{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T00:02:57Z","timestamp":1725753777155},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642412837"},{"type":"electronic","value":"9783642412844"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41284-4_14","type":"book-chapter","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T13:35:11Z","timestamp":1382448911000},"page":"265-285","source":"Crossref","is-referenced-by-count":3,"title":["Tamper-Resistant LikeJacking Protection"],"prefix":"10.1007","author":[{"given":"Martin","family":"Johns","sequence":"first","affiliation":[]},{"given":"Sebastian","family":"Lekies","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"14_CR1","doi-asserted-by":"crossref","unstructured":"Balduzzi, M., Egele, M., Kirda, E., Balzarotti, D., Kruegel, C.: A solution for the automated detection of clickjacking attacks. In: AsiaCCS (2010)","DOI":"10.1145\/1755688.1755706"},{"key":"14_CR2","unstructured":"Barnett, R.: Detecting Successful XSS Testing with JS Overrides. Blog post, Trustwave SpiderLabs (November 2012), \n                    \n                      http:\/\/blog.spiderlabs.com\/2012\/11\/detecting-successful-xss-testing-with-js-overrides.html\n                    \n                    \n                   (last accessed April 7, 2013)"},{"key":"14_CR3","doi-asserted-by":"crossref","unstructured":"Barth, A., Jackson, C., Mitchell, J.C.: Robust Defenses for Cross-Site Request Forgery. In: CCS 2009 (2009)","DOI":"10.1145\/1455770.1455782"},{"key":"14_CR4","unstructured":"Bordi, E.: Proof of concept - cursorjacking (noscript), \n                    \n                      http:\/\/static.vulnerability.fr\/noscript-cursorjacking.html"},{"key":"14_CR5","unstructured":"Crockford, D.: Private Members in JavaScript (2001), \n                    \n                      http:\/\/www.crockford.com\/javascript\/private.html\n                    \n                    \n                   (Janauary 11, 2006)"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Grier, C., Tang, S., King, S.T.: Secure Web Browsing with the OP Web Browser. In: IEEE Symposium on Security and Privacy (2008)","DOI":"10.1109\/SP.2008.19"},{"key":"14_CR7","unstructured":"Hansen, R., Grossman, J.: Clickjacking (August 2008), \n                    \n                      http:\/\/www.sectheory.com\/clickjacking.htm"},{"key":"14_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-642-23644-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"M. Heiderich","year":"2011","unstructured":"Heiderich, M., Frosch, T., Holz, T.: IceShield: Detection and mitigation of malicious websites with a frozen DOM. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol.\u00a06961, pp. 281\u2013300. Springer, Heidelberg (2011)"},{"key":"14_CR9","unstructured":"Hill, B.: Adaptive user interface randomization as an anti-clickjacking strategy (May 2012)"},{"key":"14_CR10","unstructured":"Hill, B.: Anti-clickjacking protected interactive elements (January 2012)"},{"key":"14_CR11","unstructured":"Huang, L.-S., Jackson, C.: Clickjacking attacks unresolved. White paper, CyLab (July 2011)"},{"key":"14_CR12","unstructured":"Huang, L.-S., Moshchuk, A., Wang, H.J., Schechter, S., Jackson, C.: Clickjacking: attacks and defenses. In: USENIX Security (2012)"},{"key":"14_CR13","unstructured":"Ioannidis, S., Bellovin, S.M.: Building a secure web browser. In: USENIX Technical Conference (2001)"},{"key":"14_CR14","unstructured":"Johns, M., Winter, J.: RequestRodeo: Client Side Protection against Session Riding. In: OWASP Europe 2006, refereed papers track (May 2006)"},{"key":"14_CR15","unstructured":"Kotowicz, K.: Cursorjacking again (January 2012), \n                    \n                      http:\/\/blog.kotowicz.net\/2012\/01\/cursorjacking-again.html"},{"key":"14_CR16","unstructured":"Lekies, S., Heiderich, M., Appelt, D., Holz, T., Johns, M.: On the fragility and limitations of current browser-provided clickjacking protection schemes. In: WOOT 2012 (2012)"},{"key":"14_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-3-642-27937-9_17","volume-title":"Information Security Technology for Applications","author":"J. Magazinius","year":"2012","unstructured":"Magazinius, J., Phung, P.H., Sands, D.: Safe wrappers and sane policies for self protecting javaScript. In: Aura, T., J\u00e4rvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol.\u00a07127, pp. 239\u2013255. Springer, Heidelberg (2012)"},{"key":"14_CR18","unstructured":"Maone, G.: Noscript clearclick (January 2012), \n                    \n                      http:\/\/noscript.net\/faq#clearclick"},{"key":"14_CR19","unstructured":"Maone, G., Huang, D.L.-S., Gondrom, T., Hill, B.: User Interface Safety Directives for Content Security Policy. W3C Working Draft\u00a020 (November 2012), \n                    \n                      http:\/\/www.w3.org\/TR\/UISafety\/"},{"key":"14_CR20","unstructured":"Microsoft. IE8 Security Part VII: ClickJacking Defenses (2009)"},{"key":"14_CR21","unstructured":"Mustaca, S.: Old Facebook likejacking scam in use again, Avira Security Blog (February 2013), \n                    \n                      http:\/\/techblog.avira.com\/2013\/02\/11\/old-facebook-likejacking-scam-in-use-again-shocking-at-14-she-did-that-in-the-public-school\/en\/"},{"key":"14_CR22","unstructured":"Mozilla\u00a0Developer Network. delete (February 2013), \n                    \n                      https:\/\/developer.mozilla.org\/en-US\/docs\/JavaScript\/Reference\/Operators\/delete"},{"key":"14_CR23","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Van Acker, S., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions. In: CCS 2012 (2012)","DOI":"10.1145\/2382196.2382274"},{"key":"14_CR24","doi-asserted-by":"crossref","unstructured":"Phung, P.H., Sands, D., Chudnov, A.: Lightweight self-protecting javascript. In: ASIACCS 2009 (2009)","DOI":"10.1145\/1533057.1533067"},{"key":"14_CR25","unstructured":"Ruderman, J.: Bug 154957 - iframe content background defaults to transparent (June 2002), \n                    \n                      https:\/\/bugzilla.mozilla.org\/showbug.cgi?id=154957"},{"key":"14_CR26","unstructured":"Rydstedt, G., Bursztein, E., Boneh, D., Jackson, C.: Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In: IEEE Oakland Web 2.0 Security and Privacy, W2SP 2010 (2010)"},{"key":"14_CR27","unstructured":"Shepherd, E.: window.postmessage (October 2011), \n                    \n                      https:\/\/developer.mozilla.org\/en\/DOM\/window.postMessage"},{"key":"14_CR28","unstructured":"SophosLabs. Clickjacking (May 2010), \n                    \n                      http:\/\/nakedsecurity.sophos.com\/2010\/05\/31\/facebook-likejacking-worm\/\n                    \n                    \n                   (last accessed July 4, 2013)"},{"key":"14_CR29","unstructured":"Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choud-hury, P., Venter, H.: The Multi-Principal OS Construction of the Gazelle Web Browser. In: USENIX Security Symposium (2009)"},{"key":"14_CR30","unstructured":"Wisniewski, C.: Facebook adds speed bump to slow down likejackers (March 2011)"},{"key":"14_CR31","unstructured":"Zalewski, M.: X-frame-options is worth less than you think. Website (December 2011), \n                    \n                      http:\/\/lcamtuf.coredump.cx\/clickit\/"},{"key":"14_CR32","unstructured":"Zaytsev, J.: Understanding delete (January 2010), \n                    \n                      http:\/\/perfectionkills.com\/understanding-delete\/"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41284-4_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,23]],"date-time":"2019-05-23T18:39:17Z","timestamp":1558636757000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41284-4_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642412837","9783642412844"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41284-4_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}