\/github.com\/strongloop\/loopback- component-oauth2."},{"key":"e_1_3_2_1_29_1","unstructured":"2022. \"Node OAuth20 Provider\". https:\/\/github.com\/t1msh\/node-oauth20-provider.  2022. \"Node OAuth20 Provider\". https:\/\/github.com\/t1msh\/node-oauth20-provider."},{"key":"e_1_3_2_1_30_1","unstructured":"2022. \"OAuth 2.0 Security Best Current Practice\". https:\/\/datatracker.ietf.org\/ doc\/html\/draft-ietf-oauth-dpop.  2022. \"OAuth 2.0 Security Best Current Practice\". https:\/\/datatracker.ietf.org\/ doc\/html\/draft-ietf-oauth-dpop."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243842"},{"key":"e_1_3_2_1_32_1","volume-title":"Compilers: Principles, Techniques, & Tools. Pearson Education India.","author":"Aho Alfred V","year":"2007","unstructured":"Alfred V Aho , Monica S Lam , Ravi Sethi , and Jeffrey D Ullman . 2007 . Compilers: Principles, Techniques, & Tools. Pearson Education India. Alfred V Aho, Monica S Lam, Ravi Sethi, and Jeffrey D Ullman. 2007. Compilers: Principles, Techniques, & Tools. Pearson Education India."},{"key":"e_1_3_2_1_33_1","volume-title":"Ullman","author":"Aho Alfred V.","year":"1986","unstructured":"Alfred V. Aho , Ravi Sethi , and Jeffrey D . Ullman . 1986 . Compilers : Principles, Techniques, and Tools. Addison-Wesley . https:\/\/www.worldcat.org\/oclc\/12285707 Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. 1986. Compilers: Principles, Techniques, and Tools. Addison-Wesley. https:\/\/www.worldcat.org\/oclc\/12285707"},{"key":"e_1_3_2_1_35_1","volume-title":"Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong.","author":"Bai Guangdong","year":"2013","unstructured":"Guangdong Bai , Jike Lei , Guozhu Meng , Sai Sathyanarayan Venkatraman , Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong. 2013 . Authscan : Automatic extraction of web authentication protocols from implementations. (2013). Guangdong Bai, Jike Lei, Guozhu Meng, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong. 2013. Authscan: Automatic extraction of web authentication protocols from implementations. (2013)."},{"key":"e_1_3_2_1_36_1","volume-title":"From regular expressions to deterministic automata. Theoretical computer science 48","author":"Berry Gerard","year":"1986","unstructured":"Gerard Berry and Ravi Sethi . 1986. From regular expressions to deterministic automata. Theoretical computer science 48 ( 1986 ), 117--126. Gerard Berry and Ravi Sethi. 1986. From regular expressions to deterministic automata. Theoretical computer science 48 (1986), 117--126."},{"key":"e_1_3_2_1_37_1","volume-title":"27th USENIX Security Symposium. 1493--1510","author":"Calzavara Stefano","year":"2018","unstructured":"Stefano Calzavara , Riccardo Focardi , Matteo Maffei , Clara Schneidewind , Marco Squarcina , and Mauro Tempesta . 2018 . WPSE: fortifying web protocols via browser-side security monitoring . In 27th USENIX Security Symposium. 1493--1510 . Stefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, and Mauro Tempesta. 2018. WPSE: fortifying web protocols via browser-side security monitoring. In 27th USENIX Security Symposium. 1493--1510."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Yinzhi Cao Yanick Fratantonio Antonio Bianchi Manuel Egele Christopher Kruegel Giovanni Vigna and Yan Chen. 2015. EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework.. In NDSS.  Yinzhi Cao Yanick Fratantonio Antonio Bianchi Manuel Egele Christopher Kruegel Giovanni Vigna and Yan Chen. 2015. EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework.. In NDSS.","DOI":"10.14722\/ndss.2015.23140"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Yinzhi Cao Yan Shoshitaishvili Kevin Borgolte Christopher Kruegel Giovanni Vigna and Yan Chen. 2014. Protecting Web Single Sign-on against Relying Party Impersonation Attacks through a Bi-directional Secure Channel with Authentication. (2014).  Yinzhi Cao Yan Shoshitaishvili Kevin Borgolte Christopher Kruegel Giovanni Vigna and Yan Chen. 2014. Protecting Web Single Sign-on against Relying Party Impersonation Attacks through a Bi-directional Secure Channel with Authentication. (2014).","DOI":"10.1007\/978-3-319-11379-1_14"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660323"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00052"},{"key":"e_1_3_2_1_42_1","volume-title":"10th International Symposium, SAS 2003, San Diego, CA, USA, June 11-13, 2003, Proceedings. 1--18","author":"Christensen Aske Simon","unstructured":"Aske Simon Christensen , Anders M\u00f8ller , and Michael I. Schwartzbach . 2003. Precise Analysis of String Expressions. In Static Analysis , 10th International Symposium, SAS 2003, San Diego, CA, USA, June 11-13, 2003, Proceedings. 1--18 . Aske Simon Christensen, Anders M\u00f8ller, and Michael I. Schwartzbach. 