{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,31]],"date-time":"2025-08-31T10:38:28Z","timestamp":1756636708756,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":50,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642292521"},{"type":"electronic","value":"9783642292538"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-29253-8_1","type":"book-chapter","created":{"date-parts":[[2012,4,5]],"date-time":"2012-04-05T08:38:38Z","timestamp":1333615118000},"page":"1-19","source":"Crossref","is-referenced-by-count":1,"title":["Scalable Integrity-Guaranteed AJAX"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Moyer","sequence":"first","affiliation":[]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[]},{"given":"Patrick","family":"McDaniel","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"1_CR1","unstructured":"Ajax IM \u2013 Instant Messaging Framework, http:\/\/ajaxim.com\/"},{"key":"1_CR2","unstructured":"Anonymized for submission"},{"key":"1_CR3","unstructured":"Gmail, http:\/\/mail.google.com\/"},{"key":"1_CR4","unstructured":"PXSC52 - Security Protocol Processor PCI-X Server Adapter \/ CN1520, http:\/\/www.silicom-usa.com\/default.asp?contentID=677"},{"key":"1_CR5","unstructured":"Performance Impacts of AJAX Development (October 2010), http:\/\/www.webperformanceinc.com\/library\/reports\/AjaxBandwidth\/"},{"key":"1_CR6","unstructured":"Apache: JMeter \u2013 Apache JMeter, http:\/\/jakarta.apache.org\/jmeter\/"},{"key":"1_CR7","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1145\/1653662.1653711","volume-title":"CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security","author":"C. Castelluccia","year":"2009","unstructured":"Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 400\u2013409. ACM, New York (2009)"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-540-78440-1_7","volume-title":"Public Key Cryptography \u2013 PKC 2008","author":"D. Catalano","year":"2008","unstructured":"Catalano, D., Di Raimondo, M., Fiore, D., Gennaro, R.: Off-Line\/On-Line Signatures: Theoretical Aspects and Experimental Results. In: Cramer, R. (ed.) PKC 2008. LNCS, vol.\u00a04939, pp. 101\u2013120. Springer, Heidelberg (2008)"},{"key":"1_CR9","first-page":"1","volume-title":"SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium","author":"S. Chong","year":"2007","unstructured":"Chong, S., Vikram, K., Myers, A.C.: Sif: enforcing confidentiality and integrity in web applications. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1\u201316. USENIX Association, Berkeley (2007)"},{"key":"1_CR10","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1145\/1559845.1559875","volume-title":"SIGMOD 2009: Proceedings of the 35th SIGMOD International Conference on Management of Data","author":"B.J. Corcoran","year":"2009","unstructured":"Corcoran, B.J., Swamy, N., Hicks, M.: Cross-tier, label-based security enforcement for web applications. In: SIGMOD 2009: Proceedings of the 35th SIGMOD International Conference on Management of Data, pp. 269\u2013282. ACM, New York (2009)"},{"key":"1_CR11","unstructured":"Corporation, M.: Microsoft Next-Generation Secure Computing Base, http:\/\/www.microsoft.com\/resources\/ngscb\/default.mspx"},{"key":"1_CR12","unstructured":"cPanel: Components of Random JavaScript Toolkit Identified (January 2008), http:\/\/blog.cpanel.net\/?p=31"},{"issue":"10","key":"1_CR13","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1109\/2.955100","volume":"34","author":"J.G. Dyer","year":"2001","unstructured":"Dyer, J.G., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.W., Weingart, S.: Building the IBM 4758 Secure Coprocessor. Computer\u00a034(10), 57\u201366 (2001)","journal-title":"Computer"},{"issue":"1","key":"1_CR14","first-page":"1","volume":"16","author":"C. Ellison","year":"2000","unstructured":"Ellison, C., Schneier, B.: Ten risks of pki: What you\u2019re not being told about public key infrastructure. Computer Security Journal\u00a016(1), 1\u20137 (2000)","journal-title":"Computer Security Journal"},{"key":"1_CR15","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/BF02254791","volume":"9","author":"S. Even","year":"1996","unstructured":"Even, S., Goldreich, O., Micali, S.: On-line\/off-line digital signatures. Journal of Cryptology\u00a09, 35\u201367 (1996), http:\/\/dx.doi.org\/10.1007\/BF02254791 , doi:10.1007\/BF02254791","journal-title":"Journal of Cryptology"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Gaspard, C., Goldberg, S., Itani, W., Bertino, E., Nita-Rotaru, C.: Sine: Cache-friendly integrity for the web. In: 5th IEEE Workshop on Secure Network