{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T21:04:27Z","timestamp":1726002267136},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030051709"},{"type":"electronic","value":"9783030051716"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-05171-6_22","type":"book-chapter","created":{"date-parts":[[2018,12,5]],"date-time":"2018-12-05T15:52:06Z","timestamp":1544025126000},"page":"427-447","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["MySecPol: A Client-Side Policy Language for Safe and Secure Browsing"],"prefix":"10.1007","author":[{"given":"Amit","family":"Pathania","sequence":"first","affiliation":[]},{"given":"B. S.","family":"Radhika","sequence":"additional","affiliation":[]},{"given":"Rudrapatna","family":"Shyamasundar","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,5]]},"reference":[{"key":"22_CR1","unstructured":"Bichhawat, A., Rajani, V., Jain, J., Garg, D., Hammer, C.: WebPol: fine-grained information flow policies for web browsers. CoRR abs\/1706.06932 (2017). \nhttp:\/\/arxiv.org\/abs\/1706.06932"},{"key":"22_CR2","doi-asserted-by":"publisher","unstructured":"Cao, Y., Li, Z., Rastogi, V., Chen, Y., Wen, X.: Virtual browser: a virtualized browser to sandbox third-party JavaScripts with enhanced security. In: Proceedings of the 7th ACM CCS. ASIACCS 2012, pp. 8\u20139. ACM, New York (2012). \nhttps:\/\/doi.org\/10.1145\/2414456.2414460","DOI":"10.1145\/2414456.2414460"},{"key":"22_CR3","unstructured":"World Wide Web Consortium: Subresource integrity (2016). \nhttps:\/\/www.w3.org\/TR\/SRI\/"},{"key":"22_CR4","unstructured":"Council of European Union: Council regulation (EU) no 679\/2016. In: Official Journal of the European Union, vol. L119 (4 May 2016), pp. 1\u201388 (2016). \nhttps:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32016R0679"},{"key":"22_CR5","unstructured":"Crockford, D.: ADsafe: making JavaScript safe for advertising (2008). \nhttp:\/\/www.adsafe.org\/"},{"key":"22_CR6","doi-asserted-by":"publisher","unstructured":"De Groef, W., Devriese, D., Nikiforakis, N., Piessens, F.: FlowFox: a web browser with flexible and precise information flow control. In: Proceedings of the 2012 ACM CCS. CCS 2012, pp. 748\u2013759. ACM, New York (2012). \nhttps:\/\/doi.org\/10.1145\/2382196.2382275","DOI":"10.1145\/2382196.2382275"},{"key":"22_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/978-3-642-11747-3_2","volume-title":"Engineering Secure Software and Systems","author":"P Ryck De","year":"2010","unstructured":"De Ryck, P., Desmet, L., Heyman, T., Piessens, F., Joosen, W.: CsFire: transparent client-side mitigation of malicious cross-domain requests. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 18\u201334. Springer, Heidelberg (2010). \nhttps:\/\/doi.org\/10.1007\/978-3-642-11747-3_2"},{"key":"22_CR8","doi-asserted-by":"publisher","unstructured":"De Ryck, P., Nikiforakis, N., Desmet, L., Joosen, W.: TabShots: client-side detection of tabnabbing attacks. In: Proceedings of the 8th ACM SIGSAC. ASIA CCS 2013, pp. 447\u2013456. ACM, New York (2013). \nhttps:\/\/doi.org\/10.1145\/2484313.2484371","DOI":"10.1145\/2484313.2484371"},{"key":"22_CR9","unstructured":"MDN Web Docs: EvalInSandbox reference (2017). \nhttps:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Tech\/XPCOM\/Language_Bindings\/Components.utils.evalInSandbox"},{"key":"22_CR10","unstructured":"MDN Web Docs: Javascript strict mode reference (2018). \nhttps:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Strict_mode"},{"key":"22_CR11","unstructured":"Electronic Frontier Foundation: HTTPS everywhere, June 2018. \nhttps:\/\/github.com\/efforg\/https-everywhere"},{"key":"22_CR12","unstructured":"Gallagher, N.: Chrome tab limit (2013). \nhttps:\/\/github.com\/necolas\/chrome-tab-limit"},{"key":"22_CR13","unstructured":"W3C Working Group: Content security