2003. Precise Analysis of String Expressions. In Static Analysis, 10th International Symposium, SAS 2003, San Diego, CA, USA, June 11-13, 2003, Proceedings. 1--18."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSEN.2014.2361406"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_45_1","volume-title":"2015 International Conference on Information and Communication Technology Convergence (ICTC). 1072--1074","author":"Emerson S.","unstructured":"S. Emerson , Y. Choi , D. Hwang , K. Kim , and K. Kim . 2015. An OAuth based authentication mechanism for IoT networks . In 2015 International Conference on Information and Communication Technology Convergence (ICTC). 1072--1074 . S. Emerson, Y. Choi, D. Hwang, K. Kim, and K. Kim. 2015. An OAuth based authentication mechanism for IoT networks. In 2015 International Conference on Information and Communication Technology Convergence (ICTC). 1072--1074."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345656"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484745"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2814270.2814284"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/24039.24041"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978385"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE51399.2021.00309"},{"key":"e_1_3_2_1_52_1","volume-title":"An introduction to the california consumer privacy act (CCPA). Santa Clara Univ. Legal Studies Research Paper","author":"Goldman Eric","year":"2020","unstructured":"Eric Goldman . 2020. An introduction to the california consumer privacy act (CCPA). Santa Clara Univ. Legal Studies Research Paper ( 2020 ). Eric Goldman. 2020. An introduction to the california consumer privacy act (CCPA). Santa Clara Univ. Legal Studies Research Paper (2020)."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1103845.1094841"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.38"},{"key":"e_1_3_2_1_55_1","volume-title":"Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel.","author":"Li Li","year":"2014","unstructured":"Li Li , Alexandre Bartel , Jacques Klein , Yves Le Traon , Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2014 . I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis . arXiv preprint arXiv:1404.7431 (2014). Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2014. I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis. arXiv preprint arXiv:1404.7431 (2014)."},{"key":"e_1_3_2_1_56_1","volume-title":"USENIX Security Symposium.","author":"Li Song","year":"2022","unstructured":"Song Li , Mingqing Kang , Jianwei Hou , and Yinzhi Cao . 2022 . Mining Node. js Vulnerabilities via Object Dependence Graph and Query . In USENIX Security Symposium. Song Li, Mingqing Kang, Jianwei Hou, and Yinzhi Cao. 2022. Mining Node. js Vulnerabilities via Object Dependence Graph and Query. In USENIX Security Symposium."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423360"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1103845.1094840"},{"key":"e_1_3_2_1_59_1","volume-title":"2011 International Conference on Communication Systems and Network Technologies. 655--659","author":"Pai S.","unstructured":"S. Pai , Y. Sharma , S. Kumar , R. M. Pai , and S. Singh . 2011. Formal Verification of OAuth 2.0 Using Alloy Framework . In 2011 International Conference on Communication Systems and Network Technologies. 655--659 . S. Pai, Y. Sharma, S. Kumar, R. M. Pai, and S. Singh. 2011. Formal Verification of OAuth 2.0 Using Alloy Framework. In 2011 International Conference on Communication Systems and Network Technologies. 655--659."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3457894"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-92013-9_21"},{"key":"e_1_3_2_1_63_1","volume-title":"OAUTHLINT: An Empirical Study on OAuth Bugs in Android Applications. In 34th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2019","author":"Rahat Tamjid Al","year":"2019","unstructured":"Tamjid Al Rahat , Yu Feng , and Yuan Tian . 2019 . OAUTHLINT: An Empirical Study on OAuth Bugs in Android Applications. In 34th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2019 , San Diego, CA, USA , November 11-15, 2019. 293--304. Tamjid Al Rahat, Yu Feng, and Yuan Tian. 2019. OAUTHLINT: An Empirical Study on OAuth Bugs in Android Applications. In 34th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2019, San Diego, CA, USA, November 11-15, 2019. 293--304."},{"key":"e_1_3_2_1_64_1","volume-title":"Automated Detection of GDPR Disclosure Requirements in Privacy Policies using Deep Active Learning. arXiv preprint arXiv:2111.04224","author":"Rahat Tamjid Al","year":"2021","unstructured":"Tamjid Al Rahat , Tu Le , and Yuan Tian . 