{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T12:25:30Z","timestamp":1768479930985,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,3]],"date-time":"2014-11-03T00:00:00Z","timestamp":1414972800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N000140911081"],"award-info":[{"award-number":["N000140911081"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-1314857"],"award-info":[{"award-number":["CNS-1314857"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["831501"],"award-info":[{"award-number":["831501"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1239166"],"award-info":[{"award-number":["1239166"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006785","name":"Google","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006785","id-type":"DOI","asserted-by":"publisher"}]},{"name":"ISTC for Secure Computing"},{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-09-1-0539"],"award-info":[{"award-number":["FA9550-09-1-0539"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000879","name":"Alfred P. Sloan Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000879","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,3]]},"DOI":"10.1145\/2660267.2660326","type":"proceedings-article","created":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T13:40:05Z","timestamp":1415713205000},"page":"1028-1039","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":64,"title":["ShadowCrypt"],"prefix":"10.1145","author":[{"given":"Warren","family":"He","sequence":"first","affiliation":[{"name":"UC Berkeley, Berkeley, CA, USA"}]},{"given":"Devdatta","family":"Akhawe","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, CA, USA"}]},{"given":"Sumeet","family":"Jain","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, CA, USA"}]},{"given":"Elaine","family":"Shi","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2014,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"6WUNDERKINDER. Let's talk comments for wunderlist and our 5+ million users. http:\/\/goo.gl\/PcjOR6.  6WUNDERKINDER. Let's talk comments for wunderlist and our 5+ million users. http:\/\/goo.gl\/PcjOR6."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1281881.1281890"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of Web 2.0 Security & Privacy Workshop","author":"AGARWAL N.","year":"2007","unstructured":"AGARWAL , N. , RENFRO , S. , AND BEJAR , A. Yahoo!'s sign-in seal and current anti-phishing solutions . In Proceedings of Web 2.0 Security & Privacy Workshop ( 2007 ). AGARWAL, N., RENFRO, S., AND BEJAR, A. Yahoo!'s sign-in seal and current anti-phishing solutions. In Proceedings of Web 2.0 Security & Privacy Workshop (2007)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-05445-7_19"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.11"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1987260.1987281"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_20"},{"key":"e_1_3_2_1_8_1","unstructured":"CHEN A. Gcreep: Google engineer stalked teens spied on chats. http:\/\/gawker.com\/5637234\/.  CHEN A. Gcreep: Google engineer stalked teens spied on chats. http:\/\/gawker.com\/5637234\/."},{"key":"e_1_3_2_1_9_1","volume-title":"Private use of untrusted web servers via opportunistic encryption. W2SP 2008: Web 2.0 Security and Privacy 2008","author":"CHRISTODORESCU M.","year":"2008","unstructured":"CHRISTODORESCU , M. Private use of untrusted web servers via opportunistic encryption. W2SP 2008: Web 2.0 Security and Privacy 2008 ( 2008 ). CHRISTODORESCU, M. Private use of untrusted web servers via opportunistic encryption. W2SP 2008: Web 2.0 Security and Privacy 2008 (2008)."},{"key":"e_1_3_2_1_10_1","volume-title":"Feb.","author":"CONSTANTIN L.","year":"2013","unstructured":"CONSTANTIN , L. Mega: Bug bounty programme resulted in seven vulnerabilities fixed so far , Feb. 2013 . http:\/\/www. computerworld.co.nz\/article\/488585\/. CONSTANTIN, L. Mega: Bug bounty programme resulted in seven vulnerabilities fixed so far, Feb. 2013. http:\/\/www. computerworld.co.nz\/article\/488585\/."},{"key":"e_1_3_2_1_11_1","unstructured":"CONSTINE J. Twitter and linkedin manage tasks with asana new api means robots can too. http:\/\/goo.gl\/M8monn.  CONSTINE J. Twitter and linkedin manage tasks with asana new api means robots can too. http:\/\/goo.gl\/M8monn."