{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,6]],"date-time":"2025-11-06T20:02:57Z","timestamp":1762459377171,"version":"3.38.0"},"reference-count":76,"publisher":"SAGE Publications","issue":"2","license":[{"start":{"date-parts":[[2016,2,22]],"date-time":"2016-02-22T00:00:00Z","timestamp":1456099200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2016,4,19]]},"abstract":"<jats:p> JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web applications combine services from different providers. The script inclusion mechanism routinely turns barebone web pages into full-fledged services built up from third-party code. Script inclusion poses a challenge of ensuring that the integrated third-party code respects security and privacy. <\/jats:p><jats:p> This paper presents a dynamic mechanism for securing script executions by tracking information flow in JavaScript and its APIs. On the formal side, the paper identifies language constructs that constitute a core of JavaScript: dynamic objects, higher-order functions, exceptions, and dynamic code evaluation. It develops a dynamic type system that guarantees information-flow security for this language. Based on this formal model, the paper presents JSFlow, a practical security-enhanced interpreter for fine-grained tracking of information flow in full JavaScript and its APIs. Our experiments with JSFlow deployed as a browser extension provide in-depth understanding of information manipulation by third-party scripts. We find that different sites intended to provide similar services effectuate rather different security policies for the user\u2019s sensitive information: some ensure it does not leave the browser, others share it with the originating server, while yet others freely propagate it to third parties. <\/jats:p>","DOI":"10.3233\/jcs-160544","type":"journal-article","created":{"date-parts":[[2016,4,19]],"date-time":"2016-04-19T16:25:02Z","timestamp":1461083102000},"page":"181-234","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":21,"title":["Information-flow security for JavaScript and\u00a0its APIs"],"prefix":"10.1177","volume":"24","author":[{"given":"Daniel","family":"Hedin","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, Chalmers University of Technology, R\u00e4nnv\u00e4gen 6B, 41296 Gothenburg, Sweden"},{"name":"School of Innovation, Design and Engineering, M\u00e4lardalen University, Box 883, 721 23 V\u00e4ster\u00e5s, Sweden"}]},{"given":"Luciano","family":"Bello","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Chalmers University of Technology, R\u00e4nnv\u00e4gen 6B, 41296 Gothenburg, Sweden"}]},{"given":"Andrei","family":"Sabelfeld","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Chalmers University of Technology, R\u00e4nnv\u00e4gen 6B, 41296 Gothenburg, Sweden"}]}],"member":"179","published-online":{"date-parts":[[2016,2,22]]},"reference":[{"key":"ref001","doi-asserted-by":"crossref","unstructured":"P.Agten, S.V.Acker, Y.Brondsema, P.H.Phung, L.Desmet and F.Piessens, JSand: Complete client-side sandboxing of third-party JavaScript without browser modifications, in: ACSAC, R.H.Zakon, ed. ACM, 2012, pp.\u00a01\u201310.","DOI":"10.1145\/2420950.2420952"},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"A.Askarov and A.Sabelfeld, Tight enforcement of information-release policies for dynamic languages, in: Proc. IEEE Computer Security Foundations Symposium, 2009.","DOI":"10.1109\/CSF.2009.22"},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"T.H.Austin and C.Flanagan, Efficient purely-dynamic information flow analysis, in: Proc. ACM Workshop on Programming Languages and Analysis for Security (PLAS), 2009.","DOI":"10.1145\/1554339.1554353"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"T.H.Austin and C.Flanagan, Permissive dynamic information flow analysis, in: Proc. ACM Workshop on Programming Languages and Analysis for Security (PLAS), 2010.","DOI":"10.1145\/1814217.1814220"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"T.H.Austin and C.Flanagan, Multiple