{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:05:59Z","timestamp":1763967959634,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,10,27]],"date-time":"2008-10-27T00:00:00Z","timestamp":1225065600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,10,27]]},"DOI":"10.1145\/1455770.1455783","type":"proceedings-article","created":{"date-parts":[[2008,11,6]],"date-time":"2008-11-06T13:49:50Z","timestamp":1225979390000},"page":"89-98","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":37,"title":["SOMA"],"prefix":"10.1145","author":[{"given":"Terri","family":"Oda","sequence":"first","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]},{"given":"Glenn","family":"Wurster","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]},{"given":"P. C.","family":"van Oorschot","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]},{"given":"Anil","family":"Somayaji","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}]}],"member":"320","published-online":{"date-parts":[[2008,10,27]]},"reference":[{"key":"e_1_3_2_1_2_1","volume-title":"Web page (viewed","author":"0","year":"2008","unstructured":"Alexa top 50 0 sites. Web page (viewed 14 Apr 2008 ). http:\/\/www.alexa.com\/site\/ds\/top_sites?ts_mode=global?=none. Alexa top 500 sites. Web page (viewed 14 Apr 2008). http:\/\/www.alexa.com\/site\/ds\/top_sites?ts_mode=global?=none."},{"key":"e_1_3_2_1_3_1","volume-title":"Jan","author":"Auger R.","year":"2007","unstructured":"R. Auger . The cross-site request forgery (CSRF\/XSRF) FAQ. Web page , Jan 2007 . http:\/\/www.cgisecurity.com\/articles\/csrf-faq.shtml. R. Auger. The cross-site request forgery (CSRF\/XSRF) FAQ. Web page, Jan 2007. http:\/\/www.cgisecurity.com\/articles\/csrf-faq.shtml."},{"key":"e_1_3_2_1_4_1","volume-title":"Apr","author":"Berends R.","year":"2001","unstructured":"R. Berends . Bandwidth stealing. Web page , Apr 2001 . http:\/\/www.website-awards.net\/articles\/article39.htm. R. Berends. Bandwidth stealing. Web page, Apr 2001. http:\/\/www.website-awards.net\/articles\/article39.htm."},{"key":"e_1_3_2_1_5_1","volume-title":"Feb","author":"CERT","year":"2000","unstructured":"CERT advisory CA-2000-02 malicious HTML tags embedded in client web requests. Web page , Feb 2000 . http:\/\/www.cert.org\/advisories\/CA-2000-02.html. CERT advisory CA-2000-02 malicious HTML tags embedded in client web requests. Web page, Feb 2000. http:\/\/www.cert.org\/advisories\/CA-2000-02.html."},{"key":"e_1_3_2_1_6_1","volume-title":"Aug","author":"FAQ.","year":"2003","unstructured":"The cross site scripting (XSS) FAQ. Web page , Aug 2003 . http:\/\/www.cgisecurity.com\/articles\/xss-faq.shtml. The cross site scripting (XSS) FAQ. Web page, Aug 2003. http:\/\/www.cgisecurity.com\/articles\/xss-faq.shtml."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.4"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/525080.884266"},{"key":"e_1_3_2_1_9_1","volume-title":"May","author":"DeDeo S.","year":"2006","unstructured":"S. DeDeo . Pagestats extension. Web page , May 2006 . http:\/\/www.cs.wpi.edu\/~cew\/pagestats\/. S. DeDeo. Pagestats extension. Web page, May 2006. http:\/\/www.cs.wpi.edu\/~cew\/pagestats\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352606"},{"key":"e_1_3_2_1_12_1","volume-title":"Proc. 6th USENIX Security Symposium","author":"Goldberg I.","year":"1996","unstructured":"I. Goldberg , D. Wagner , R. Thomas , and E. Brewer . A secure environment for untrusted helper applications (confining the wily hacker) . In Proc. 6th USENIX Security Symposium , 1996 . I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A secure environment for untrusted helper applications (confining the wily hacker). In Proc. 6th USENIX Security Symposium, 1996."},{"key":"e_1_3_2_1_13_1","volume-title":"Blackhat USA","author":"Grossman J.","year":"2006","unstructured":"J. Grossman and T. Niedzialkowski . Hacking intranet websites from the outside --- JavaScript malware just got a lot more dangerous . In Blackhat USA , Aug 2006 . J. Grossman and T. Niedzialkowski. Hacking intranet websites from the outside --- JavaScript malware just got a lot more dangerous. In Blackhat USA, Aug 2006."