{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T08:06:59Z","timestamp":1761293219390},"publisher-location":"Cham","reference-count":46,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319138404"},{"type":"electronic","value":"9783319138411"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-13841-1_16","type":"book-chapter","created":{"date-parts":[[2014,12,3]],"date-time":"2014-12-03T08:02:35Z","timestamp":1417593755000},"page":"277-297","source":"Crossref","is-referenced-by-count":3,"title":["CORP: A Browser Policy to Mitigate Web Infiltration Attacks"],"prefix":"10.1007","author":[{"given":"Krishna Chaitanya","family":"Telikicherla","sequence":"first","affiliation":[]},{"given":"Venkatesh","family":"Choppella","sequence":"additional","affiliation":[]},{"given":"Bruhadeshwar","family":"Bezawada","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"16_CR1","unstructured":"W3C: History of the World Wide Web. Technical report (1989), \n                      \n                        http:\/\/www.w3.org\/Consortium\/facts#history"},{"key":"16_CR2","unstructured":"Pilgrim, M.: Dive into HTML5. Technical report, \n                      \n                        http:\/\/diveintohtml5.info\/past.html#history-of-the-img-element"},{"key":"16_CR3","unstructured":"Berners-Lee, T., Connolly, D.: Hypertext Markup Language \u2013 2.0. Technical Report RFC1866, W3C (1995), \n                      \n                        http:\/\/tools.ietf.org\/html\/rfc1866"},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 601\u2013610. ACM (2007)","DOI":"10.1145\/1242572.1242654"},{"key":"16_CR5","unstructured":"OWASP: XSS Prevention Cheat Sheet, https:\/\/www.owasp.org\/index.php\/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet"},{"key":"16_CR6","unstructured":"Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: NDSS (2007)"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Jayaraman, K., Du, W., Rajagopalan, B., Chapin, S.J.: Escudo: A fine-grained protection model for web browsers. In: 2010 IEEE 30th International Conference on Distributed Computing Systems (ICDCS), pp. 231\u2013240. IEEE (2010)","DOI":"10.1109\/ICDCS.2010.71"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Wikipedia: Netscape navigator 2 (1995), \n                      \n                        http:\/\/en.wikipedia.org\/wiki\/Netscape_Navigator_2","DOI":"10.1016\/1353-4858(95)90080-2"},{"key":"16_CR9","unstructured":"Zalewski, M.: Browser Security Handbook. Technical report (2011), \n                      \n                        https:\/\/code.google.com\/p\/browsersec\/wiki\/Part2#Same-origin_policy"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Stamm, S., Sterne, B., Markham, G.: Reining in the web with content security policy. In: Proceedings of the 19th International Conference on World Wide Web, pp. 921\u2013930. ACM (2010)","DOI":"10.1145\/1772690.1772784"},{"key":"16_CR11","unstructured":"OWASP: CSRF Guard (2007), \n                      \n                        https:\/\/www.owasp.org\/index.php\/CSRF_Guard"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Bortz, A., Boneh, D.: Exposing private information by timing web applications. In: Proceedings of the 16th International Conference on World Wide Web, pp. 621\u2013628. ACM (2007)","DOI":"10.1145\/1242572.1242656"},{"key":"16_CR13","unstructured":"Microsoft: Combating ClickJacking With X-Frame-Options. Blog (March 2010), \n                      \n                        http:\/\/blogs.msdn.com\/b\/ieinternals\/archive\/2010\/03\/30\/combating-clickjacking-with-x-frame-options.aspx"},{"key":"16_CR14","unstructured":"Maone, G., Huang, D.L.S., Gondrom, T., Hill, B.: User Interface Security Directives for Content Security Policy (September 2013), \n                      \n                        https:\/\/dvcs.w3.org\/hg\/user-interface-safety\/raw-file\/tip\/user-interface-safety.html"},{"key":"16_CR15","doi-asserted-by":"crossref","unstructured":"Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: 