{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:11:09Z","timestamp":1750219869374,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,6,22]],"date-time":"2023-06-22T00:00:00Z","timestamp":1687392000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/100002418","name":"Intel Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100002418","id-type":"DOI","asserted-by":"publisher"}]},{"name":"VMware"},{"name":"Ericsson"},{"name":"Google"},{"name":"IBM"},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2145471","1704941"],"award-info":[{"award-number":["2145471","1704941"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,6,22]]},"DOI":"10.1145\/3593856.3595905","type":"proceedings-article","created":{"date-parts":[[2023,6,22]],"date-time":"2023-06-22T22:20:41Z","timestamp":1687472441000},"page":"223-230","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Access Control for Database Applications: Beyond Policy Enforcement"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-3721-2882","authenticated-orcid":false,"given":"Wen","family":"Zhang","sequence":"first","affiliation":[{"name":"UC Berkeley, Berkeley, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9664-4377","authenticated-orcid":false,"given":"Aurojit","family":"Panda","sequence":"additional","affiliation":[{"name":"NYU, New York, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1357-7533","authenticated-orcid":false,"given":"Scott","family":"Shenker","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, United States of America"},{"name":"ICSI, Berkeley, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,6,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2006.08.020"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503275"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390662"},{"key":"e_1_3_2_1_4_1","unstructured":"Warwick Ashford. 2015. Facebook photo leak flaw raises security concerns. https:\/\/www.computerweekly.com\/news\/2240242708\/Facebook-photo-leak-flaw-raises-security-concerns"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2463676.2467798"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3452919"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.16"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3276519"},{"key":"e_1_3_2_1_9_1","volume-title":"9th USENIX Symposium on Operating Systems Design and Implementation, OSDI","author":"Chlipala Adam","year":"2010","unstructured":"Adam Chlipala. 2010. Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications. In 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010, October 4--6, 2010, Vancouver, BC, Canada, Proceedings, Remzi H. Arpaci-Dusseau and Brad Chen (Eds.). USENIX Association, 105--118. http:\/\/www.usenix.org\/events\/osdi10\/tech\/full_papers\/Chlipala.pdf"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30570-5_20"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-48533-1_19"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254087"},{"key":"e_1_3_2_1_13_1","volume-title":"Toward Automated Detection of Logic Vulnerabilities in Web Applications. In 19th USENIX Security Symposium","author":"Felmetsger Viktoria","year":"2010","unstructured":"Viktoria Felmetsger, Ludovico Cavedon, Christopher Kruegel, and Giovanni Vigna. 2010. Toward Automated Detection of Logic Vulnerabilities in Web Applications. In 19th USENIX Security Symposium, Washington, DC, USA, August 11--13, 2010, Proceedings. USENIX Association, 143--160. http:\/\/www.usenix.org\/events\/sec10\/tech\/full_papers\/Felmetsger.pdf"},{"key":"e_1_3_2_1_14_1","volume-title":"Hails: Protecting Data Privacy in Untrusted Web Applications. In 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012","author":"Giffin Daniel B.","year":"2012","unstructured":"Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazi\u00e8res, John C. Mitchell, and Alejandro Russo. 2012. Hails: Protecting Data Privacy in Untrusted Web Applications. In 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012, Hollywood, CA, USA, October 8--10, 2012, Chandu Thekkath and Amin Vahdat (Eds.). USENIX Association, 47--60. https:\/\/www.usenix.org\/conference\/osdi12\/technical-sessions\/presentation\/giffin"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2008","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid, Michael Y. Levin, and David A. Molnar. 2008. Automated Whitebox Fuzz Testing. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2008, San Diego, California, USA, 10th February - 13th February 2008. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2008\/automated-whitebox-fuzz-testing\/"},{"key":"e_1_3_2_1_16_1","unstructured":"Eddie Kohler. 2013. Hide review rounds from paper authors. https:\/\/github.com\/kohler\/hotcrp\/commit\/5d53ab"},{"key":"e_1_3_2_1_17_1","unstructured":"Eddie Kohler. 2015. Download PC review assignments obeys paper administrators. https:\/\/github.com\/kohler\/hotcrp\/commit\/80ff96"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/B978-012088469-8.50013-9"},{"key":"e_1_3_2_1_19_1","volume-title":"STORM: Re-finement Types for Secure Web Applications. In 15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021","author":"Lehmann Nico","year":"2021","unstructured":"Nico Lehmann, Rose Kunkel, Jordan Brown, Jean Yang, Niki Vazou, Nadia Polikarpova, Deian Stefan, and Ranjit Jhala. 2021. STORM: Re-finement Types for Secure Web Applications. In 15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021, July 14--16, 2021, Angela Demke Brown and Jay R. Lorch (Eds.). USENIX Association, 441--459. https:\/\/www.usenix.org\/conference\/osdi21\/presentation\/lehmann"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.71"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/212433.220198"},{"key":"e_1_3_2_1_22_1","volume-title":"Ordille","author":"Levy Alon Y.","year":"1996","unstructured":"Alon Y. Levy, Anand Rajaraman, and Joann J. Ordille. 