{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T06:05:10Z","timestamp":1770357910219,"version":"3.49.0"},"publisher-location":"Republic and Canton of Geneva, Switzerland","reference-count":56,"publisher":"International World Wide Web Conferences Steering Committee","license":[{"start":{"date-parts":[[2015,5,18]],"date-time":"2015-05-18T00:00:00Z","timestamp":1431907200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,5,18]]},"DOI":"10.1145\/2736277.2741089","type":"proceedings-article","created":{"date-parts":[[2016,2,5]],"date-time":"2016-02-05T20:37:12Z","timestamp":1454704632000},"page":"227-237","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Network-based Origin Confusion Attacks against HTTPS Virtual Hosting"],"prefix":"10.1145","author":[{"given":"Antoine","family":"Delignat-Lavaud","sequence":"first","affiliation":[{"name":"Inria Paris-Rocquencourt, Paris, France"}]},{"given":"Karthikeyan","family":"Bhargavan","sequence":"additional","affiliation":[{"name":"Inria Paris-Rocquencourt, Paris, France"}]}],"member":"320","published-online":{"date-parts":[[2015,5,18]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.161"},{"key":"e_1_3_2_1_2_1","first-page":"5246","article-title":"The Transport Layer Security Protocol Version 1.2","author":"Dierks T.","year":"2008","unstructured":"T. Dierks and E. Rescorla , \" The Transport Layer Security Protocol Version 1.2 ,\" RFC 5246 , 2008 . T. Dierks and E. Rescorla, \"The Transport Layer Security Protocol Version 1.2,\" RFC 5246, 2008.","journal-title":"RFC"},{"key":"e_1_3_2_1_3_1","first-page":"2818","article-title":"HTTP over TLS","author":"Rescorla E.","year":"2000","unstructured":"E. Rescorla , \" HTTP over TLS ,\" RFC 2818 , 2000 . E. Rescorla, \"HTTP over TLS,\" RFC 2818, 2000.","journal-title":"RFC"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25385-0_20"},{"key":"e_1_3_2_1_5_1","volume-title":"On the security of the TLS protocol: a systematic analysis,\" in CRYPTO","author":"Krawczyk H.","year":"2013","unstructured":"H. Krawczyk , K. G. Paterson , and H. Wee , \" On the security of the TLS protocol: a systematic analysis,\" in CRYPTO , 2013 . H. Krawczyk, K. G. Paterson, and H. Wee, \"On the security of the TLS protocol: a systematic analysis,\" in CRYPTO, 2013."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.37"},{"key":"e_1_3_2_1_7_1","first-page":"3546","article-title":"Transport Layer Security (TLS) Extensions","author":"Blake-Wilson S.","year":"2003","unstructured":"S. Blake-Wilson , M. Nystrom , D. Hopwood , J. Mikkelsen , and T. Wright , \" Transport Layer Security (TLS) Extensions ,\" IETF RFC 3546 , 2003 . S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, and T. Wright, \"Transport Layer Security (TLS) Extensions,\" IETF RFC 3546, 2003.","journal-title":"IETF RFC"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_9_1","volume-title":"Feb","author":"Delignat-Lavaud A.","year":"2014","unstructured":"A. Delignat-Lavaud , M. Abadi , M. Birrell , I. Mironov , T. Wobber , and Y. Xie , \" Web PKI: closing the gap between guidelines and practices,\" in NDSS , Feb 2014 . A. Delignat-Lavaud, M. Abadi, M. Birrell, I. Mironov, T. Wobber, and Y. Xie, \"Web PKI: closing the gap between guidelines and practices,\" in NDSS, Feb 2014."},{"key":"e_1_3_2_1_10_1","first-page":"6455","article-title":"The WebSocket protocol","author":"Fette I.","year":"2011","unstructured":"I. Fette and A. Melnikov , \" The WebSocket protocol ,\" RFC 6455 , 2011 . I. Fette and A. Melnikov, \"The WebSocket protocol,\" RFC 6455, 2011.","journal-title":"RFC"},{"key":"e_1_3_2_1_11_1","unstructured":"M. Zalewski \"Browser Security Handbook \" Web: http:\/\/code.google.com\/p\/browsersec\/ undated.  