2010 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 290\u2013304. IEEE (2010)","DOI":"10.1109\/CSF.2010.27"},{"key":"16_CR16","unstructured":"Jackson, D.: Software Abstractions: Logic. Language, and Analysis. The MIT Press (2006)"},{"key":"16_CR17","unstructured":"OWASP: OWASP Top Ten Project, \n                      \n                        https:\/\/www.owasp.org\/index.php\/Category:OWASP_Top_Ten_Project"},{"key":"16_CR18","unstructured":"Hansen, R., Grossman, J.: Clickjacking. Blog (December 2008), \n                      \n                        http:\/\/www.sectheory.com\/clickjacking.htm"},{"key":"16_CR19","unstructured":"Facebook: Facebook, Washington State AG target clickjackers. Blog (January 2012), \n                      \n                        https:\/\/www.facebook.com\/notes\/facebook-security\/facebook-washington-state-ag-target-clickjackers\/10150494427000766"},{"key":"16_CR20","unstructured":"Stone, P.: Pixel perfect timing attacks with html5 (2013), \n                      \n                        http:\/\/contextis.com\/files\/Browser_Timing_Attacks.pdf"},{"key":"16_CR21","doi-asserted-by":"crossref","unstructured":"Kotcher, R., Pei, Y., Jumde, P.: Stealing cross-origin pixels: Timing attacks on css filters and shaders (2013), \n                      \n                        http:\/\/www.robertkotcher.com\/pdf\/TimingAttacks.pdf","DOI":"10.1145\/2508859.2516712"},{"key":"16_CR22","unstructured":"Jeremiah, G.: Introducing the \u2018I Know...\u2019 series. Blog (October 2012), \n                      \n                        https:\/\/blog.whitehatsec.com\/introducing-the-i-know-series\/"},{"key":"16_CR23","unstructured":"Heiderich, M.: CSRFx (2007), \n                      \n                        https:\/\/code.google.com\/p\/csrfx\/"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kirda, E., Kruegel, C.: Preventing cross site request forgery attacks. In: Securecomm and Workshops, pp. 1\u201310. IEEE (2006)","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"16_CR25","doi-asserted-by":"crossref","unstructured":"Oda, T., Wurster, G., van Oorschot, P., Somayaji, A.: SOMA: Mutual approval for included content in web pages. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 89\u201398. ACM (2008)","DOI":"10.1145\/1455770.1455783"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 75\u201388. ACM (2008)","DOI":"10.1145\/1455770.1455782"},{"key":"16_CR27","unstructured":"AdBlockPlus: HTTP Referer (2008), \n                      \n                        http:\/\/adblockplus.org\/blog\/http-referer-header-wont-help-you-with-csrf"},{"key":"16_CR28","unstructured":"Johns, M., Winter, J.: RequestRodeo: Client side protection against session riding. In: Proceedings of the OWASP Europe 2006 Conference (2006)"},{"key":"16_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1007\/978-3-642-03549-4_15","volume-title":"Financial Cryptography and Data Security","author":"Z. Mao","year":"2009","unstructured":"Mao, Z., Li, N., Molloy, I.: Defeating cross-site request forgery attacks with browser-enforced authenticity protection. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol.\u00a05628, pp. 238\u2013255. Springer, Heidelberg (2009)"},{"key":"16_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/978-3-642-11747-3_2","volume-title":"Engineering Secure Software and Systems","author":"P. Ryck De","year":"2010","unstructured":"De Ryck, P., Desmet, L., Heyman, T., Piessens, F., Joosen, W.: CsFire: Transparent client-side mitigation of malicious cross-domain requests. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol.\u00a05965, pp. 18\u201334. Springer, Heidelberg (2010)"},{"key":"16_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1007\/978-3-642-23822-2_6","volume-title":"Computer Security \u2013 ESORICS 2011","author":"P. Ryck De","year":"2011","unstructured":"De Ryck, P., Desmet, L., Joosen, W., Piessens, F.: Automatic and precise client-side protection against CSRF attacks. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol.\u00a06879, pp. 100\u2013116. Springer, Heidelberg (2011)"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Maes, W., Heyman, T., Desmet, L., Joosen, W.: Browser protection against cross-site request forgery. In: Proceedings of the First ACM Workshop on Secure Execution of Untrusted Code, pp. 3\u201310. ACM (2009)","DOI":"10.1145\/1655077.1655081"},{"key":"16_CR33","doi-asserted-by":"crossref","unstructured":"Czeskis, A., Moshchuk, A., Kohno, T., Wang, H.J.: Lightweight server support for browser-based CSRF protection. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 273\u2013284 (2013)","DOI":"10.1145\/2488388.2488413"},{"key":"16_CR34","first-page":"135","volume-title":"ASIACCS 2010","author":"M. Balduzzi","year":"2010","unstructured":"Balduzzi, M., Egele, M., Kirda, E., Balzarotti, D., Kruegel, C.: A solution for the automated detection of clickjacking attacks. In: ASIACCS 2010, pp. 135\u2013144. ACM, New York (2010)"},{"key":"16_CR35","unstructured":"Maone, G.: Hello ClearClick, goodbye clickjacking! Blog (October 2008), \n                      \n                        http:\/\/hackademix.net\/2008\/10\/08\/hello-clearclick-goodbye-clickjacking\/"},{"key":"16_CR36","unstructured":"Rydstedt, G., Bursztein, E., Boneh, D., Jackson, C.: Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In: IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010) (2010)"},{"key":"16_CR37","unstructured":"Huang, L.S., Moshchuk, A., Wang, H.J., Schechter, S., Jackson, C.: Clickjacking: Attacks and Defenses. In: USENIX Security Symposium (2012)"},{"key":"16_CR38","unstructured":"Huang, L., Jackson, C.: Clickjacking attacks unresolved. White paper, CyLab (2011), \n                      \n                        http:\/\/mayscript.com\/blog\/david\/clickjacking-attacks-unresolved"},{"key":"16_CR39","unstructured":"Lekies, S., Heiderich, M., Appelt, D., Holz, T., Johns, M.: On the fragility and limitations of current browser-provided clickjacking protection schemes. In: Woot 2012, USENIX Security Symposium. USENIX (2012)"},{"key":"16_CR40","doi-asserted-by":"crossref","unstructured":"Hodges: RFC 6797, HTTP Strict Transport Security (HSTS) (November 2012), \n                      \n                        http:\/\/tools.ietf.org\/html\/rfc6797","DOI":"10.17487\/rfc6797"},{"key":"16_CR41","unstructured":"Telikicherla, K.C.: Analyzing the new social engineering spam on facebook - lady with an axe. Blog post (June 2013), \n                      \n                        http:\/\/bit.ly\/FBSpamAxe"},{"key":"16_CR42","unstructured":"Nafeez, A.: Stealing Facebook Graph API Access Token: Yet Another UI Redressing Vector (September 2011), \n                      \n                        http:\/\/blog.skepticfx.com\/2011\/09\/facebook-graph-api-access-token.html"},{"key":"16_CR43","unstructured":"Kotowicz, K.: Cross domain content extraction with fake captcha, \n                      \n                        http:\/\/blog.kotowicz.net\/2011\/07\/cross-domain-content-extraction-with.html"},{"key":"16_CR44","unstructured":"Google: Life cycle of requests in Chrome.webRequest API (2013), \n                      \n                        http:\/\/developer.chrome.com\/extensions\/webRequest.html"},{"key":"16_CR45","unstructured":"Telikicherla, K.C.: CORP repository (October 2013), \n                      \n                        http:\/\/iiithyd-websec.github.io\/corp\/"},{"key":"16_CR46","unstructured":"Alexa: Alexa top sites (October 2013), \n                      \n                        http:\/\/www.alexa.com\/topsites"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-13841-1_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,28]],"date-time":"2019-05-28T19:23:55Z","timestamp":1559071435000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-13841-1_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319138404","9783319138411"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-13841-1_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}