facets for dynamic information flow, in: Proc. ACM Symposium on Principles of Programming Languages, 2012.","DOI":"10.1145\/2103656.2103677"},{"key":"ref006","doi-asserted-by":"publisher","DOI":"10.1145\/1995376.1995398"},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1017\/S0956796804005453"},{"key":"ref008","doi-asserted-by":"crossref","unstructured":"L.Bello, D.Hedin and A.Sabelfeld, Value sensitivity and observable abstract values for information flow control, in: Proc. International Conferences on Logic for Programming, Artificial Intelligence and Reasoning (LPAR), 2015.","DOI":"10.1007\/978-3-662-48899-7_5"},{"key":"ref009","doi-asserted-by":"crossref","unstructured":"F.Besson, N.Bielova and T.Jensen, Hybrid information flow monitoring against web tracking, in: IEEE 26th Computer Security Foundations Symposium (CSF 2013), 2013, pp.\u00a0240\u2013254.","DOI":"10.1109\/CSF.2013.23"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"A.Bichhawat, V.Rajani, D.Garg and C.Hammer, Generalizing permissive-upgrade in dynamic information flow analysis, in: Proc. ACM Workshop on Programming Languages and Analysis for Security (PLAS), 2014.","DOI":"10.1145\/2637113.2637116"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"A.Bichhawat, V.Rajani, D.Garg and C.Hammer, Information flow control in WebKit\u2019s JavaScript bytecode, in: POST, 2014, pp.\u00a0159\u2013178.","DOI":"10.1007\/978-3-642-54792-8_9"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"N.Bielova, D.Devriese, F.Massacci and F.Piessens, Reactive non-interference for a browser model, in: Proc. International Conference on Network and System Security (NSS), 2011, pp.\u00a097\u2013104.","DOI":"10.1109\/ICNSS.2011.6059965"},{"key":"ref013","doi-asserted-by":"crossref","unstructured":"A.Birgisson, D.Hedin and A.Sabelfeld, Boosting the permissiveness of dynamic information-flow tracking by testing, in: ESORICS, S.Foresti, M.Yung and F.Martinelli, eds, Lecture Notes in Computer Science, Vol.\u00a07459, Springer, 2012, pp.\u00a055\u201372.","DOI":"10.1007\/978-3-642-33167-1_4"},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"M.Bodin, A.Chargueraud, D.Filaretti, P.Gardner, S.Maffeis, D.Naudziuniene, A.Schmitt and G.Smith, A trusted mechanised JavaScript specification, in: Proc. 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL \u201914, ACM, 2014.","DOI":"10.1145\/2535838.2535876"},{"key":"ref015","doi-asserted-by":"crossref","unstructured":"A.Bohannon, B.Pierce, V.Sj\u00f6berg, S.Weirich and S.Zdancewic, Reactive noninterference, in: ACM Conference on Computer and Communications Security, 2009, pp.\u00a079\u201390.","DOI":"10.1145\/1653662.1653673"},{"key":"ref016","unstructured":"A.Bohannon and B.C.Pierce, Featherweight Firefox: Formalizing the core of a web browser, in: Proc. USENIX Security Symposium, 2010."},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"A.Chudnov and D.A.Naumann, Inlined information flow monitoring for JavaScript, in: Proc. 22nd ACM SIGSAC Conference on Computer and Communications Security, ACM, New York, NY, USA, 2015.","DOI":"10.1145\/2810103.2813684"},{"key":"ref018","doi-asserted-by":"crossref","unstructured":"R.Chugh, J.A.Meister, R.Jhala and S.Lerner, Staged information flow for JavaScript, in: Proc. 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI \u201909, ACM, New York, NY, USA, 2009.","DOI":"10.1145\/1542476.1542483"},{"key":"ref019","unstructured":"E.S.Cohen, Information transmission in sequential programs, in: Foundations of Secure Computation, R.A.DeMillo, D.P.Dobkin, A.K.Jones and R.J.Lipton, eds, Academic Press, 1978, pp.\u00a0297\u2013335."},{"key":"ref020","unstructured":"D.Crockford, Making JavaScript safe for advertising, 2009, available at: adsafe.org."},{"key":"ref021","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"D.Devriese and F.Piessens, Non-interference through secure multi-execution, in: Proc. IEEE Symposium on Security and Privacy, 2010.","DOI":"10.1109\/SP.2010.15"},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"M.Dhawan and V.Ganapathy, Analyzing information flow in JavaScript-based browser extensions, in: ACSAC, IEEE Computer Society, 2009, pp.