M. Zalewski \"Browser Security Handbook \" Web: http:\/\/code.google.com\/p\/browsersec\/ undated."},{"key":"e_1_3_2_1_12_1","volume-title":"Syngress","author":"Grossman J.","year":"2007","unstructured":"J. Grossman , XSS Attacks : Cross-site scripting exploits and defense . Syngress , 2007 . J. Grossman, XSS Attacks: Cross-site scripting exploits and defense. Syngress, 2007."},{"key":"e_1_3_2_1_13_1","volume-title":"The SPDY protocol,\" IETF draft-mbelshe-httpbis-spdy-00","author":"Belshe M.","year":"2012","unstructured":"M. Belshe and R. Peon , \" The SPDY protocol,\" IETF draft-mbelshe-httpbis-spdy-00 , 2012 . M. Belshe and R. Peon, \"The SPDY protocol,\" IETF draft-mbelshe-httpbis-spdy-00, 2012."},{"key":"e_1_3_2_1_14_1","unstructured":"Akamai Technologies \"Visualizing akamai \" akamai.com\/html\/technology\/dataviz3.html 2014.  Akamai Technologies \"Visualizing akamai \" akamai.com\/html\/technology\/dataviz3.html 2014."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.12"},{"key":"e_1_3_2_1_16_1","volume-title":"How nginx processes requests,\" nginx.org\/docs\/http\/requestprocessing.html","author":"Sysoev I.","year":"2012","unstructured":"I. Sysoev and B. Mercer , \" How nginx processes requests,\" nginx.org\/docs\/http\/requestprocessing.html , 2012 . I. Sysoev and B. Mercer, \"How nginx processes requests,\" nginx.org\/docs\/http\/requestprocessing.html, 2012."},{"key":"e_1_3_2_1_17_1","unstructured":"Apache Foundation \"Virtual host documentation \" http:\/\/httpd.apache.org\/docs\/current\/vhosts\/ 2014.  Apache Foundation \"Virtual host documentation \" http:\/\/httpd.apache.org\/docs\/current\/vhosts\/ 2014."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"e_1_3_2_1_19_1","volume-title":"The OAuth 2.0 Authorization Protocol,\" IETF Draft","author":"Hammer-Lahav E.","year":"2011","unstructured":"E. Hammer-Lahav , D. Recordon , and D. Hardt , \" The OAuth 2.0 Authorization Protocol,\" IETF Draft , 2011 . E. Hammer-Lahav, D. Recordon, and D. Hardt, \"The OAuth 2.0 Authorization Protocol,\" IETF Draft, 2011."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_21_1","volume-title":"Origin cookies: session integrity for web applications,\" in W2SP","author":"Bortz A.","year":"2011","unstructured":"A. Bortz , A. Barth , and A. Czeskis , \" Origin cookies: session integrity for web applications,\" in W2SP , 2011 . A. Bortz, A. Barth, and A. Czeskis, \"Origin cookies: session integrity for web applications,\" in W2SP, 2011."},{"key":"e_1_3_2_1_22_1","volume-title":"MitM DNS rebinding SSL wildcards and XSS,\" http:\/\/goo.gl\/23Yt9l","author":"Hansen R.","year":"2010","unstructured":"R. Hansen and J. Sokol , \" MitM DNS rebinding SSL wildcards and XSS,\" http:\/\/goo.gl\/23Yt9l , 2010 . R. Hansen and J. Sokol, \"MitM DNS rebinding SSL wildcards and XSS,\" http:\/\/goo.gl\/23Yt9l, 2010."},{"key":"e_1_3_2_1_23_1","volume-title":"Project sonar: IPv4 SSL certificates,\" https:\/\/scans.io\/study\/sonar.ssl","author":"Schloesser M.","year":"2013","unstructured":"M. Schloesser , B. Gamble , J. Nickel , C. Guarnieri , and H. D. Moore , \" Project sonar: IPv4 SSL certificates,\" https:\/\/scans.io\/study\/sonar.ssl , 2013 . M. Schloesser, B. Gamble, J. Nickel, C. Guarnieri, and H. D. Moore, \"Project sonar: IPv4 SSL certificates,\" https:\/\/scans.io\/study\/sonar.ssl, 2013."},{"key":"e_1_3_2_1_24_1","unstructured":"Alexa Internet Inc. \"Top 1 000 000 sites (updated daily) \" http:\/\/goo.gl\/OZdT6p 2014.  Alexa Internet Inc. \"Top 1 000 000 sites (updated daily) \" http:\/\/goo.gl\/OZdT6p 2014."