{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T21:51:56Z","timestamp":1743112316498,"version":"3.40.3"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030129415"},{"type":"electronic","value":"9783030129422"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-12942-2_17","type":"book-chapter","created":{"date-parts":[[2019,2,5]],"date-time":"2019-02-05T08:26:50Z","timestamp":1549355210000},"page":"218-233","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Limited Proxying for Content Filtering Based on X.509 Proxy Certificate Profile"],"prefix":"10.1007","author":[{"given":"Islam","family":"Faisal","sequence":"first","affiliation":[]},{"given":"Sherif","family":"El-Kassas","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,2,6]]},"reference":[{"issue":"4","key":"17_CR1","doi-asserted-by":"publisher","first-page":"2070","DOI":"10.1109\/SURV.2013.030713.00020","volume":"15","author":"A Almomani","year":"2013","unstructured":"Almomani, A., Gupta, B., Atawneh, S., Meulenberg, A., Almomani, E.: A survey of phishing email filtering techniques. IEEE Commun. Surv. Tutor. 15(4), 2070\u20132090 (2013)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"17_CR2","unstructured":"Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13. ACM, New York (2013)"},{"key":"17_CR3","doi-asserted-by":"publisher","unstructured":"Bhargavan, K., Boureanu, I., Delignat-Lavaud, A., Fouque, P., Onete, C.: A formal treatment of accountable proxying over TLS. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 799\u2013816, May 2018. \n                    https:\/\/doi.org\/10.1109\/SP.2018.00021","DOI":"10.1109\/SP.2018.00021"},{"key":"17_CR4","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS (2011)"},{"key":"17_CR5","unstructured":"Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW 2001, p. 82. IEEE Computer Society, Washington, DC (2001). \n                    http:\/\/dl.acm.org\/citation.cfm?id=872752.873511"},{"issue":"1","key":"17_CR6","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/s10462-009-9109-6","volume":"29","author":"E Blanzieri","year":"2008","unstructured":"Blanzieri, E., Bryl, A.: A survey of learning-based techniques of email spam filtering. Artif. Intell. Rev. 29(1), 63\u201392 (2008)","journal-title":"Artif. Intell. Rev."},{"key":"17_CR7","doi-asserted-by":"publisher","unstructured":"Canali, D., Cova, M., Vigna, G., Kruegel, C.: Prophiler: a fast filter for the large-scale detection of malicious web pages. In: Proceedings of the 20th International Conference on World Wide Web, WWW 2011, pp. 197\u2013206. ACM, New York (2011). \n                    https:\/\/doi.org\/10.1145\/1963405.1963436","DOI":"10.1145\/1963405.1963436"},{"issue":"3","key":"17_CR8","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1109\/MC.2010.84","volume":"43","author":"TM Chen","year":"2010","unstructured":"Chen, T.M., Wang, V.: Web filtering and censoring. Computer 43(3), 94\u201397 (2010). \n                    https:\/\/doi.org\/10.1109\/MC.2010.84","journal-title":"Computer"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, RFC Editor, May 2008. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc5280.txt","DOI":"10.17487\/rfc5280"},{"key":"17_CR10","unstructured":"Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016(086), 1\u2013118 (2016)"},{"key":"17_CR11","doi-asserted-by":"publisher","unstructured":"Coughlin, M., Keller, E., Wustrow, E.: Trusted click: overcoming security issues of NFV in the cloud. In: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, SDN-NFVSec 2017, pp. 31\u201336. ACM, New York (2017). \n                    https:\/\/doi.org\/10.1145\/3040992.3040994","DOI":"10.1145\/3040992.3040994"},{"key":"17_CR12","doi-asserted-by":"publisher","unstructured":"Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1773\u20131788. ACM, New York (2017). \n                    https:\/\/doi.org\/10.1145\/3133956.3134063","DOI":"10.1145\/3133956.3134063"},{"key":"17_CR13","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.1. RFC 4346, RFC Editor, April 2006. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc4346.txt","DOI":"10.17487\/rfc4346"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. RFC 5246, RFC Editor, August 2008. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc5246.txt","DOI":"10.17487\/rfc5246"},{"key":"17_CR15","unstructured":"Dierks, T., Allen, C.: The TLS protocol version 1.0. RFC 2246, RFC Editor, January 1999. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc2246.txt"},{"key":"17_CR16","doi-asserted-by":"publisher","unstructured":"Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, SFCS 1981, pp. 350\u2013357. IEEE Computer Society, Washington, DC (1981). \n                    https:\/\/doi.org\/10.1109\/SFCS.1981.32","DOI":"10.1109\/SFCS.1981.32"},{"key":"17_CR17","unstructured":"Dornseif, M.: Government mandated blocking of foreign web content. arXiv preprint \n                    arXiv:cs\/0404005\n                    \n                   (2004)"},{"key":"17_CR18","unstructured":"Duan, H., Yuan, X., Wang, C.: LightBox: SGX-assisted secure network functions at near-native speed. CoRR abs\/1706.06261 (2017). \n                    http:\/\/arxiv.org\/abs\/1706.06261"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., et al.: The security impact of https interception. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2017)","DOI":"10.14722\/ndss.2017.23456"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Farrell, S., Housley, R., Turner, S.: An internet attribute certificate profile for authorization. RFC 5755, RFC Editor, January 2010","DOI":"10.17487\/rfc5755"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Farrell, S., Housley, R.: An internet attribute certificate profile for authorization. RFC 3281, RFC Editor, April 2002. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc3281.txt","DOI":"10.17487\/rfc3281"},{"key":"17_CR22","volume-title":"Computational Grids: The Future of High Performance Distributed Computing","author":"I Foster","year":"1998","unstructured":"Foster, I., Kesselman, C.: Computational Grids: The Future of High Performance Distributed Computing. Morgan Kaufmann, Los Altos (1998)"},{"key":"17_CR23","doi-asserted-by":"publisher","unstructured":"Foster, I., Kesselman, C.: The globus project: a status report. In: 1998 Proceedings of the Seventh Heterogeneous Computing Workshop (HCW 1998), pp. 4\u201318, March 1998. \n                    https:\/\/doi.org\/10.1109\/HCW.1998.666541","DOI":"10.1109\/HCW.1998.666541"},{"key":"17_CR24","doi-asserted-by":"publisher","unstructured":"Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, CCS 1998, pp. 83\u201392. ACM, New York (1998). \n                    https:\/\/doi.org\/10.1145\/288090.288111","DOI":"10.1145\/288090.288111"},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Freier, A., Karlton, P., Kocher, P.: The secure sockets layer (SSL) protocol version 3.0. RFC 6101, RFC Editor, August 2011. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc6101.txt","DOI":"10.17487\/rfc6101"},{"key":"17_CR26","doi-asserted-by":"crossref","unstructured":"Goltzsche, D., et al.: Endbox: scalable middlebox functions using client-side trusted execution. In: Proceedings of the 48th International Conference on Dependable Systems and Networks, DSN, vol. 18 (2018)","DOI":"10.1109\/DSN.2018.00048"},{"key":"17_CR27","doi-asserted-by":"publisher","unstructured":"Hammami, M., Chahir, Y., Chen, L.: WebGuard: web based adult content detection and filtering system. In: Proceedings IEEE\/WIC International Conference on Web Intelligence (WI 2003), pp. 574\u2013578, October 2003. \n                    https:\/\/doi.org\/10.1109\/WI.2003.1241271","DOI":"10.1109\/WI.2003.1241271"},{"issue":"2","key":"17_CR28","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1109\/TKDE.2006.34","volume":"18","author":"M Hammami","year":"2006","unstructured":"Hammami, M., Chahir, Y., Chen, L.: WebGuard: a web filtering engine combining textual, structural, and visual content-based analysis. IEEE Trans. Knowl. Data Eng. 18(2), 