\u00a0382\u2013391.","DOI":"10.1109\/ACSAC.2009.43"},{"key":"ref025","unstructured":"ECMA International, ECMAScript language specification, 1999, Version 3."},{"key":"ref026","unstructured":"ECMA International, ECMAScript language specification, 2009, Version 5."},{"key":"ref027","unstructured":"B.Eich, Flowsafe: Information flow security for the browser, 2009, available at: https:\/\/wiki.mozilla.org\/FlowSafe."},{"key":"ref028","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/17.2.143"},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"J.A.Goguen and J.Meseguer, Security policies and security models, in: Proc. IEEE Symposium on Security and Privacy, 1982, pp.\u00a011\u201320.","DOI":"10.1109\/SP.1982.10014"},{"key":"ref030","doi-asserted-by":"crossref","unstructured":"W.D.Groef, D.Devriese, N.Nikiforakis and F.Piessens, FlowFox: A web browser with flexible and precise information flow control, in: ACM CCS, 2012.","DOI":"10.1145\/2382196.2382275"},{"key":"ref031","unstructured":"S.Guarnieri and B.Livshits, Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code, in: Proc. 18th Conference on USENIX Security Symposium, SSYM\u201909, USENIX Association, Berkeley, CA, USA, 2009."},{"key":"ref032","doi-asserted-by":"crossref","unstructured":"S.Guarnieri, M.Pistoia, O.Tripp, J.Dolby, S.Teilhet and R.Berg, Saving the world wide web from vulnerable JavaScript, in: ISSTA, M.B.Dwyer and F.Tip, eds, ACM, 2011, pp.\u00a0177\u2013187.","DOI":"10.1145\/2001420.2001442"},{"key":"ref033","doi-asserted-by":"crossref","unstructured":"A.Guha, C.Saftoiu and S.Krishnamurthi, The essence of JavaScript, in: European Conference on Object-Oriented Programming, 2010.","DOI":"10.1007\/978-3-642-14107-2_7"},{"key":"ref034","doi-asserted-by":"crossref","unstructured":"D.Hedin, L.Bello and A.Sabelfeld, Value-sensitive hybrid information flow control for a JavaScript-like language, in: Proc. IEEE CSF, 2015.","DOI":"10.1109\/CSF.2015.31"},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"D.Hedin, L.Bello and A.Sabelfeld, Information-flow security for JavaScript and its APIs, 2016 (full version), available at: http:\/\/www.cse.chalmers.se\/~andrei\/jsflow-jcs16.pdf.","DOI":"10.3233\/JCS-160544"},{"key":"ref036","doi-asserted-by":"crossref","unstructured":"D.Hedin, A.Birgisson, L.Bello and A.Sabelfeld, JSFlow: Tracking information flow in JavaScript and its APIs, in: Proc. 29th ACM Symposium on Applied Computing, 2014.","DOI":"10.1145\/2554850.2554909"},{"key":"ref037","doi-asserted-by":"crossref","unstructured":"D.Hedin and A.Sabelfeld, Information-flow security for a core of JavaScript, in: Proc. IEEE CSF, 2012, pp.\u00a03\u201318.","DOI":"10.1109\/CSF.2012.19"},{"key":"ref038","unstructured":"A.L.Hors and P.L.Hegaret, Document object model level 3 core specification, Technical report, The World Wide Web Consortium, 2004."},{"key":"ref039","doi-asserted-by":"crossref","unstructured":"D.Jang, R.Jhala, S.Lerner and H.Shacham, An empirical study of privacy-violating information flows in JavaScript web applications, in: ACM Conference on Computer and Communications Security, 2010, pp.\u00a0270\u2013283.","DOI":"10.1145\/1866307.1866339"},{"key":"ref040","unstructured":"Joyent, Inc., Node.js, available at: http:\/\/nodejs.org\/."},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"S.Just, A.Cleary, B.Shirley and C.Hammer, Information flow analysis for JavaScript, in: Proc. ACM PLASTIC, ACM, New York, NY, USA, 2011, pp.\u00a09\u201318.","DOI":"10.1145\/2093328.2093331"},{"key":"ref042","doi-asserted-by":"crossref","unstructured":"G.Le Guernic, A.Banerjee, T.Jensen and D.Schmidt, Automata-based confidentiality monitoring, in: Proc. Asian Computing Science Conference (ASIAN\u201906), Lecture Notes in Computer Science, Vol.\u00a04435, Springer-Verlag, 2006.","DOI":"10.1007\/978-3-540-77505-8_7"},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"Z.Li, K.Zhang and X.Wang, Mash-IF: Practical information-flow control within client-side mashups, in: DSN, 2010, pp.