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSNT.2011.141"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382238"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.27"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.27"},{"key":"e_1_3_2_1_29_1","volume-title":"Hypertext transfer protocol version 2","author":"Belshe M.","year":"2012","unstructured":"M. Belshe , R. Peon , and M. Thomson , \" Hypertext transfer protocol version 2 ,\" 2012 . {Online}. Available: http:\/\/tools.ietf.org\/html\/draft-ietf-httpbis-http2-14 M. Belshe, R. Peon, and M. Thomson, \"Hypertext transfer protocol version 2,\" 2012. {Online}. Available: http:\/\/tools.ietf.org\/html\/draft-ietf-httpbis-http2-14"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"A. Parsovs \"Practical issues with TLS client certificate authentication \" in NDSS 2014.  A. Parsovs \"Practical issues with TLS client certificate authentication \" in NDSS 2014.","DOI":"10.14722\/ndss.2014.23036"},{"key":"e_1_3_2_1_31_1","volume-title":"Origin-bound certificates: a fresh approach to strong client authentication,\" in Usenix Security","author":"Dietz M.","year":"2012","unstructured":"M. Dietz , A. Czeskis , D. Balfanz , and D. S. Wallach , \" Origin-bound certificates: a fresh approach to strong client authentication,\" in Usenix Security , 2012 . M. Dietz, A. Czeskis, D. Balfanz, and D. S. Wallach, \"Origin-bound certificates: a fresh approach to strong client authentication,\" in Usenix Security, 2012."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.14"},{"key":"e_1_3_2_1_33_1","volume-title":"Certificate pinning extension for HSTS","author":"Evans C.","year":"2011","unstructured":"C. Evans and C. Palmer , \" Certificate pinning extension for HSTS ,\" 2011 . {Online}. Available: http:\/\/tools.ietf.org\/html\/draft-evans-palmer-hsts-pinning-00 C. Evans and C. Palmer, \"Certificate pinning extension for HSTS,\" 2011. {Online}. Available: http:\/\/tools.ietf.org\/html\/draft-evans-palmer-hsts-pinning-00"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05149-9_12"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.12"},{"key":"e_1_3_2_1_36_1","volume-title":"TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks,\" Internet Draft (v.01)","author":"Moeller B.","year":"2014","unstructured":"B. Moeller and A. Langley , \" TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks,\" Internet Draft (v.01) , 2014 . B. Moeller and A. Langley, \"TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks,\" Internet Draft (v.01), 2014."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.30"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.49"},{"key":"e_1_3_2_1_39_1","volume-title":"Language-based defenses against untrusted browser origins,\" in Usenix Security","author":"Bhargavan K.","year":"2013","unstructured":"K. Bhargavan , A. Delignat-Lavaud , and S. Maffeis , \" Language-based defenses against untrusted browser origins,\" in Usenix Security , 2013 . K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis, \"Language-based defenses against untrusted browser origins,\" in Usenix Security, 2013."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.27"},{"key":"e_1_3_2_1_41_1","unstructured":"M. Marlinspike \"More tricks for defeating SSL in practice \" Black Hat USA 2009.  M. Marlinspike \"More tricks for defeating SSL in practice \" Black Hat USA 2009."},{"key":"e_1_3_2_1_42_1","first-page":"6797","article-title":"HTTP Strict Transport Security (HSTS)","author":"Hodges J.","year":"2012","unstructured":"J. Hodges , C. Jackson , and A. Barth , \" HTTP Strict Transport Security (HSTS) ,\" IETF RFC 6797 , 2012 . J. Hodges, C. Jackson, and A. Barth, \"HTTP Strict Transport Security (HSTS),\" IETF RFC 6797, 2012.","journal-title":"IETF RFC"},{"key":"e_1_3_2_1_43_1","unstructured":"J. Selvi \"Bypassing http strict transport security.\"  J. Selvi \"Bypassing http strict transport security.