{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T21:38:24Z","timestamp":1726004304787},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030017033"},{"type":"electronic","value":"9783030017040"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01704-0_19","type":"book-chapter","created":{"date-parts":[[2018,12,28]],"date-time":"2018-12-28T16:02:50Z","timestamp":1546012970000},"page":"352-371","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Local Storage on Steroids: Abusing Web Browsers for Hidden Content Storage and Distribution"],"prefix":"10.1007","author":[{"given":"Juan D.","family":"Parra Rodriguez","sequence":"first","affiliation":[]},{"given":"Joachim","family":"Posegga","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,29]]},"reference":[{"key":"19_CR1","unstructured":"Aboukhadijeh, F.: The Joys of HTML5: Introducing the new HTML5 Hard Disk Filler API. www.filldisk.com\/ . Accessed 15 Apr 2018"},{"key":"19_CR2","unstructured":"Aboukhadijeh, F.: Webtorrent (2014). https:\/\/github.com\/feross\/webtorrent . Accessed 15 Apr 2018"},{"key":"19_CR3","unstructured":"Akhawe, D.: CSP and PostMessage. https:\/\/lists.w3.org\/Archives\/Public\/public-web-security\/2011Dec\/0020.html . Accessed 15 Apr 2018"},{"key":"19_CR4","unstructured":"Akhawe, D.: Do we want a directive to control postMessage explicit channels outbound?. https:\/\/lists.w3.org\/Archives\/Public\/public-web-security\/2011Dec\/0020.html . Accessed 15 Apr 2018"},{"key":"19_CR5","doi-asserted-by":"publisher","unstructured":"Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium, CSF 2010, pp. 290\u2013304. IEEE Computer Society, Washington, DC (2010). https:\/\/doi.org\/10.1109\/CSF.2010.27","DOI":"10.1109\/CSF.2010.27"},{"key":"19_CR6","unstructured":"Alexa Traffic Ranking and visitor statistics for 7 years. http:\/\/www.rank2traffic.com\/ . Accessed 15 Apr 2018"},{"issue":"2","key":"19_CR7","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1145\/1455518.1477941","volume":"12","author":"S Antonatos","year":"2008","unstructured":"Antonatos, S., Akritidis, P., Lam, V.T., Anagnostakis, K.G.: Puppetnets: misusing web browsers as a distributed attack infrastructure. ACM Trans. Inf. Syst. Secur. 12(2), 12 (2008)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"19_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1007\/978-3-540-85886-7_10","volume-title":"Information Security","author":"E Athanasopoulos","year":"2008","unstructured":"Athanasopoulos, E., et al.: Antisocial networks: turning a social network into a botnet. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 146\u2013160. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85886-7_10"},{"key":"19_CR9","unstructured":"Web Code Weakness allows Data Dump on PCs (2008). http:\/\/www.bbc.com\/news\/technology-21628622 . Accessed 15 Apr 2018"},{"key":"19_CR10","unstructured":"Bogaard, D., Johnson, D., Parody, R.: Browser web storage vulnerability investigation HTML5 localStorage object. In: Proceedings of the International Conference on Security and Management, pp. 1\u20137, July 2012"},{"key":"19_CR11","unstructured":"Clear, enable, and manage cookies in Chrome. https:\/\/support.google.com\/chrome\/answer\/95647 . Accessed 15 Apr 2018"},{"key":"19_CR12","unstructured":"Cimpanu, C.: Cryptojacking Script Found in Live Help Widget, Impacts Around 1,500 Sites. https:\/\/www.bleepingcomputer.com\/news\/security\/cryptojacking-script-found-in-live-help-widget-impacts-around-1-500-sites\/ . Accessed 25 Nov 2017"},{"key":"19_CR13","unstructured":"Clicktale: Web-Aanalytics Benchmark Q2 (2013). https:\/\/research.clicktale.com\/web_analytics_benchmarks.html . Accessed 15 Apr 2018"},{"key":"19_CR14","unstructured":"Dias, D.: WebRTC Explorer. https:\/\/github.com\/diasdavid\/webrtc-explorer . Accessed 15 Apr 2018"},{"key":"19_CR15","unstructured":"Docker. https:\/\/www.docker.com\/ . Accessed 15 Apr 2018"},{"key":"19_CR16","unstructured":"Dpkt package. https:\/\/pypi.python.org\/pypi\/dpkt . Accessed 15 Apr 2018"},{"key":"19_CR17","doi-asserted-by":"publisher","unstructured":"Englehardt, S., et al.: Cookies that give you away: the surveillance implications of web tracking. In: Proceedings of the 24th International Conference on World Wide Web, WWW 2015, pp. 289\u2013299. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2015). https:\/\/doi.org\/10.1145\/2736277.2741679","DOI":"10.1145\/2736277.2741679"},{"key":"19_CR18","unstructured":"Disable third-party cookies in Firefox to stop some types of tracking by advertisers. https:\/\/support.mozilla.org\/en-US\/kb\/disable-third-party-cookies . Accessed 15 Apr 2018"},{"key":"19_CR19","unstructured":"Grossman, J., Johansen, M.: Million Browser Botnet. https:\/\/www.blackhat.com\/us-13\/briefings.html . Accessed 15 Jan 2018"},{"key":"19_CR20","unstructured":"Hanna, S., Shin, E.C.R., Akhawe, D., Boehm, A., Saxena, P., Song, D.: The emperor\u2019s new APIs: on the (in) secure usage of new client-side primitives. In: Workshop on Web 2.0 Security and Privacy, W2SP (2010)"},{"key":"19_CR21","unstructured":"Hiesey, J., Aboukhadijeh, F., Rajah, A.: PeerCDN (2013). https:\/\/peercdn.com\/ . Accessed 15 Apr 2018"},{"key":"19_CR22","unstructured":"Hoffman, J.J.: New Jersey Division of Consumer Affairs Obtains Settlement with Developer of Bitcoin-Mining Software Found to Have Accessed New Jersey Computers Without Users\u2019 Knowledge or Consent. http:\/\/www.njconsumeraffairs.gov\/News\/Pages\/05262015.aspx . Accessed 15 Apr 2018"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"Rosenberg, J.: RFC 5245: Interactive connectivity establishment (ICE): A protocol for network address translator (NAT) traversal for offer\/answer protocols. RFC 5245, April 2010. https:\/\/tools.ietf.org\/html\/rfc5245 . Accessed 15 Apr 2018","DOI":"10.17487\/rfc5245"},{"key":"19_CR24","unstructured":"Kesteren, A.V.: WebRTC RTCDataChannel can be used for exfiltration. https:\/\/github.com\/w3c\/webappsec-csp\/issues\/92 . Accessed 15 Apr 2018"},{"key":"19_CR25","unstructured":"Lekies, S., Johns, M.: Lightweight integrity protection for web storage-driven content caching. In: Workshop on Web 2.0 Security and Privacy, W2SP (2012)"},{"key":"19_CR26","doi-asserted-by":"publisher","unstructured":"Lekies, S., Stock, B., Johns, M.: 25 million flows later: large-scale detection of DOM-based XSS. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS 2013, pp. 1193\u20131204. ACM, New York (2013). https:\/\/doi.org\/10.1145\/2508859.2516703","DOI":"10.1145\/2508859.2516703"},{"key":"19_CR27","doi-asserted-by":"crossref","unstructured":"Mahy, R., Matthews, P.: RFC5766: Traversal using relays around NAT (TURN): Relay extensions to session traversal utilities for NAT (STUN). RFC 5766, IETF, April 2010. https:\/\/tools.ietf.org\/html\/rfc5766","DOI":"10.17487\/rfc5766"},{"key":"19_CR28","unstructured":"Maunder, M.: WordPress plugin banned for crypto mining. https:\/\/www.wordfence.com\/blog\/2017\/11\/wordpress-plugin-banned-crypto-mining\/ . Accessed 15 Jan 2018"},{"key":"19_CR29","unstructured":"Meyn, A.J.R., Nurminen, J.K., Probst, C.W.: Browser to browser media streaming with HTML5. Master\u2019s thesis. Aalto University (2012). https:\/\/aaltodoc.aalto.fi\/handle\/123456789\/6094"},{"key":"19_CR30","unstructured":"Mozilla Developer Network (MDN) - Window.postMessage(), April 2015. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Window\/postMessage . Accessed 15 Apr 2018"},{"key":"19_CR31","unstructured":"Narayanan, A., Jennings, C., Bergkvist, A., Burnett, D.C.: WebRTC 1.0: Real-time Communication Between Browsers. W3C working draft, W3C, September 2013. http:\/\/www.w3.org\/TR\/2013\/WD-webrtc-20130910\/"},{"key":"19_CR32","doi-asserted-by":"publisher","unstructured":"Nikiforakis, N., et al.: You are what you include: large-scale evaluation of remote JavaScript inclusions. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 736\u2013747. ACM, New York (2012). https:\/\/doi.org\/10.1145\/2382196.2382274","DOI":"10.1145\/2382196.2382274"},{"key":"19_CR33","unstructured":"NumPy. http:\/\/www.numpy.org\/ . Accessed 15 Apr 2018"},{"key":"19_CR34","doi-asserted-by":"publisher","unstructured":"Nurminen, J., Meyn, A., Jalonen, E., Raivio, Y., Marrero, R.G.: P2P media streaming with HTML5 and WebRTC. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 63\u201364, April 2013. https:\/\/doi.org\/10.1109\/INFCOMW.2013.6970739","DOI":"10.1109\/INFCOMW.2013.6970739"},{"key":"19_CR35","unstructured":"Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iFRAMEs point to us. In: Proceedings of the 17th Conference on Security Symposium, SS 2008, pp. 1\u201315. USENIX Association, Berkeley (2008)"},{"key":"19_CR36","unstructured":"Rescorla, E.: IETF-draft: WebRTC Security Architecture, March 2015. https:\/\/tools.ietf.org\/html\/draft-ietf-rtcweb-security-arch-11 . Accessed 15 Apr 2018"},{"key":"19_CR37","doi-asserted-by":"publisher","unstructured":"Rhinow, F., Veloso, P.P., Puyelo, C., Barrett, S., Nuallain, E.O.: P2P live video streaming in WebRTC. In: 2014 World Congress on Computer Applications and Information Systems, WCCAIS, pp. 1\u20136, January 2014. https:\/\/doi.org\/10.1109\/WCCAIS.2014.6916588","DOI":"10.1109\/WCCAIS.2014.6916588"},{"key":"19_CR38","doi-asserted-by":"crossref","unstructured":"Rosenberg, J., Mahy, R., Matthews, P., Wing, D.: RFC5389: Session traversal utilities for NAT (STUN). RFC 5389, RFC Editor, October 2008. https:\/\/tools.ietf.org\/html\/rfc5389","DOI":"10.17487\/rfc5389"},{"key":"19_CR39","unstructured":"SeleniumHQ: Browser Automation. http:\/\/www.seleniumhq.org\/ . Accessed 15 Apr 2018"},{"key":"19_CR40","unstructured":"Telegraph, T.: YouTube shuts down hidden cryptojacking adverts. http:\/\/www.telegraph.co.uk\/technology\/2018\/01\/29\/youtube-shuts-hidden-crypto-jacking-adverts\/ . Accessed 15 Jan 2018"},{"key":"19_CR41","doi-asserted-by":"publisher","unstructured":"Thomas, K., et al.: Ad injection at scale: assessing deceptive advertisement modifications. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy, SP 2015, pp. 151\u2013167. IEEE Computer Society, Washington, DC (2015). https:\/\/doi.org\/10.1109\/SP.2015.17","DOI":"10.1109\/SP.2015.17"},{"key":"19_CR42","unstructured":"Thomson, M.: CSP for WebRTC. https:\/\/lists.w3.org\/Archives\/Public\/public-webappsec\/2014Aug\/0162.html . Accessed 15 Apr 2018"},{"key":"19_CR43","unstructured":"W3CScools: HTML Iframe sandbox Attribute. https:\/\/www.w3schools.com\/tags\/att_iframe_sandbox.asp . Accessed 15 Apr 2018"},{"key":"19_CR44","doi-asserted-by":"publisher","unstructured":"Weichselbaum, L., Spagnuolo, M., Lekies, S., Janc, A.: CSP is dead, long live CSP! On the insecurity of whitelists and the future of content security policy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1376\u20131387. ACM, New York (2016). https:\/\/doi.org\/10.1145\/2976749.2978363","DOI":"10.1145\/2976749.2978363"},{"key":"19_CR45","unstructured":"West, M.: Content Security Policy Level 3. https:\/\/www.w3.org\/TR\/2016\/WD-CSP3-20160913\/ . Accessed 15 Apr 2018"},{"key":"19_CR46","unstructured":"West, M.: WebRTC via \u2018connect-src\u2019? https:\/\/www.w3.org\/2011\/webappsec\/track\/issues\/67 . Accessed 15 Apr 2018"},{"key":"19_CR47","doi-asserted-by":"publisher","unstructured":"Zhang, L., Zhou, F., Mislove, A., Sundaram, R.: Maygh: building a CDN from client web browsers. In: Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013, pp. 281\u2013294. ACM, New York (2013). https:\/\/doi.org\/10.1145\/2465351.2465379","DOI":"10.1145\/2465351.2465379"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01704-0_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T06:04:04Z","timestamp":1573625044000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-01704-0_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030017033","9783030017040"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01704-0_19","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/securecomm.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}