{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T21:01:16Z","timestamp":1751662876886,"version":"3.28.0"},"reference-count":37,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/spw54247.2022.9833889","type":"proceedings-article","created":{"date-parts":[[2022,7,25]],"date-time":"2022-07-25T16:14:47Z","timestamp":1658765687000},"page":"152-167","source":"Crossref","is-referenced-by-count":3,"title":["Research Report: Strengthening Weak Links in the PDF Trust Chain"],"prefix":"10.1109","author":[{"given":"Mark","family":"Tullsen","sequence":"first","affiliation":[{"name":"Galois, Inc."}]},{"given":"William","family":"Harris","sequence":"additional","affiliation":[{"name":"Galois, Inc."}]},{"given":"Peter","family":"Wyatt","sequence":"additional","affiliation":[{"name":"PDF Association"}]}],"member":"263","reference":[{"journal-title":"The Arlington PDF Model","year":"2021","author":"wyatt","key":"ref33"},{"journal-title":"Xrefstm key (table 19) description is confusing \/ wrong","year":"2022","key":"ref32"},{"journal-title":"Table 15 trailer size entry definition is described inaccurately\/ambiguously","year":"2022","key":"ref31"},{"journal-title":"The semantics for use of table 16 objstm\/extends key are unclear \/ insufficient","year":"2022","key":"ref30"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00144"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3409002"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420987"},{"key":"ref34","article-title":"Breaking the Specification: PDF Certification","volume":"17","author":"rohlmann","year":"2021","journal-title":"IEEE Security & Privacy"},{"journal-title":"Specification ICC 2 2019 (Profile version 5 0 0 -iccMAX) Image technology color management - Exten-sions to architecture profile format and data structure","year":"2019","key":"ref10"},{"journal-title":"2010 Image technology colour management - Architecture profile format and data structure - Part 1 Based on ICC 1 2010 December 2010 Identical to ICC 1 2010 (Profile version 4 3 0 0) published by ICC Japanese document X9207 is a translation of ISO 15076-1 2010","year":"0","key":"ref11"},{"volume":"2","journal-title":"ISO 32000-2 2020 Document management - Portable Document Format - Part 2 PDF 2 0","year":"2020","key":"ref12"},{"journal-title":"Investigating PDF shadow attacks In-depth PDF security using iText (part 3)","year":"2022","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/CISIS.2016.45"},{"journal-title":"Haskell 98 Language and Libraries The Revised Report","year":"2003","author":"peyton jones","key":"ref15"},{"key":"ref16","first-page":"1","article-title":"Parsec: A practical parser library","volume":"41","author":"leijen","year":"2001","journal-title":"Electronic Notes in Theoretical Computer Science"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2014.92"},{"key":"ref18","first-page":"17","article-title":"Shadow Attacks: Hiding and Replacing Con-tent in Signed PDFs","author":"mainka","year":"2021","journal-title":"Network and Distributed Systems Security (NDSS) Symposium 2021"},{"key":"ref19","article-title":"Holistic Approach to PDF Malware Detection Using Signal and Statistical Analysis","author":"mohammed","year":"2021","journal-title":"Technical Report"},{"journal-title":"Mandated indirect reference requirements not followed and not enforced - are they really requirements?","year":"2021","key":"ref28"},{"journal-title":"Curing the vulnerable parser","year":"2017","author":"bratus","key":"ref4"},{"journal-title":"Hybrid-reference pdfs should be deprecated","year":"2021","key":"ref27"},{"journal-title":"CVE-2022-25641","year":"2022","key":"ref3"},{"journal-title":"CVE-2022-25641","year":"2022","key":"ref6"},{"journal-title":"Clarification on xref sub-section line syntax (clause 7 5 4)","year":"2022","key":"ref29"},{"journal-title":"CVE-2020-9842","year":"2022","key":"ref5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2016.39"},{"key":"ref7","first-page":"142","article-title":"a byte oriented, streaming, zero copy, parser combinators library in rust","author":"nom","year":"2015","journal-title":"2015 IEEE Security and Privacy Workshops"},{"key":"ref2","first-page":"64","article-title":"Analysis of machine learning techniques for detecting malicious PDF files using WEKA","volume":"24","author":"mangle","year":"2021","journal-title":"Journal of Business Economics and Technology - Spring 2021"},{"journal-title":"Galoisinc \/ daedalus","year":"2022","key":"ref9"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/WIFS53200.2021.9648374"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3339812"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354214"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SPW50608.2020.00064"},{"journal-title":"NDSS Symposium","article-title":"NDSS 2021 Shadow Attacks: Hiding and Replacing Content in Signed PDFs","year":"2021","key":"ref24"},{"key":"ref23","first-page":"16","article-title":"Vladislav Mladenov, and Jörg Schwenk. Processing Dangerous Paths","author":"m\u00fcller","year":"2021","journal-title":"Network and Distributed Systems Security (NDSS) Symposium 2021"},{"journal-title":"Clarification on signature field lock dictionary permissions and dss\/dts incremental updates","year":"2021","key":"ref26"},{"journal-title":"Add explicit file format requirements for incremental updates on signed files?","year":"2021","key":"ref25"}],"event":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","start":{"date-parts":[[2022,5,22]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Security and Privacy Workshops (SPW)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833855\/9833856\/09833889.pdf?arnumber=9833889","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,2]],"date-time":"2023-05-02T15:19:27Z","timestamp":1683040767000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833889\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":37,"URL":"https:\/\/doi.org\/10.1109\/spw54247.2022.9833889","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}