},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. Workshop on Hot Topics in Operating Systems","author":"Howell J.","year":"2007","unstructured":"J. Howell , C. Jackson , H. Wang , and X. Fan . MashupOS: Operating system abstractions for client mashups . In Proc. Workshop on Hot Topics in Operating Systems , May 2007 . J. Howell, C. Jackson, H. Wang, and X. Fan. MashupOS: Operating system abstractions for client mashups. In Proc. Workshop on Hot Topics in Operating Systems, May 2007."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315298"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242655"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/GRID.2004.32"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141357"},{"key":"e_1_3_2_1_20_1","volume-title":"Are you invading your customers' privacy? Web page (viewed","author":"Kyrnin J.","year":"2008","unstructured":"J. Kyrnin . Are you invading your customers' privacy? Web page (viewed 14 Apr 2008 ). http:\/\/webdesign.about.com\/od\/privacy\/a\/aa112601a.htm. J. Kyrnin. Are you invading your customers' privacy? Web page (viewed 14 Apr 2008). http:\/\/webdesign.about.com\/od\/privacy\/a\/aa112601a.htm."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180434"},{"key":"e_1_3_2_1_22_1","unstructured":"G. Maone. NoScript -- JavaScript\/Java\/Flash blocker for a safer Firefox experience! Web page (viewed 14 Apr 2008). http:\/\/noscript.net\/.  G. Maone. NoScript -- JavaScript\/Java\/Flash blocker for a safer Firefox experience! Web page (viewed 14 Apr 2008). http:\/\/noscript.net\/."},{"volume-title":"Mitigating cross-site scripting with HTTP-only cookies. Web page (viewed","year":"2008","key":"e_1_3_2_1_23_1","unstructured":"Microsoft. Mitigating cross-site scripting with HTTP-only cookies. Web page (viewed 18 Jul 2008 ). http:\/\/msdn.microsoft.com\/en-us\/library\/ms533046.aspx. Microsoft. Mitigating cross-site scripting with HTTP-only cookies. Web page (viewed 18 Jul 2008). http:\/\/msdn.microsoft.com\/en-us\/library\/ms533046.aspx."},{"key":"e_1_3_2_1_24_1","volume-title":"Jan","author":"Miglio A. D.","year":"2008","unstructured":"A. D. Miglio . \"Referer\" field used in the battle against online fraud. Web page , Jan 2008 . http:\/\/www.symantec.com\/enterprise\/security_response\/weblog\/2008\/01\/referer_field_used_in_the_batt.html. A. D. Miglio. \"Referer\" field used in the battle against online fraud. Web page, Jan 2008. http:\/\/www.symantec.com\/enterprise\/security_response\/weblog\/2008\/01\/referer_field_used_in_the_batt.html."},{"key":"e_1_3_2_1_26_1","volume-title":"Proc. 17th USENIX Security Symposium","author":"Provos N.","year":"2008","unstructured":"N. Provos , P. Mavrommatis , M. A. Rajab , and F. Monrose . All your iframes point to us . In Proc. 17th USENIX Security Symposium , Aug 2008 . N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iframes point to us. In Proc. 17th USENIX Security Symposium, Aug 2008."},{"key":"e_1_3_2_1_27_1","volume-title":"Proc. HotBots '07","author":"Provos N.","year":"2007","unstructured":"N. Provos , D. McNamee , P. Mavrommatis , K. Wang , and N. Modadugu . The ghost in the browser: Analysis of web-based malware . In Proc. HotBots '07 , 2007 . N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser: Analysis of web-based malware. In Proc. HotBots '07, 2007."},{"key":"e_1_3_2_1_28_1","volume-title":"Ars Technica","author":"Reimer J.","year":"2007","unstructured":"J. Reimer . Microsoft apologizes for serving malware . Ars Technica , Feb 2007 . J. Reimer. Microsoft apologizes for serving malware. Ars Technica, Feb 2007."},{"key":"e_1_3_2_1_29_1","volume-title":"Proc. IEEE Symposium on Security and Privacy","author":"Reis C.","year":"2006","unstructured":"C. Reis , J. Dunagan , H. J. Wang , O. Dubrovsky , and S. Esmeir . BrowserShield: Vulnerability-driven filtering of dynamic HTML . In Proc. IEEE Symposium on Security and Privacy , May 2006 . C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. BrowserShield: Vulnerability-driven filtering of dynamic HTML. In Proc. IEEE Symposium on Security and Privacy, May 2006."