1996. Querying Heterogeneous Information Sources Using Source Descriptions. In VLDB'96, Proceedings of 22th International Conference on Very Large Data Bases, September 3--6, 1996, Mumbai (Bombay), India, T. M. Vijayaraman, Alejandro P. Buchmann, C. Mohan, and Nandlal L. Sarda (Eds.). Morgan Kaufmann, 251--262. http:\/\/www.vldb.org\/conf\/1996\/P251.PDF"},{"key":"e_1_3_2_1_23_1","unstructured":"Wenchao Li. 2014. Specification Mining: New Formalisms Algorithms and Applications. Ph.D. Dissertation. EECS Department University of California Berkeley. http:\/\/www2.eecs.berkeley.edu\/Pubs\/TechRpts\/2014\/EECS-2014-20.html"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.33"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317550.3321425"},{"key":"e_1_3_2_1_26_1","unstructured":"Mark Maunder. 2016. Vulnerability in WordPress Core: Bypass any password protected post. CVSS Score: 7.5 (High). https:\/\/www.wordfence.com\/blog\/2016\/06\/wordpress-core-vulnerability-bypass-password-protected-posts\/"},{"key":"e_1_3_2_1_27_1","volume-title":"26th USENIX Security Symposium, USENIX Security 2017","author":"Mehta Aastha","year":"2017","unstructured":"Aastha Mehta, Eslam Elnikety, Katura Harvey, Deepak Garg, and Peter Druschel. 2017. Qapla: Policy compliance for database-backed systems. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16--18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1463--1479. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/mehta"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007633"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.1989.47234"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24372-1_34"},{"key":"e_1_3_2_1_32_1","unstructured":"Oracle. 2017. Using Oracle Virtual Private Database to Control Data Access. https:\/\/docs.oracle.com\/database\/121\/DBSEG\/vpd.htm"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428203"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/190314.190338"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3408987"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/212433.220199"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453483.3454072"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-51074-9_9"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007631"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361067"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.971193"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2628136.2628151"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314591"},{"key":"e_1_3_2_1_44_1","unstructured":"Ben Stock. 2018. Search leaks hidden tags. https:\/\/github.com\/kohler\/hotcrp\/issues\/135"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/800182.810400"},{"key":"e_1_3_2_1_46_1","article-title":"K-Anonymity: A Model for Protecting Privacy","volume":"10","author":"Sweeney Latanya","year":"2002","unstructured":"Latanya Sweeney. 2002. K-Anonymity: A Model for Protecting Privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10, 5 (2002).","journal-title":"Int. J. Uncertain. Fuzziness Knowl.-Based Syst."},{"key":"e_1_3_2_1_47_1","unstructured":"W3Techs. 2023. Usage statistics of server-side programming languages for websites. https:\/\/w3techs.com\/technologies\/overview\/programming_language"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31980-1_30"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908098"},{"key":"e_1_3_2_1_50_1","volume-title":"Blockaid: Data Access Policy Enforcement for Web Applications. In 16th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2022","author":"Zhang Wen","year":"2022","unstructured":"Wen Zhang, Eric Sheng, Michael Alan Chang, Aurojit Panda, Mooly Sagiv, and Scott Shenker. 2022. Blockaid: Data Access Policy Enforcement for Web Applications. In 16th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2022, Carlsbad, CA, USA, July 11--13, 2022, Marcos K. Aguilera and Hakim Weatherspoon (Eds.). USENIX Association, 701--718. https:\/\/www.usenix.org\/conference\/osdi22\/presentation\/zhang"},{"key":"e_1_3_2_1_51_1","volume-title":"Aurojit Panda, Mooly Sagiv, and Scott Shenker.","author":"Zhang Wen","year":"2022","unstructured":"Wen Zhang, Eric Sheng, Michael Alan Chang, Aurojit Panda, Mooly Sagiv, and Scott Shenker. 2022. Blockaid: Data Access Policy Enforcement for Web Applications (slides). https:\/\/www.usenix.org\/sites\/default\/files\/conference\/protected-files\/osdi22_slides_zhang-wen.pdf"}],"event":{"name":"HotOS '23: 19th Workshop on Hot Topics in Operating Systems","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"location":"Providence RI USA","acronym":"HOTOS '23"},"container-title":["Proceedings of the 19th Workshop on Hot Topics in Operating Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3593856.3595905","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3593856.3595905","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3593856.3595905","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:47:51Z","timestamp":1750178871000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3593856.3595905"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,22]]},"references-count":50,"alternative-id":["10.1145\/3593856.3595905","10.1145\/3593856"],"URL":"https:\/\/doi.org\/10.1145\/3593856.3595905","relation":{},"subject":[],"published":{"date-parts":[[2023,6,22]]},"assertion":[{"value":"2023-06-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}