policy (2015). \nhttps:\/\/www.w3.org\/TR\/CSP1\/"},{"key":"22_CR14","unstructured":"Hill, R.: uMatrix, July 2018. \nhttps:\/\/github.com\/gorhill\/uMatrix"},{"key":"22_CR15","unstructured":"Abine Inc.: Abine blur, May 2018. \nhttps:\/\/www.abine.com\/index.htm"},{"key":"22_CR16","unstructured":"Ghostery Inc.: Ghostery, June 2018. \nhttps:\/\/www.ghostery.com\/"},{"key":"22_CR17","unstructured":"InformAction: Noscript (2018). \nhttps:\/\/noscript.net\/"},{"key":"22_CR18","unstructured":"Lingamneni, S.: Simpleblock (2017). \nhttps:\/\/github.com\/slingamn\/simpleblock"},{"key":"22_CR19","unstructured":"Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 29\u201342. USENIX Association, Berkeley (2001). \nhttp:\/\/dl.acm.org\/citation.cfm?id=647054.715771"},{"key":"22_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1007\/978-3-642-03549-4_15","volume-title":"Financial Cryptography and Data Security","author":"Z Mao","year":"2009","unstructured":"Mao, Z., Li, N., Molloy, I.: Defeating cross-site request forgery attacks with browser-enforced authenticity protection. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 238\u2013255. Springer, Heidelberg (2009). \nhttps:\/\/doi.org\/10.1007\/978-3-642-03549-4_15"},{"key":"22_CR21","unstructured":"Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: safe active content in sanitized Javascript, 1 June 2017. \nhttps:\/\/developers.google.com\/caja\/"},{"key":"22_CR22","doi-asserted-by":"crossref","unstructured":"Meyerovich, L.A., Livshits, B.: ConScript: specifying and enforcing fine-grained security policies for Javascript in the browser. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy. SP 2010, pp. 481\u2013496 (2010)","DOI":"10.1109\/SP.2010.36"},{"key":"22_CR23","unstructured":"Mrowetz, M.: Performance-analyser, May 2015. \nhttps:\/\/github.com\/micmro\/performance-bookmarklet\/"},{"key":"22_CR24","unstructured":"WhiteHat Security: Application security statistics report 2017 (2017). \nhttps:\/\/info.whitehatsec.com\/rs\/675-YBI-674\/images\/WHS%202017%20Application%20Security%20Report%20FINAL.pdf?"},{"key":"22_CR25","doi-asserted-by":"publisher","unstructured":"Telikicherla, K.C., Agrawall, A., Choppella, V.: A formal model of web security showing malicious cross origin requests and its mitigation using CORP. In: Proceedings of the 3rd ICISSP, pp. 516\u2013523 (2017). \nhttps:\/\/doi.org\/10.5220\/0006261105160523","DOI":"10.5220\/0006261105160523"},{"key":"22_CR26","doi-asserted-by":"crossref","unstructured":"Weichselbaum, L., Spagnuolo, M., Lekies, S., Janc, A.: CSP is dead, long live CSP On the insecurity of whitelists and the future of content security policy. In: Proceedings of the 23rd ACM CCS, Vienna, Austria (2016)","DOI":"10.1145\/2976749.2978363"},{"key":"22_CR27","doi-asserted-by":"publisher","unstructured":"Zhou, Y., Evans, D.: Understanding and monitoring embedded web scripts. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy. SP 2015, pp. 850\u2013865, IEEE Computer Society, Washington, DC (2015). \nhttps:\/\/doi.org\/10.1109\/SP.2015.57","DOI":"10.1109\/SP.2015.57"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-05171-6_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,12,5]],"date-time":"2018-12-05T16:05:56Z","timestamp":1544025956000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-05171-6_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030051709","9783030051716"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-05171-6_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bangalore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 December 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.iciss.org.in","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"51","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"45% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}