{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T12:05:09Z","timestamp":1746273909414,"version":"3.40.3"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030654108"},{"type":"electronic","value":"9783030654115"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65411-5_6","type":"book-chapter","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T02:22:57Z","timestamp":1607480577000},"page":"107-126","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["HMAC and \u201cSecure Preferences\u201d: Revisiting Chromium-Based Browsers Security"],"prefix":"10.1007","author":[{"given":"Pablo","family":"Picazo-Sanchez","sequence":"first","affiliation":[]},{"given":"Gerardo","family":"Schneider","sequence":"additional","affiliation":[]},{"given":"Andrei","family":"Sabelfeld","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,12,9]]},"reference":[{"key":"6_CR1","unstructured":"spyware: Softonic (2019). https:\/\/www.2-spyware.com\/remove-softonic.html"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Aggarwal, A., Viswanath, B., Zhang, L., Kumar, S., Shah, A., Kumaraguru, P.: I spy with my little eye: analysis and detection of spying browser extensions. In: EuroS&P, pp. 47\u201361, April 2018","DOI":"10.1109\/EuroSP.2018.00012"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/978-3-319-45719-2_19","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"S Arshad","year":"2016","unstructured":"Arshad, S., Kharraz, A., Robertson, W.: Identifying extension-based ad injection via fine-grained web content provenance. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 415\u2013436. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45719-2_19"},{"key":"6_CR4","unstructured":"Awakesecurity: Discovery of a massive, criminal surveillance campaign (2020). https:\/\/awakesecurity.com\/blog\/the-internets-new-arms-dealers-malicious-domain-registrars\/"},{"issue":"9","key":"6_CR5","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/1995376.1995398","volume":"54","author":"S Bandhakavi","year":"2011","unstructured":"Bandhakavi, S., Tiku, N., Pittman, W., King, S.T., Madhusudan, P., Winslett, M.: Vetting browser extensions for security vulnerabilities with VEX. Commun. ACM 54(9), 91\u201399 (2011)","journal-title":"Commun. ACM"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Banescu, S., Pretschner, A., Battr\u00e9, D., Cazzulani, S., Shield, R., Thompson, G.: Software-based protection against changeware. In: CODASPY, pp. 231\u2013242 (2015)","DOI":"10.1145\/2699026.2699099"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Bos, J.W., Hubain, C., Michiels, W., Teuwen, P.: Differential computation analysis: hiding your white-box designs is not enough. In: CHES, pp. 215\u2013236 (2016)","DOI":"10.1007\/978-3-662-53140-2_11"},{"key":"6_CR8","unstructured":"Carlini, N., Felt, A.P., Wagner, D.: An evaluation of the google chrome extension security architecture. In: USENIX, pp. 97\u2013111 (2012)"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Chen, Q., Kapravelos, A.: Mystique: uncovering information leakage from browser extensions. In: CCS, p. 1687\u20131700 (2018)","DOI":"10.1145\/3243734.3243823"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Chow, S., Eisen, P., Johnson, H., Van Oorschot, P.C.: White-box cryptography and an AES implementation. In: Selected Areas in Cryptography, pp. 250\u2013270 (2003)","DOI":"10.1007\/3-540-36492-7_17"},{"key":"6_CR11","unstructured":"Chromium: No more silent extension installs (2019). http:\/\/blog.chromium.org"},{"key":"6_CR12","unstructured":"Cimpanu, C.: Windows 10 to get PUA\/PUP protection feature (2020). https:\/\/www.zdnet.com\/article\/windows-10-to-get-puapup-protection-feature\/"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Dhawan, M., Ganapathy, V.: Analyzing information flow in Javascript-based browser extensions. In: ACSAC, pp. 382\u2013391 (2009)","DOI":"10.1109\/ACSAC.2009.43"},{"key":"6_CR14","unstructured":"Forrest, S., Somayaji, A., Ackley, D.H.: Building diverse computer systems. In: Workshop on Hot Topics in Operating Systems, pp. 67\u201372, May 1997"},{"key":"6_CR15","unstructured":"gs.statcounter: Browser market share (2020). https:\/\/gs.statcounter.com\/browser-market-share"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Guha, A., Fredrikson, M., Livshits, B., Swamy, N.: Verified security for browser extensions. In: S&P, pp. 115\u2013130 (2011)","DOI":"10.1109\/SP.2011.36"},{"key":"6_CR17","unstructured":"HMAC: Chromium Secure Preferences (2019). https:\/\/kaimi.io\/2015\/04\/google-chrome-and-secure-preferences\/"},{"key":"6_CR18","unstructured":"Jagpal, N., et al.: Trends and lessons from three years fighting malicious extensions. In: USENIX, pp. 579\u2013593 (2015)"},{"key":"6_CR19","unstructured":"Kapravelos, A., Grier, C., Chachra, N., Kruegel, C., Vigna, G., Paxson, V.: Hulk: eliciting malicious behavior in browser extensions. In: USENIX, pp. 641\u2013654 (2014)"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Karami, S., Ilia, P., Solomos, K., Polakis, J.: Carnus: exploring the privacy threats of browser extension fingerprinting. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24383"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Kotzias, P., Matic, S., Rivera, R., Caballero, J.: Certified pup: abuse in authenticode code signing. In: CCS, pp. 465\u2013478 (2015)","DOI":"10.1145\/2810103.2813665"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication. Internet Engineering Task Force (IETF) (1997)","DOI":"10.17487\/rfc2104"},{"key":"6_CR23","unstructured":"Laperdrix, P., Bielova, N., Baudry, B., Avoine, G.: Browser fingerprinting: a survey. CoRR abs\/1905.01051 (2019). http:\/\/arxiv.org\/abs\/1905.01051"},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-40203-6_4","volume-title":"Computer Security \u2013 ESORICS 2013","author":"BS Lerner","year":"2013","unstructured":"Lerner, B.S., Elberty, L., Poole, N., Krishnamurthi, S.: Verifying web browser extensions\u2019 compliance with private-browsing mode. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 57\u201374. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40203-6_4"},{"key":"6_CR25","unstructured":"Malwarebytes: Billion-dollar search engine industry attracts vultures, shady advertisers, and cybercriminals (2020). https:\/\/blog.malwarebytes.com"},{"key":"6_CR26","unstructured":"Malwarebytes: WinYahoo (2020). https:\/\/blog.malwarebytes.com"},{"key":"6_CR27","unstructured":"Microsoft: Microsoft edge: making the web better through more open source collaboration (2019). https:\/\/bit.ly\/2QeZFwm"},{"key":"6_CR28","unstructured":"Microsoft: How windows 10 uses the trusted platform module (2020)"},{"key":"6_CR29","unstructured":"Microsoft: Windows defender and secure preferences file (2020). https:\/\/answers.microsoft.com"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Picazo-Sanchez, P., Tapiador, J., Schneider, G.: After you, please: browser extensions order attacks and countermeasures. Int. J. Inf. Securi. 1\u201316 (2019)","DOI":"10.1007\/s10207-019-00481-8"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Rogowski, R., Morton, M., Li, F., Monrose, F., Snow, K.Z., Polychronakis, M.: Revisiting browser security in the modern era: new data-only attacks and defenses. In: EuroS&P, pp. 366\u2013381, April 2017","DOI":"10.1109\/EuroSP.2017.39"},{"key":"6_CR32","unstructured":"S\u00e1nchez-Rola, I., Santos, I., Balzarotti, D.: Extension breakdown: security analysis of browsers extension resources control policies. In: USENIX, pp. 679\u2013694 (2017)"},{"key":"6_CR33","unstructured":"Sanfelix, E., Mune, C., de Haas, J.: Unboxing the white-box. In: Black Hat EU 2015 (2015)"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Sj\u00f6sten, A., Van Acker, S., Picazo-Sanchez, P., Sabelfeld, A.: LATEX GLOVES: protecting browser extensions from probing and revelation attacks. In: NDSS (2018)","DOI":"10.14722\/ndss.2019.23309"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Som\u00e9, D.F.: Empoweb: empowering web applications with browser extensions. In: S&P, pp. 227\u2013245, May 2019","DOI":"10.1109\/SP.2019.00058"},{"key":"6_CR36","doi-asserted-by":"crossref","unstructured":"Starov, O., Nikiforakis, N.: Xhound: quantifying the fingerprintability of browser extensions. In: S&P, pp. 941\u2013956 (2017)","DOI":"10.1109\/SP.2017.18"},{"key":"6_CR37","doi-asserted-by":"crossref","unstructured":"Starov, O., Laperdrix, P., Kapravelos, A., Nikiforakis, N.: Unnecessarily identifiable: quantifying the fingerprintability of browser extensions due to bloat. In: WWW, p. 3244\u20133250 (2019)","DOI":"10.1145\/3308558.3313458"},{"key":"6_CR38","unstructured":"Statcounter: Desktop Browser Market Share Worldwide (2019). https:\/\/gs.statcounter.com"},{"key":"6_CR39","unstructured":"UK, P.: Update Java, get yahoo as your default search engine (2019). https:\/\/uk.pcmag.com"},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Urban, T., Tatang, D., Holz, T., Pohlmann, N.: Towards understanding privacy implications of adware and potentially unwanted programs. In: ESORICS, pp. 449\u2013469 (2018)","DOI":"10.1007\/978-3-319-99073-6_22"},{"key":"6_CR41","doi-asserted-by":"crossref","unstructured":"Varshney, G., Misra, M., Atrey, P.K.: Detecting spying and fraud browser extensions: short paper. In: MPS, pp. 45\u201352 (2017)","DOI":"10.1145\/3137616.3137619"},{"key":"6_CR42","unstructured":"w3schools: Browser Statistics (2019). https:\/\/www.w3schools.com\/browsers\/"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Xing, X., et al.: Understanding malvertising through ad-injecting browser extensions. In: WWW, pp. 1286\u20131295 (2015)","DOI":"10.1145\/2736277.2741630"},{"key":"6_CR44","doi-asserted-by":"crossref","unstructured":"Zhao, R., Yue, C., Yi, Q.: Automatic detection of information leakage vulnerabilities in browser extensions. In: WWW, pp. 1384\u20131394 (2015)","DOI":"10.1145\/2736277.2741134"}],"container-title":["Lecture Notes in Computer Science","Cryptology and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65411-5_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,21]],"date-time":"2022-12-21T19:15:06Z","timestamp":1671650106000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-65411-5_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030654108","9783030654115"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65411-5_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"9 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CANS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Cryptology and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vienna","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cans2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/cans2020.at","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"118","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}