{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:50:27Z","timestamp":1759092627596},"publisher-location":"Berlin, Heidelberg","reference-count":48,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642351297"},{"type":"electronic","value":"9783642351303"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-35130-3_2","type":"book-chapter","created":{"date-parts":[[2012,12,10]],"date-time":"2012-12-10T07:09:45Z","timestamp":1355123385000},"page":"16-34","source":"Crossref","is-referenced-by-count":7,"title":["VulnerableMe: Measuring Systemic Weaknesses in Mobile Browser Security"],"prefix":"10.1007","author":[{"given":"Chaitrali","family":"Amrutkar","sequence":"first","affiliation":[]},{"given":"Kapil","family":"Singh","sequence":"additional","affiliation":[]},{"given":"Arunabh","family":"Verma","sequence":"additional","affiliation":[]},{"given":"Patrick","family":"Traynor","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"150 Highest Paying Adsense Keywords Revealed!, \n \n http:\/\/earns-adsense.blogspot.com\/2008\/04\/150-highest-paying-adsense-keywords.html"},{"key":"2_CR2","unstructured":"Android Browser Exploit, \n \n http:\/\/threatpost.com\/en_us\/blogs\/researcher-publishes-android-browser-exploit-110810"},{"key":"2_CR3","unstructured":"Chrome, Firefox get clickjacked, \n \n http:\/\/www.zdnet.com.au\/chrome-firefox-get-clickjacked-339294633.html\/"},{"key":"2_CR4","unstructured":"Facebook clickjacking, \n \n http:\/\/personalmoneystore.com\/moneyblog\/2010\/08\/18\/facebook-clickjacking-social-network-scams\/"},{"key":"2_CR5","unstructured":"iPhone overflow clickjacking, \n \n http:\/\/ejohn.org\/blog\/clickjacking-iphone-attack\/"},{"key":"2_CR6","unstructured":"iPhone\u2019s Safari - Vulnerable To DoS Attacks, \n \n http:\/\/www.iphonebuzz.com\/iphone-safari-dos-bug-discovered-162212.php"},{"key":"2_CR7","unstructured":"Mobile Browser Market Share, \n \n http:\/\/gs.statcounter.com\/#mobile_browser-ww-daily-20120307-20120405"},{"key":"2_CR8","unstructured":"Overflow clickjacking, \n \n http:\/\/research.zscaler.com\/2008\/11\/clickjacking-iphone-style.html"},{"key":"2_CR9","unstructured":"Paying by the Click, \n \n http:\/\/www.nytimes.com\/2007\/10\/15\/us\/15bar.html?ref=us"},{"key":"2_CR10","unstructured":"Same-origin policy, \n \n http:\/\/code.google.com\/p\/browsersec\/wiki\/Part2#Same-origin_policy"},{"key":"2_CR11","unstructured":"Web-based Android attack, \n \n http:\/\/www.infoworld.com\/d\/security-central\/security-researcher-releases-web-based-android-attack-317?source=rss_security_central\/"},{"key":"2_CR12","unstructured":"Opera Presto 2.1 - Web standards supported by Opera\u2019s core (2011), \n \n http:\/\/dev.opera.com\/articles\/view\/presto-2-1-web-standards-supported-by\/"},{"key":"2_CR13","unstructured":"The WebKit Open Source Project (2011), \n \n http:\/\/webkit.org\/"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Adida, B.: Beamauth: two-factor web authentication with a bookmark. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2007)","DOI":"10.1145\/1315245.1315253"},{"key":"2_CR15","unstructured":"Aggarwal, G., Bursztein, E., Jackson, C., Boneh, D.: An Analysis of Private Browsing Modes in Modern Browsers. In: USENIX Security Symposium (2010)"},{"key":"2_CR16","unstructured":"Amrutkar, C., van Oorschot, P.C., Traynor, P.: An Empirical Evaluation of Security Indicators in Mobile Web Browsers. Georgia Tech Technical Report GT-CS-11-10 (2011)"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-642-33383-5_6","volume-title":"Information Security","author":"C. Amrutkar","year":"2012","unstructured":"Amrutkar, C., Traynor, P., van Oorschot, P.C.: Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road? In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol.\u00a07483, pp. 86\u2013103. Springer, Heidelberg (2012)"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Bandhakavi, S., King, S.T., Madhusudan, P., Winslett, M.: VEX: Vetting Browser Extensions For Security Vulnerabilities. In: Proceedings of the USENIX Security Symposium, SECURITY (2010)","DOI":"10.1145\/1995376.1995398"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Barth, A., Caballero, J., Song, D.: Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland (2009)","DOI":"10.1109\/SP.2009.3"},{"key":"2_CR20","unstructured":"Barth, A., Felt, A.P., Saxena, P., Boodman, A.: Protecting Browsers from Extension Vulnerabilities. In: Proceedings of the 17th Network and Distributed System Security Symposium, NDSS (2010)"},{"key":"2_CR21","unstructured":"Barth, A., Jackson, C.: Protecting Browsers from Frame Hijacking Attacks, \n \n http:\/\/seclab.stanford.edu\/websec\/frames\/navigation\/"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Robust Defenses for Cross-Site Request Forgery. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2008)","DOI":"10.1145\/1455770.1455782"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Securing frame communication in browsers. In: Proceedings of the USENIX Security Symposium, SECURITY (2008)","DOI":"10.1145\/1516046.1516066"},{"key":"2_CR24","unstructured":"Barth, A., Jackson, C., Reis, C.: The Google Chrome Team: The security architecture of the chromium browser, \n \n http:\/\/seclab.stanford.edu\/websec\/chromium\/chromium-security-architecture.pdf"},{"key":"2_CR25","unstructured":"Barth, A., Weinberger, J., Song, D.: Cross-origin javascript capability leaks: detection, exploitation, and defense. In: Proceedings of the USENIX Security Symposium, SECURITY (2009)"},{"key":"2_CR26","unstructured":"Google Mobile Ads Blog: Smartphone user study shows mobile movement under way (2011), \n \n http:\/\/googlemobileads.blogspot.com\/2011\/04\/smartphone-user-study-shows-mobile.html"},{"key":"2_CR27","unstructured":"Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: Detecting Privacy Leaks in iOS Applications. In: Proceedings of the ISOC Networking & Distributed Systems Security (NDSS) Symposium (2011)"},{"key":"2_CR28","unstructured":"Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of the USENIX Symposium on Operating Systems Design and Implementation, OSDI (2010)"},{"key":"2_CR29","unstructured":"Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A Study of Android Application Security. In: Proceedings of the USENIX Security Symposium (2011)"},{"key":"2_CR30","unstructured":"Felt, A.P., Wagner, D.: Phishing on Mobile Devices. In: Proceedings of the IEEE Web 2.0 Security and Privacy Workshop, W2SP (2011)"},{"key":"2_CR31","unstructured":"Grier, C., King, S.T., Wallach, D.S.: How I Learned to Stop Worrying and Love Plugins. In: Web 2.0 Security and Privacy (2009)"},{"key":"2_CR32","doi-asserted-by":"crossref","unstructured":"Grier, C., Tang, S., King, S.T.: Secure Web Browsing with the OP Web Browser. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland (2008)","DOI":"10.1109\/SP.2008.19"},{"key":"2_CR33","unstructured":"Andrews, G.: Has the address bar had its day?, \n \n http:\/\/www.netmagazine.com\/features\/has-address-bar-had-its-day"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Huang, L.S., Weinberg, Z., Evans, C., Jackson, C.: Protecting browsers from cross-origin CSS attacks. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2010)","DOI":"10.1145\/1866307.1866376"},{"key":"2_CR35","unstructured":"Livshits, B., Molnar, D.: Empowering Browser Security for Mobile Devices Using Smart CDNs. In: Proceedings of the Workshop on Web 2.0 Security and Privacy, W2SP (2010)"},{"key":"2_CR36","unstructured":"Luttrell, M.: Majority of users prefer mobile browser over apps (2011), \n \n http:\/\/www.tgdaily.com\/mobility-brief\/55884-majority-of-users-prefer-mobile-browser-over-apps"},{"key":"2_CR37","unstructured":"Niu, Y., Hsu, F., Chen, H.: iPhish: Phishing Vulnerabilities on Consumer Electronics. In: Usability, Psychology, and Security (2008)"},{"key":"2_CR38","unstructured":"Ruderman, J.: Same Origin Policy for JavaScript, \n \n http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html"},{"key":"2_CR39","unstructured":"Rydstedt, G., Bursztein, E., Boneh, D., Jackson, C.: Busting Frame Busting: A Study of Clickjacking Vulnerabilities at Popular Sites. In: Proceedings of the IEEE Web 2.0 Security and Privacy Workshop, W2SP (2010)"},{"key":"2_CR40","unstructured":"Rydstedt, G., Gourdin, B., Bursztein, E., Boneh, D.: Framing Attacks on Smart Phones and Dumb Routers: Tap-jacking and Geo-localization Attacks. In: Proceedings of the USENIX Workshop on Offensive Technology, WOOT (2010)"},{"key":"2_CR41","doi-asserted-by":"crossref","unstructured":"Singh, K., Moshchuk, A., Wang, H.J., Lee, W.: On the Incoherencies in Web Browser Access Control Policies. In: IEEE Symposium on Security and Privacy, Oakland (2010)","DOI":"10.1109\/SP.2010.35"},{"key":"2_CR42","doi-asserted-by":"crossref","unstructured":"Tang, S., Grier, C., Aciicmez, O., King, S.T.: Alhambra: a system for creating, enforcing, and testing browser security policies. In: Proceedings of the International Conference on World Wide Web, WWW (2010)","DOI":"10.1145\/1772690.1772786"},{"key":"2_CR43","unstructured":"Tang, S., Mai, H., King, S.T.: Trust and protection in the Illinois browser operating system. In: Proceedings of the USENIX Conference on Operating Systems Design and Implementation, OSDI (2010)"},{"key":"2_CR44","unstructured":"The Open Mobile Alliance: Wireless Application Protocol (WAP) 1.0 Specification Suite (1998), \n \n http:\/\/www.wapforum.org\/what\/technical_1_0.htm"},{"key":"2_CR45","doi-asserted-by":"crossref","unstructured":"Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., La Porta, T., McDaniel, P.: On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2009)","DOI":"10.1145\/1653662.1653690"},{"key":"2_CR46","doi-asserted-by":"crossref","unstructured":"Wang, H.J., Fan, X., Howell, J., Jackson, C.: Protection and communication abstractions for web browsers in MashupOS. In: Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles (2007)","DOI":"10.1145\/1294261.1294263"},{"key":"2_CR47","unstructured":"Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choudary, P., Venter, H.: The Multi-Principal OS Construction of the Gazelle Web Browser. In: Proceedings of the USENIX Security Symposium, SECURITY (2009)"},{"key":"2_CR48","unstructured":"Zhou, Y., Evans, D.: Why Aren\u2019t HTTP-only Cookies More Widely Deployed? In: Proceedings of the IEEE Web 2.0 Security and Privacy Workshop, W2SP (2010)"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-35130-3_2.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T13:09:48Z","timestamp":1620133788000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-35130-3_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642351297","9783642351303"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-35130-3_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}