Protocols, NPSec 2009, pp. 7\u201312 (2009)","DOI":"10.1109\/NPSEC.2009.5342250"},{"key":"1_CR17","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1109\/CSAC.2005.53","volume-title":"ACSAC 2005: Proceedings of the 21st Annual Computer Security Applications Conference","author":"J.T. Giffin","year":"2005","unstructured":"Giffin, J.T., Christodorescu, M., Kruger, L.: Strengthening software self-checksumming via self-modifying code. In: ACSAC 2005: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 23\u201332. IEEE Computer Society, Washington, DC (2005)"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Hicks, B., Rueda, S., King, D., Moyer, T., Schiffman, J., Sreenivasan, Y., McDaniel, P., Jaeger, T.: An Architecture for Enforcing End-to-End Access Control Over Web Applications. In: Proceedings of the 2010 Symposium on Access Control Models and Technologies, SACMAT 2010 (2010)","DOI":"10.1145\/1809842.1809870"},{"key":"1_CR19","unstructured":"Iglio, P.: TrustedBox: A Kernel-Level Integrity Checker. In: Proc. of ACSAC 1999, Washington, DC (December 1999)"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: Proc. of ACM SACMAT 2006 (June 2006)","DOI":"10.1145\/1133058.1133063"},{"key":"1_CR21","first-page":"265","volume-title":"ACSAC 2001: Proceedings of the 17th Annual Computer Security Applications Conference","author":"S. Jiang","year":"2001","unstructured":"Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: ACSAC 2001: Proceedings of the 17th Annual Computer Security Applications Conference, p. 265. IEEE Computer Society, Washington, DC (2001)"},{"key":"1_CR22","unstructured":"Jiang, S.: WebALPS Implementation and Performance Analysis: Using Trusted Co-servers to Enhance Privacy and Security of Web Interactions. Master\u2019s thesis, Dartmouth College (2001)"},{"key":"1_CR23","first-page":"21","volume-title":"SSYM 2003: Proceedings of the 12th Conference on USENIX Security Symposium","author":"R. Kennell","year":"2003","unstructured":"Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: SSYM 2003: Proceedings of the 12th Conference on USENIX Security Symposium, p. 21. USENIX Association, Berkeley (2003)"},{"key":"1_CR24","unstructured":"Lesniewski-Lass, C., Kaashoek, M.F.: SSL splitting: securely serving data from untrusted caches. In: Proc. of USENIX Security Symposium, Washington, DC (August 2003)"},{"key":"1_CR25","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1145\/1314354.1314362","volume-title":"STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing","author":"P.A. Loscocco","year":"2007","unstructured":"Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 21\u201329. ACM, New York (2007)"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Merkle, R.: Protocols for public key cryptosystems. In: Proc. of the IEEE Symposium on Research in Security and Privacy, Oakland, CA (April 1980)","DOI":"10.1109\/SP.1980.10006"},{"key":"1_CR27","unstructured":"Mohay, G., Zellers, J.: Kernel and Shell Based Applications Integrity Assurance. In: Proceedings of the 13th Annual Computer Security Applications Conference (ACSAC 1997), San Diego, CA (December 1997)"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Moyer, T., Butler, K., Schiffman, J., McDaniel, P., Jaeger, T.: Scalable Web Content Attestation. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference (2009)","DOI":"10.1109\/ACSAC.2009.19"},{"key":"1_CR29","unstructured":"Moyer, T., McDaniel, P.: Scalable Integrity-Guaranteed AJAX. Tech. Rep. NAS-TR-0149-2011, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA (March 2011)"},{"key":"1_CR30","unstructured":"Nadji, Y., Saxena, P., Song, D.: Document structure integrity: A robust basis for cross-site scripting defense. In: Proceeding of the Network and Distributed System Security Symposium (NDSS 2009) (2009)"},{"key":"1_CR31","volume-title":"Designing Web Usability: The Practice of Simplicity","author":"J. Nielsen","year":"1999","unstructured":"Nielsen, J.: Designing Web Usability: The Practice of Simplicity. New Riders Publishing, Thousand Oaks (1999)"},{"key":"1_CR32","unstructured":"Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot\u2013a Coprocessor-based Kernel Runtime Integrity Monitor. In: Proc. of USENIX Security Symposium, San Diego, CA (August 2004)"},{"key":"1_CR33","unstructured":"Rabin, M.O.: Digitalized signatures and public-key functions as intractable as factorization. Report TR-212, Lab. for Computer Science, MIT (1979)"},{"key":"1_CR34","unstructured":"Raza, M.A.: A Leading Pakistani Bank\u2019s Website Got