\""},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1462148.1462150"},{"key":"e_1_3_2_1_45_1","volume-title":"The hitchhiker's guide to DNS cache poisoning,\" in SecureComm","author":"Son S.","year":"2010","unstructured":"S. Son and V. Shmatikov , \" The hitchhiker's guide to DNS cache poisoning,\" in SecureComm , 2010 . S. Son and V. Shmatikov, \"The hitchhiker's guide to DNS cache poisoning,\" in SecureComm, 2010."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455798"},{"key":"e_1_3_2_1_47_1","volume-title":"On the effective prevention of TLS man-in-the-middle attacks in web applications,\" in Usenix Security","author":"Karapanos N.","year":"2014","unstructured":"N. Karapanos and S. Capkun , \" On the effective prevention of TLS man-in-the-middle attacks in web applications,\" in Usenix Security , 2014 . N. Karapanos and S. Capkun, \"On the effective prevention of TLS man-in-the-middle attacks in web applications,\" in Usenix Security, 2014."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-27576-0_20"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315254"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_51_1","volume-title":"Here's my cert, so trust me, maybe? understanding TLS errors on the web,\" in WWW","author":"Akhawe D.","year":"2013","unstructured":"D. Akhawe , B. Amann , M. Vallentin , and R. Sommer , \" Here's my cert, so trust me, maybe? understanding TLS errors on the web,\" in WWW , 2013 . D. Akhawe, B. Amann, M. Vallentin, and R. Sommer, \"Here's my cert, so trust me, maybe? understanding TLS errors on the web,\" in WWW, 2013."},{"key":"e_1_3_2_1_52_1","volume-title":"Netifera","author":"Duong T.","year":"2011","unstructured":"T. Duong and J. Rizzo , \" Here come the XOR ninjas,\" White paper , Netifera , 2011 . T. Duong and J. Rizzo, \"Here come the XOR ninjas,\" White paper, Netifera, 2011."},{"key":"e_1_3_2_1_53_1","volume-title":"The CRIME attack,\" in EKOparty Security Conference","author":"Rizzo J.","year":"2012","unstructured":"J. Rizzo and T. Duong , \" The CRIME attack,\" in EKOparty Security Conference , vol. 2012 , 2012 . J. Rizzo and T. Duong, \"The CRIME attack,\" in EKOparty Security Conference, vol. 2012, 2012."},{"key":"e_1_3_2_1_54_1","volume-title":"A messy state of the union: taming the composite state machines of TLS,\" in IEEE S&P","author":"Beurdouche B.","year":"2015","unstructured":"B. Beurdouche , K. Bhargavan , A. Delignat-Lavaud , C. Fournet , M. Kohlweiss , A. Pironti , P.-Y. Strub , and J. K. Zinzindohoue , \" A messy state of the union: taming the composite state machines of TLS,\" in IEEE S&P , 2015 . B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and J. K. Zinzindohoue, \"A messy state of the union: taming the composite state machines of TLS,\" in IEEE S&P, 2015."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2659897"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660298"}],"event":{"name":"WWW '15: 24th International World Wide Web Conference","location":"Florence Italy","acronym":"WWW '15","sponsor":["IW3C2 International World Wide Web Conference Committee","SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the 24th International Conference on World Wide Web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2736277.2741089","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2736277.2741089","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:16:37Z","timestamp":1750227397000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2736277.2741089"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,5,18]]},"references-count":56,"alternative-id":["10.1145\/2736277.2741089","10.5555\/2736277"],"URL":"https:\/\/doi.org\/10.1145\/2736277.2741089","relation":{},"subject":[],"published":{"date-parts":[[2015,5,18]]},"assertion":[{"value":"2015-05-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}