2021. Automated Detection of GDPR Disclosure Requirements in Privacy Policies using Deep Active Learning. arXiv preprint arXiv:2111.04224 ( 2021 ). Tamjid Al Rahat, Tu Le, and Yuan Tian. 2021. Automated Detection of GDPR Disclosure Requirements in Privacy Policies using Deep Active Learning. arXiv preprint arXiv:2111.04224 (2021)."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2017.8024606"},{"key":"e_1_3_2_1_66_1","first-page":"1","article-title":"Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware","volume":"1","author":"Shoshitaishvili Yan","year":"2015","unstructured":"Yan Shoshitaishvili , Ruoyu Wang , Christophe Hauser , Christopher Kruegel , and Giovanni Vigna . 2015 . Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware .. In NDSS , Vol. 1. 1 -- 1 . Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.. In NDSS, Vol. 1. 1--1.","journal-title":"NDSS"},{"key":"e_1_3_2_1_67_1","unstructured":"Souffl\u00e9 Developers. 2020. Souffl\u00e9 - Datalog. https:\/\/souffle-lang.github.io\/index. html.  Souffl\u00e9 Developers. 2020. Souffl\u00e9 - Datalog. https:\/\/souffle-lang.github.io\/index. html."},{"key":"e_1_3_2_1_68_1","volume-title":"SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS.. In NDSS.","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu , Michael Pradel , and Benjamin Livshits . 2018 . SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS.. In NDSS. Cristian-Alexandru Staicu, Michael Pradel, and Benjamin Livshits. 2018. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS.. In NDSS."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382238"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00053"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/321978.321991"},{"key":"e_1_3_2_1_72_1","volume-title":"Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In European Symposium on Research in Computer Security. Springer, 23--41","author":"Veronese Lorenzo","year":"2020","unstructured":"Lorenzo Veronese , Stefano Calzavara , and Luca Compagna . 2020 . Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In European Symposium on Research in Computer Security. Springer, 23--41 . Lorenzo Veronese, Stefano Calzavara, and Luca Compagna. 2020. Bulwark: Holistic and Verified Security Monitoring of Web Protocols. In European Symposium on Research in Computer Security. Springer, 23--41."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818024"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270315"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421003"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/PACRIM.2013.6625487"},{"key":"e_1_3_2_1_79_1","volume-title":"2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM). 271--276","author":"Yang F.","unstructured":"F. Yang and S. Manoharan . 2013. A security analysis of the OAuth protocol . In 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM). 271--276 . F. Yang and S. Manoharan. 2013. A security analysis of the OAuth protocol. In 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM). 271--276."},{"key":"e_1_3_2_1_80_1","volume-title":"27th USENIX Security Symposium. 1459--1474","author":"Yang Ronghai","year":"2018","unstructured":"Ronghai Yang , Wing Cheong Lau , Jiongyi Chen , and Kehuan Zhang . 2018 . Vetting Single Sign-On SDK Implementations via Symbolic Reasoning . In 27th USENIX Security Symposium. 1459--1474 . Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, and Kehuan Zhang. 2018. Vetting Single Sign-On SDK Implementations via Symbolic Reasoning. In 27th USENIX Security Symposium. 1459--1474."},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897874"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCSE.2012.26"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660359"},{"key":"e_1_3_2_1_84_1","volume-title":"23rd USENIX Security Symposium. 495--510","author":"Zhou Yuchen","year":"2014","unstructured":"Yuchen Zhou and David Evans . 2014 . SSOScan: automated testing of web appli- cations for single sign-on vulnerabilities . In 23rd USENIX Security Symposium. 495--510 . Yuchen Zhou and David Evans. 2014. SSOScan: automated testing of web appli- cations for single sign-on vulnerabilities. In 23rd USENIX Security Symposium. 495--510."}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559381","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3559381","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3559381","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:50:57Z","timestamp":1750182657000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559381"}},"subtitle":["Query-driven Scalable Vulnerability Detection in OAuth Service Provider Implementations"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":83,"alternative-id":["10.1145\/3548606.3559381","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3559381","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}