},{"key":"e_1_3_2_1_12_1","volume-title":"Aug.","year":"2012","unstructured":"Cryptocat blog : Xss vulnerability discovered and fixed , Aug. 2012 . http:\/\/goo.gl\/Nq7tVk. Cryptocat blog: Xss vulnerability discovered and fixed, Aug. 2012. http:\/\/goo.gl\/Nq7tVk."},{"key":"e_1_3_2_1_13_1","unstructured":"Dromaeo: Javascript performance testing. http:\/\/dromaeo.com\/.  Dromaeo: Javascript performance testing. http:\/\/dromaeo.com\/."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2012.112"},{"key":"e_1_3_2_1_15_1","unstructured":"GALLAGHER J. Thanks a million! http:\/\/blog.trello.com\/thanks-a-million\/.  GALLAGHER J. Thanks a million! http:\/\/blog.trello.com\/thanks-a-million\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1536414.1536440"},{"key":"e_1_3_2_1_17_1","first-page":"47","volume-title":"10th Symposium on Operating Systems Design and Implementation (OSDI)","author":"GIFFIN D. B.","year":"2012","unstructured":"GIFFIN , D. B. , LEVY , A. , STEFAN , D. , TEREI , D. , MAZIERES , D. , MITCHELL , J. , AND RUSSO , A. Hails : Protecting data privacy in untrusted web applications . In 10th Symposium on Operating Systems Design and Implementation (OSDI) ( 2012 ), pp. 47 -- 60 . GIFFIN, D. B., LEVY, A., STEFAN, D., TEREI, D., MAZIERES, D., MITCHELL, J., AND RUSSO, A. Hails: Protecting data privacy in untrusted web applications. In 10th Symposium on Operating Systems Design and Implementation (OSDI) (2012), pp. 47--60."},{"key":"e_1_3_2_1_18_1","unstructured":"GLAZKOV D. {shadow}: Consider isolation. https:\/\/www.w3.org\/Bugs\/Public\/show_bug.cgi?id=16509.  GLAZKOV D. {shadow}: Consider isolation. https:\/\/www.w3.org\/Bugs\/Public\/show_bug.cgi?id=16509."},{"key":"e_1_3_2_1_19_1","unstructured":"GLAZKOV D. Shadow dom. http:\/\/goo.gl\/G4j3L4.  GLAZKOV D. Shadow dom. http:\/\/goo.gl\/G4j3L4."},{"key":"e_1_3_2_1_20_1","unstructured":"GOEL V. AND WYATT E. Facebook privacy change is subject of f.t.c. inquiry. http:\/\/nyti.ms\/19IWMV8.  GOEL V. AND WYATT E. Facebook privacy change is subject of f.t.c. inquiry. http:\/\/nyti.ms\/19IWMV8."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/233551.233553"},{"key":"e_1_3_2_1_22_1","unstructured":"GOOGLE. Content scripts. http:\/\/goo.gl\/G2r47g.  GOOGLE. Content scripts. http:\/\/goo.gl\/G2r47g."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382251"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382276"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium","author":"HUANG L.-S.","year":"2012","unstructured":"HUANG , L.-S. , MOSHCHUK , A. , WANG , H. J. , SCHECHTER , S. , AND JACKSON , C. Clickjacking : Attacks and defenses . In Proceedings of the 21st USENIX Conference on Security Symposium ( Berkeley, CA, USA , 2012 ), Security'12, USENIX Association, pp. 22--22. HUANG, L.-S., MOSHCHUK, A., WANG, H. J., SCHECHTER, S., AND JACKSON, C. Clickjacking: Attacks and defenses. In Proceedings of the 21st USENIX Conference on Security Symposium (Berkeley, CA, USA, 2012), Security'12, USENIX Association, pp. 22--22."},{"key":"e_1_3_2_1_26_1","unstructured":"JAIN A. AND TIKIR M. Is the web getting faster? http:\/\/goo.gl\/kFXL7r.  JAIN A. AND TIKIR M. Is the web getting faster? http:\/\/goo.gl\/kFXL7r."},{"key":"e_1_3_2_1_27_1","unstructured":"KEYBASE. Keybase. https:\/\/keybase.io\/.  KEYBASE. Keybase. https:\/\/keybase.io\/."},{"key":"e_1_3_2_1_28_1","unstructured":"KURT OPSAHL. Facebook's eroding privacy policy: A timeline. http:\/\/goo.gl\/BkRknm.  KURT OPSAHL. Facebook's eroding privacy policy: A timeline. http:\/\/goo.gl\/BkRknm."},{"key":"e_1_3_2_1_29_1","volume-title":"Feb.","year":"2011","unstructured":"Lastpass blog : Cross site scripting vulnerability reported, fixed , Feb. 2011 . http:\/\/goo.gl\/4MDNjU. Lastpass blog: Cross site scripting vulnerability reported, fixed, Feb. 2011. http:\/\/goo.gl\/4MDNjU."},{"key":"e_1_3_2_1_30_1","volume-title":"EUROCRYPT","author":"LU S.","year":"2013","unstructured":"LU , S. , AND OSTROVSKY , R. How to garble ram programs . In EUROCRYPT ( 2013 ). LU, S., AND OSTROVSKY, R. How to garble ram programs. In EUROCRYPT (2013)."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 13th USENIX Conference on Hot Topics in Operating Systems","author":"MANIATIS P.","year":"2011","unstructured":"MANIATIS , P. , AKHAWE , D. , FALL , K. , SHI , E. , MCCAMANT , S. , AND SONG , D. Do you know where your data are?: Secure data capsules for deployable data protection . In Proceedings of the 13th USENIX Conference on Hot Topics in Operating Systems ( Berkeley, CA, USA , 2011 ), HotOS'13, USENIX Association, pp. 22--22. MANIATIS, P., AKHAWE, D., FALL, K., SHI, E., MCCAMANT, S., AND SONG, D. Do you know where your data are?: Secure data capsules for deployable data protection. In Proceedings of the 13th USENIX Conference on Hot Topics in Operating Systems (Berkeley, CA, USA, 2011), HotOS'13, USENIX Association, pp. 22--22."