\u00a0251\u2013260.","DOI":"10.1109\/DSN.2010.5544312"},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"S.Maffeis, J.C.Mitchell and A.Taly, An operational semantics for JavaScript, in: Proc. APLAS\u201908, Lecture Notes in Computer Science, Vol.\u00a05356, 2008, pp.\u00a0307\u2013325.","DOI":"10.1007\/978-3-540-89330-1_22"},{"key":"ref045","doi-asserted-by":"crossref","unstructured":"J.Magazinius, A.Askarov and A.Sabelfeld, A lattice-based approach to mashup security, in: Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2010.","DOI":"10.1145\/1755688.1755691"},{"key":"ref046","doi-asserted-by":"crossref","unstructured":"J.Magazinius, D.Hedin and A.Sabelfeld, Architectures for inlining security monitors in web applications, in: ESSoS, Lecture Notes in Computer Science, Springer, 2014.","DOI":"10.1007\/978-3-319-04897-0_10"},{"key":"ref047","doi-asserted-by":"crossref","unstructured":"J.Magazinius, A.Russo and A.Sabelfeld, On-the-fly inlining of dynamic security monitors, in: Proc. IFIP International Information Security Conference (SEC), 2010.","DOI":"10.1007\/978-3-642-15257-3_16"},{"key":"ref048","doi-asserted-by":"crossref","unstructured":"J.R.Mayer and J.C.Mitchell, Third-party web tracking: Policy and technology, in: IEEE SP, IEEE Computer Society, 2012, pp.\u00a0413\u2013427.","DOI":"10.1109\/SP.2012.47"},{"key":"ref049","doi-asserted-by":"crossref","unstructured":"L.A.Meyerovich and V.B.Livshits, ConScript: Specifying and enforcing fine-grained security policies for JavaScript in the browser, in: IEEE SP, IEEE Computer Society, 2010, pp.\u00a0481\u2013496.","DOI":"10.1109\/SP.2010.36"},{"key":"ref050","unstructured":"M.Miller, M.Samuel, B.Laurie, I.Awad and M.Stay, Caja: Safe active content in sanitized JavaScript, 2008."},{"key":"ref051","unstructured":"Mozilla Developer Network, SpiderMonkey \u2013 Running automated JavaScript tests, 2011, available at: https:\/\/developer.mozilla.org\/en-US\/docs\/SpiderMonkey\/Running_Automated_JavaScript_Tests."},{"key":"ref052","unstructured":"Mozilla Labs, Zaphod add-on for the Firefox browser, 2011, available at: http:\/\/mozillalabs.com\/zaphod."},{"key":"ref053","unstructured":"A.C.Myers, L.Zheng, S.Zdancewic, S.Chong and N.Nystrom, Jif: Java information flow, Software release, 2001, available at: http:\/\/www.cs.cornell.edu\/jif."},{"key":"ref054","doi-asserted-by":"crossref","unstructured":"N.Nikiforakis, L.Invernizzi, A.Kapravelos, S.Van Acker, W.Joosen, C.Kruegel, F.Piessens and G.Vigna, You are what you include: Large-scale evaluation of remote JavaScript inclusions, in: ACM CCS, 2012, pp.\u00a0736\u2013747.","DOI":"10.1145\/2382196.2382274"},{"key":"ref055","doi-asserted-by":"publisher","DOI":"10.1145\/596980.596983"},{"key":"ref056","doi-asserted-by":"crossref","unstructured":"W.Rafnsson and A.Sabelfeld, Limiting information leakage in event-based communication, in: Proc. ACM Workshop on Programming Languages and Analysis for Security (PLAS), 2011.","DOI":"10.1145\/2166956.2166960"},{"key":"ref057","doi-asserted-by":"crossref","unstructured":"W.Rafnsson and A.Sabelfeld, Secure multi-execution: Fine-grained, declassification-aware, and transparent, in: CSF, 2013, pp.\u00a033\u201348.","DOI":"10.1109\/CSF.2013.10"},{"key":"ref058","doi-asserted-by":"crossref","unstructured":"A.Russo and A.Sabelfeld, Securing timeout instructions in web applications, in: Proc. IEEE Computer Security Foundations Symposium, 2009.","DOI":"10.1109\/CSF.2009.16"},{"key":"ref059","doi-asserted-by":"crossref","unstructured":"A.Russo and A.Sabelfeld, Dynamic vs. static flow-sensitive security analysis, in: Proc. IEEE Computer Security Foundations Symposium, 2010.","DOI":"10.1109\/CSF.2010.20"},{"key":"ref060","doi-asserted-by":"crossref","unstructured":"A.Russo, A.Sabelfeld and A.Chudnov, Tracking information flow in dynamic tree structures, in: Proc. European Symposium on Research in Computer Security, Lecture Notes in Computer Science, Springer-Verlag, 2009.","DOI":"10.1007\/978-3-642-04444-1_6"},{"key":"ref061","unstructured":"P.D.Ryck, M.Decat, L.Desmet, F.Piessens and W.Joose, Security of web mashups: A survey, in: Nordic Conference in Secure IT Systems, Lecture Notes in Computer Science, 2010."