Compromised, http:\/\/propakistani.pk\/2008\/12\/26\/bank-got-hacked-pakistan\/"},{"key":"1_CR35","first-page":"31","volume-title":"Proc. of NSDI 2008","author":"C. Reis","year":"2008","unstructured":"Reis, C., Gribble, S.D., Kohno, T., Weaver, N.C.: Detecting in-flight page changes with web tripwires. In: Proc. of NSDI 2008, pp. 31\u201344. USENIX Association, Berkeley (2008)"},{"issue":"2","key":"1_CR36","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R.L. Rivest","year":"1978","unstructured":"Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM\u00a021(2), 120\u2013126 (1978)","journal-title":"Commun. ACM"},{"key":"1_CR37","unstructured":"Robertson, W., Vigna, G.: Static Enforcement of Web Application Integrity Through Strong Typing. In: Proceedings of the USENIX Security Symposium (2009)"},{"key":"1_CR38","unstructured":"Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proc. of USENIX Security Symposium, San Diego, CA (August 2004)"},{"key":"1_CR39","unstructured":"Security Space: Secure Server Survey (June 2009), http:\/\/www.securityspace.com\/s_survey\/sdata\/200906\/certca.html"},{"issue":"11","key":"1_CR40","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1145\/581571.581590","volume":"45","author":"S. Sedaghat","year":"2002","unstructured":"Sedaghat, S., Pieprzyk, J., Vossough, E.: On-the-fly web content integrity check boosts users\u2019 confidence. Commun. ACM\u00a045(11), 33\u201337 (2002)","journal-title":"Commun. ACM"},{"key":"1_CR41","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: Swatt: software-based attestation for embedded devices, pp. 272\u2013282 (May 2004)","DOI":"10.1109\/SECPRI.2004.1301329"},{"key":"1_CR42","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In: Proc. of the 20th ACM Symposium on Operating Systems Principles (SOSP 2005), Brighton, United Kingdom (October 2005)","DOI":"10.1145\/1095810.1095812"},{"issue":"1","key":"1_CR43","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/353323.353383","volume":"3","author":"D. Spinellis","year":"2000","unstructured":"Spinellis, D.: Reflection as a mechanism for software integrity verification. ACM Trans. Inf. Syst. Secur.\u00a03(1), 51\u201362 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"1_CR44","unstructured":"Suh, E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architectures for Tamper-Evident and Tamper-Resistant Processing. In: Proc. of the 17th International Conference on Supercomputing (June 2003)"},{"key":"1_CR45","doi-asserted-by":"crossref","unstructured":"Ter Louw, M., Venkatakrishnan, V.: Blueprint: Precise Browser-neutral Prevention of Cross-site Scripting Attacks. In: 30th IEEE Symposium on Security and Privacy (2009)","DOI":"10.1109\/SP.2009.33"},{"key":"1_CR46","unstructured":"Trusted Computing Group: TPM Working Group, https:\/\/www.trustedcomputinggroup.org\/groups\/tpm\/"},{"key":"1_CR47","unstructured":"Trusted Computing Group: Trusted Platform Module Specifications, http:\/\/www.trustedcomputinggroup.org\/developers\/trusted_platform_module\/specifications"},{"key":"1_CR48","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1145\/1653662.1653685","volume-title":"CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security","author":"K. Vikram","year":"2009","unstructured":"Vikram, K., Prateek, A., Livshits, B.: Ripley: automatically securing web 2.0 applications through replicated execution. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 173\u2013186. ACM, New York (2009)"},{"key":"1_CR49","first-page":"127","volume-title":"SP 2005: Proceedings of the 2005 IEEE Symposium on Security and Privacy","author":"G. Wurster","year":"2005","unstructured":"Wurster, G., Oorschot, P.C.v., Somayaji, A.: A generic attack on checksumming-based software tamper resistance. In: SP 2005: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 127\u2013138. IEEE Computer Society, Washington, DC (2005)"},{"key":"1_CR50","first-page":"18","volume":"9","author":"X. Zhang","year":"2005","unstructured":"Zhang, X., Chen, S., Sandhu, R.: Enhancing data authenticity and integrity in p2p systems. IEEE Internet Computing\u00a09, 18\u201325 (2005)","journal-title":"IEEE Internet Computing"}],"container-title":["Lecture Notes in Computer Science","Web Technologies and Applications"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-29253-8_1.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:18:23Z","timestamp":1742912303000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-29253-8_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642292521","9783642292538"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-29253-8_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}