},{"key":"e_1_3_2_1_32_1","unstructured":"MAONE G. HUANG D. L.-S. GONDROM T. AND HILL B. User interface security directives for content security policy. http:\/\/www.w3.org\/TR\/UISecurity\/.  MAONE G. HUANG D. L.-S. GONDROM T. AND HILL B. User interface security directives for content security policy. http:\/\/www.w3.org\/TR\/UISecurity\/."},{"key":"e_1_3_2_1_33_1","unstructured":"MCGREGOR S. Zerobin. http:\/\/goo.gl\/blY1zx.  MCGREGOR S. Zerobin. http:\/\/goo.gl\/blY1zx."},{"key":"e_1_3_2_1_34_1","unstructured":"MEENAN P. Webpagetest - website performance and optimization test. http:\/\/www.webpagetest.org\/.  MEENAN P. Webpagetest - website performance and optimization test. http:\/\/www.webpagetest.org\/."},{"key":"e_1_3_2_1_35_1","unstructured":"MOZILLA DEVELOPER NETWORK AND INDIVIDUAL CONTRIBUTORS. Xpconnect wrappers. http:\/\/goo.gl\/8eZzQ8.  MOZILLA DEVELOPER NETWORK AND INDIVIDUAL CONTRIBUTORS. Xpconnect wrappers. http:\/\/goo.gl\/8eZzQ8."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.32"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043566"},{"key":"e_1_3_2_1_38_1","volume-title":"Securing web applications by blindfolding the server. NDSI","author":"POPA R. A.","year":"2014","unstructured":"POPA , R. A. , STARK , E. , VALDEZ , S. , HELFER , J. , ZELDOVICH , N. , AND BALAKRISHNAN , H. Securing web applications by blindfolding the server. NDSI ( 2014 ). POPA, R. A., STARK, E., VALDEZ, S., HELFER, J.,ZELDOVICH, N., AND BALAKRISHNAN, H. Securing web applications by blindfolding the server. NDSI (2014)."},{"key":"e_1_3_2_1_39_1","unstructured":"PRIVLY. Privly. http:\/\/priv.ly\/.  PRIVLY. Privly. http:\/\/priv.ly\/."},{"key":"e_1_3_2_1_40_1","unstructured":"RECURITY LABS GMBH. Openpgp.js. http:\/\/openpgpjs.org\/.  RECURITY LABS GMBH. Openpgp.js. http:\/\/openpgpjs.org\/."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.24"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/11426639_27"},{"key":"e_1_3_2_1_43_1","unstructured":"Shadowcrypt code release. http:\/\/shadowcrypt-release.weebly.com\/.  Shadowcrypt code release. http:\/\/shadowcrypt-release.weebly.com\/."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/882494.884426"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.42"},{"key":"e_1_3_2_1_46_1","unstructured":"STONE P. Pixel perfect timing attacks with html5.  STONE P. Pixel perfect timing attacks with html5."},{"key":"e_1_3_2_1_47_1","unstructured":"THE CHROMIUM AUTHORS. Design plans for out-of-processiframes. http:\/\/goo.gl\/VqR4sv.  THE CHROMIUM AUTHORS. Design plans for out-of-processiframes. http:\/\/goo.gl\/VqR4sv."},{"key":"e_1_3_2_1_48_1","unstructured":"Virtru. http:\/\/www.virtru.com.  Virtru. http:\/\/www.virtru.com."},{"key":"e_1_3_2_1_49_1","unstructured":"WIKIPEDIA. Global surveillance disclosures (2013-present). http:\/\/goo.gl\/3YWjY9.  WIKIPEDIA. Global surveillance disclosures (2013-present). http:\/\/goo.gl\/3YWjY9."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103621.2103669"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1986.25"},{"key":"e_1_3_2_1_52_1","unstructured":"ZALEWSKI M. Postcards from the post-xss world. http:\/\/lcamtuf.coredump.cx\/postxss\/.  ZALEWSKI M. Postcards from the post-xss world. http:\/\/lcamtuf.coredump.cx\/postxss\/."}],"event":{"name":"CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security","location":"Scottsdale Arizona USA","acronym":"CCS'14","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660326","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2660267.2660326","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:56:10Z","timestamp":1750229770000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660326"}},"subtitle":["Encrypted Web Applications for Everyone"],"short-title":[],"issued":{"date-parts":[[2014,11,3]]},"references-count":52,"alternative-id":["10.1145\/2660267.2660326","10.1145\/2660267"],"URL":"https:\/\/doi.org\/10.1145\/2660267.2660326","relation":{},"subject":[],"published":{"date-parts":[[2014,11,3]]},"assertion":[{"value":"2014-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}