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/4236.735984"},{"key":"e_1_3_2_1_31_1","volume-title":"Aug","author":"Ruderman J.","year":"2001","unstructured":"J. Ruderman . The same origin policy. Web page , Aug 2001 . http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html. J. Ruderman. The same origin policy. Web page, Aug 2001. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html."},{"key":"e_1_3_2_1_32_1","volume-title":"Wired","author":"Schiffman B.","year":"2007","unstructured":"B. Schiffman . Rogue anti-virus slimeballs hide malware in ads . Wired , Nov 2007 . B. Schiffman. Rogue anti-virus slimeballs hide malware in ads. Wired, Nov 2007."},{"key":"e_1_3_2_1_33_1","volume-title":"Feb","author":"Schuh J.","year":"2007","unstructured":"J. Schuh . Same-origin policy part 2: Server-provided policies? Web page , Feb 2007 . http:\/\/taossa.com\/index.php\/2007\/02\/17\/same-origin-proposal\/. J. Schuh. Same-origin policy part 2: Server-provided policies? Web page, Feb 2007. http:\/\/taossa.com\/index.php\/2007\/02\/17\/same-origin-proposal\/."},{"key":"e_1_3_2_1_34_1","volume-title":"Apr","author":"Scott T.","year":"2004","unstructured":"T. Scott . Smarter image hotlinking prevention. A List Apart , Apr 2004 . T. Scott. Smarter image hotlinking prevention. A List Apart, Apr 2004."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/508171.508175"},{"key":"e_1_3_2_1_36_1","volume-title":"Web Page","author":"Sterne B.","year":"2008","unstructured":"B. Sterne . Site security policy draft (version 0.2) . Web Page , Jul 2008 . http:\/\/people.mozilla.org\/~bsterne\/site-security--policy\/details.html. B. Sterne. Site security policy draft (version 0.2). Web Page, Jul 2008. http:\/\/people.mozilla.org\/~bsterne\/site-security--policy\/details.html."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1006\/ijhc.1997.0125"},{"key":"e_1_3_2_1_38_1","volume-title":"Proc. 14th NDSS Symposium","author":"Vogt P.","year":"2007","unstructured":"P. Vogt , F. Nentwich , N. Jovanovic , C. Kruegel , E. Kirda , and G. Vigna . Cross site scripting prevention with dynamic data tainting and static analysis . In Proc. 14th NDSS Symposium , Feb 2007 . P. Vogt, F. Nentwich, N. Jovanovic, C. Kruegel, E. Kirda, and G. Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In Proc. 14th NDSS Symposium, Feb 2007."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/173668.168635"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294263"},{"volume-title":"Enable sending referrers. Web page (viewed","year":"2008","key":"e_1_3_2_1_41_1","unstructured":"WordPress.org. Enable sending referrers. Web page (viewed 14 Apr 2008 ). http:\/\/codex.wordpress.org\/Enable_Sending_Referrers. WordPress.org. Enable sending referrers. Web page (viewed 14 Apr 2008). http:\/\/codex.wordpress.org\/Enable_Sending_Referrers."}],"event":{"name":"CCS08: 15th ACM Conference on Computer and Communications Security 2008","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"],"location":"Alexandria Virginia USA","acronym":"CCS08"},"container-title":["Proceedings of the 15th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455770.1455783","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1455770.1455783","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:14Z","timestamp":1750287254000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455770.1455783"}},"subtitle":["mutual approval for included content in web pages"],"short-title":[],"issued":{"date-parts":[[2008,10,27]]},"references-count":39,"alternative-id":["10.1145\/1455770.1455783","10.1145\/1455770"],"URL":"https:\/\/doi.org\/10.1145\/1455770.1455783","relation":{},"subject":[],"published":{"date-parts":[[2008,10,27]]},"assertion":[{"value":"2008-10-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}