},{"key":"ref062","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"ref063","doi-asserted-by":"crossref","unstructured":"A.Sabelfeld and A.Russo, From dynamic to static and back: Riding the roller coaster of information-flow control research, in: Proc. Andrei Ershov International Conference on Perspectives of System Informatics, Lecture Notes in Computer Science, Springer-Verlag, 2009.","DOI":"10.1007\/978-3-642-11486-1_30"},{"key":"ref064","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"ref065","unstructured":"Taboola, Update: Taboola security breach \u2013 Identified and fully resolved, 2014, available at: http:\/\/taboola.com\/blog\/update-taboola-security-breach-identified-and-fully-resolved-0."},{"key":"ref066","doi-asserted-by":"crossref","unstructured":"A.Taly, U.Erlingsson, M.Miller, J.Mitchell and J.Nagra, Automated analysis of security-critical JavaScript APIs, in: Proc. IEEE Symposium on Security and Privacy, 2011.","DOI":"10.1109\/SP.2011.39"},{"key":"ref067","unstructured":"The JSFlow Project, available at: http:\/\/www.jsflow.net\/."},{"key":"ref068","doi-asserted-by":"crossref","unstructured":"P.Thiemann, Towards specializing JavaScript programs, in: PSI, Lecture Notes in Computer Science, Springer-Verlag, 2014.","DOI":"10.1007\/978-3-662-46823-4_26"},{"key":"ref069","doi-asserted-by":"crossref","unstructured":"M.Vanhoef, W.D.Groef, D.Devriese, F.Piessens and T.Rezk, Stateful declassification policies for event-driven programs, in: CSF, 2014.","DOI":"10.1109\/CSF.2014.28"},{"key":"ref070","unstructured":"P.Vogt, F.Nentwich, N.Jovanovic, E.Kirda, C.Kruegel and G.Vigna, Cross-site scripting prevention with dynamic data tainting and static analysis, in: Proc. Network and Distributed System Security Symposium, 2007."},{"key":"ref071","doi-asserted-by":"crossref","unstructured":"D.Volpano, Safety versus secrecy, in: Proc. Symposium on Static Analysis, Lecture Notes in Computer Science, Vol.\u00a01694, Springer-Verlag, 1999, pp.\u00a0303\u2013311.","DOI":"10.1007\/3-540-48294-6_20"},{"key":"ref072","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-1996-42-304"},{"key":"ref073","unstructured":"E.Yang, D.Stefan, J.Mitchell, D.Mazi\u00e8res, P.Marchenko and B.Karp, Toward principled browser security, in: Proc. HotOS, 2013."},{"key":"ref074","doi-asserted-by":"crossref","unstructured":"A.Yip, N.Narula, M.Krohn and R.Morris, Privacy-preserving browser-side scripting with BFlow, in: EuroSys, ACM, New York, NY, USA, 2009, pp.\u00a0233\u2013246.","DOI":"10.1145\/1519065.1519091"},{"key":"ref075","doi-asserted-by":"crossref","unstructured":"D.Yu, A.Chander, N.Islam and I.Serikov, JavaScript instrumentation for browser security, in: Proc. ACM Symposium on Principles of Programming Languages, ACM, 2007, pp.\u00a0237\u2013249.","DOI":"10.1145\/1190216.1190252"},{"key":"ref076","unstructured":"S.Zdancewic, Programming languages for information security, PhD thesis, Cornell University, 2002."}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-160544","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-160544","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-160544","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,10]],"date-time":"2025-03-10T23:38:04Z","timestamp":1741649884000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-160544"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,2,22]]},"references-count":76,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2016,4,19]]}},"alternative-id":["10.3233\/JCS-160544"],"URL":"https:\/\/doi.org\/10.3233\/jcs-160544","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"type":"print","value":"0926-227X"},{"type":"electronic","value":"1875-8924"}],"subject":[],"published":{"date-parts":[[2016,2,22]]}}}