272\u2013284 (2006). \n                    https:\/\/doi.org\/10.1109\/TKDE.2006.34","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"17_CR29","doi-asserted-by":"publisher","unstructured":"Han, J., Kim, S., Ha, J., Han, D.: SGX-Box: enabling visibility on encrypted traffic using a secure middlebox module. In: Proceedings of the First Asia-Pacific Workshop on Networking, APNet 2017, pp. 99\u2013105. ACM, New York (2017). \n                    https:\/\/doi.org\/10.1145\/3106989.3106994","DOI":"10.1145\/3106989.3106994"},{"key":"17_CR30","doi-asserted-by":"crossref","unstructured":"Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions. In: HASP@ ISCA, p. 11 (2013)","DOI":"10.1145\/2487726.2488370"},{"key":"17_CR31","doi-asserted-by":"publisher","unstructured":"Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The SSL landscape: a thorough analysis of the X.509 PKI using active and passive measurements. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2011, pp. 427\u2013444. ACM, New York (2011). \n                    https:\/\/doi.org\/10.1145\/2068816.2068856","DOI":"10.1145\/2068816.2068856"},{"key":"17_CR32","doi-asserted-by":"crossref","unstructured":"Housley, R., Ford, W., Polk, T., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) Profile. RFC 3280, RFC Editor, April 2002. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc3280.txt","DOI":"10.17487\/rfc3280"},{"key":"17_CR33","doi-asserted-by":"publisher","unstructured":"Huang, L.S., Rice, A., Ellingsen, E., Jackson, C.: Analyzing forged SSL certificates in the wild. In: 2014 IEEE Symposium on Security and Privacy, pp. 83\u201397, May 2014. \n                    https:\/\/doi.org\/10.1109\/SP.2014.13","DOI":"10.1109\/SP.2014.13"},{"key":"17_CR34","unstructured":"Abstract Syntax Notation One (ASN.1): Specification of basic notation. Standard, International Telecommunication Union, August 2015"},{"key":"17_CR35","unstructured":"Kuvaiskii, D., Chakrabarti, S., Vij, M.: Snort intrusion detection system with Intel software guard extension (Intel SGX). CoRR abs\/1802.00508 (2018). \n                    http:\/\/arxiv.org\/abs\/1802.00508"},{"key":"17_CR36","unstructured":"Loreto, S., Mattsson, J., Skog, R., Spaak, H., Druta, D., Hafeez, M.: Explicit trusted proxy in HTTP\/2.0. Internet-Draft draft-loreto-httpbis-trusted-proxy20-01, IETF Secretariat, February 2014. \n                    http:\/\/www.ietf.org\/internet-drafts\/draft-loreto-httpbis-trusted-proxy20-01.txt"},{"key":"17_CR37","unstructured":"McGrew, D., Wing, D., Gladstone, P.: TLS proxy server extension. Internet-Draft draft-mcgrew-tls-proxy-server-01, IETF Secretariat, July 2012. \n                    http:\/\/www.ietf.org\/internet-drafts\/draft-mcgrew-tls-proxy-server-01.txt"},{"key":"17_CR38","doi-asserted-by":"crossref","unstructured":"McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP@ ISCA, p. 10 (2013)","DOI":"10.1145\/2487726.2488368"},{"key":"17_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"696","DOI":"10.1007\/978-3-642-39799-8_48","volume-title":"Computer Aided Verification","author":"S Meier","year":"2013","unstructured":"Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696\u2013701. Springer, Heidelberg (2013). \n                    https:\/\/doi.org\/10.1007\/978-3-642-39799-8_48"},{"issue":"1","key":"17_CR40","first-page":"58","volume":"1","author":"SJ Murdoch","year":"2008","unstructured":"Murdoch, S.J., Anderson, R.: Tools and technology of internet filtering. Access Denied: Pract. Policy Glob. Internet Filter. 1(1), 58 (2008)","journal-title":"Access Denied: Pract. Policy Glob. Internet Filter."},{"key":"17_CR41","doi-asserted-by":"publisher","unstructured":"Naylor, D., et al.: Multi-context TLS (mcTLS): enabling secure in-network functionality in TLS. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, SIGCOMM 2015, pp. 199\u2013212. ACM, New York (2015). \n                    https:\/\/doi.org\/10.1145\/2785956.2787482","DOI":"10.1145\/2785956.2787482"},{"key":"17_CR42","doi-asserted-by":"publisher","unstructured":"Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the grid: MyProxy. In: Proceedings 10th IEEE International Symposium on High Performance Distributed Computing, pp. 104\u2013111 (2001). \n                    https:\/\/doi.org\/10.1109\/HPDC.2001.945181","DOI":"10.1109\/HPDC.2001.945181"},{"key":"17_CR43","unstructured":"Poddar, R., Lan, C., Popa, R.A., Ratnasamy, S.: SafeBricks: shielding network functions in the cloud. In: 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2018), Renton, WA (2018)"},{"key":"17_CR44","doi-asserted-by":"publisher","unstructured":"Polpinij, J., Chotthanom, A., Sibunruang, C., Chamchong, R., Puangpronpitag, S.: Content-based text classifiers for pornographic web filtering. In: 2006 IEEE International Conference on Systems, Man and Cybernetics, vol. 2, pp. 1481\u20131485, October 2006. \n                    https:\/\/doi.org\/10.1109\/ICSMC.2006.384926","DOI":"10.1109\/ICSMC.2006.384926"},{"key":"17_CR45","doi-asserted-by":"publisher","unstructured":"Polpinij, J., Sibunruang, C., Paungpronpitag, S., Chamchong, R., Chotthanom, A.: A web pornography patrol system by content-based analysis: in particular text and image. In: 2008 IEEE International Conference on Systems, Man and Cybernetics, pp. 500\u2013505, October 2008. \n                    https:\/\/doi.org\/10.1109\/ICSMC.2008.4811326","DOI":"10.1109\/ICSMC.2008.4811326"},{"key":"17_CR46","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, RFC Editor, August 2018","DOI":"10.17487\/RFC8446"},{"key":"17_CR47","doi-asserted-by":"publisher","unstructured":"Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: BlindBox: deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, SIGCOMM 2015, pp. 213\u2013226. ACM, New York (2015). \n                    https:\/\/doi.org\/10.1145\/2785956.2787502","DOI":"10.1145\/2785956.2787502"},{"key":"17_CR48","doi-asserted-by":"publisher","unstructured":"Trach, B., Krohmer, A., Gregor, F., Arnautov, S., Bhatotia, P., Fetzer, C.: ShieldBox: secure middleboxes using shielded execution. In: Proceedings of the Symposium on SDN Research, SOSR 2018, pp. 2:1\u20132:14. ACM, New York (2018). \n                    https:\/\/doi.org\/10.1145\/3185467.3185469","DOI":"10.1145\/3185467.3185469"},{"key":"17_CR49","doi-asserted-by":"crossref","unstructured":"Tuecke, S., Welch, V., Pearlman, D.E.L., Thompson, M.: Internet X.509 public key infrastructure (PKI) proxy certificate profile. RFC 3820, RFC Editor, June 2004. \n                    http:\/\/www.rfc-editor.org\/rfc\/rfc3820.txt","DOI":"10.17487\/rfc3820"}],"container-title":["Lecture Notes in Computer Science","Innovative Security Solutions for Information Technology and Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-12942-2_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T22:38:51Z","timestamp":1558478331000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-12942-2_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030129415","9783030129422"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-12942-2_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 February 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SECITC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security for Information Technology and Communications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bucharest","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Romania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 November 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 November 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"itc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.secitc.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"70","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"35","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"2.0","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"5.0","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Three papers of invited keynote speakers are included.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}