{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:18:09Z","timestamp":1763468289022,"version":"3.41.0"},"publisher-location":"Republic and Canton of Geneva, Switzerland","reference-count":52,"publisher":"International World Wide Web Conferences Steering Committee","license":[{"start":{"date-parts":[[2015,5,18]],"date-time":"2015-05-18T00:00:00Z","timestamp":1431907200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Google","award":["Google PhD Fellowship","Google Research Award"],"award-info":[{"award-number":["Google PhD Fellowship","Google Research Award"]}]},{"name":"NSF","award":["CNS-1223396","CNS-0746888"],"award-info":[{"award-number":["CNS-1223396","CNS-0746888"]}]},{"name":"National Library of Medicine","award":["R01 LM011028-01"],"award-info":[{"award-number":["R01 LM011028-01"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,5,18]]},"DOI":"10.1145\/2736277.2741663","type":"proceedings-article","created":{"date-parts":[[2016,2,5]],"date-time":"2016-02-05T20:37:12Z","timestamp":1454704632000},"page":"366-376","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Rethinking Security of Web-Based System Applications"],"prefix":"10.1145","author":[{"given":"Martin","family":"Georgiev","sequence":"first","affiliation":[{"name":"University of Texas at Austin, Austin, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Suman","family":"Jana","sequence":"additional","affiliation":[{"name":"University of Texas at Austin, Austin, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vitaly","family":"Shmatikov","sequence":"additional","affiliation":[{"name":"University of Texas at Austin, Austin, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2015,5,18]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Abusing WebView JavaScript bridges. http:\/\/50.56.33.56\/blog\/?p=314.  Abusing WebView JavaScript bridges. http:\/\/50.56.33.56\/blog\/?p=314."},{"volume-title":"USENIX Security","year":"2012","author":"Akhawe D.","key":"e_1_3_2_1_2_1"},{"key":"e_1_3_2_1_3_1","unstructured":"AppArmor. http:\/\/developer.ubuntu.com\/publish\/apps\/security-policy-for-click-packages\/ 2014.  AppArmor. http:\/\/developer.ubuntu.com\/publish\/apps\/security-policy-for-click-packages\/ 2014."},{"key":"e_1_3_2_1_4_1","unstructured":"A. Barth. The Web origin concept. http:\/\/tools.ietf.org\/html\/rfc6454.  A. Barth. The Web origin concept. http:\/\/tools.ietf.org\/html\/rfc6454."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1496711.1496713"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05149-9_9"},{"key":"e_1_3_2_1_8_1","unstructured":"Chrome app samples. https:\/\/github.com\/GoogleChrome\/chrome-app-samples 2014.  Chrome app samples. https:\/\/github.com\/GoogleChrome\/chrome-app-samples 2014."},{"key":"e_1_3_2_1_9_1","unstructured":"Permissions in Chrome apps and extensions. https:\/\/developer.chrome.com\/apps\/declare_permissions 2014.  Permissions in Chrome apps and extensions. https:\/\/developer.chrome.com\/apps\/declare_permissions 2014."},{"key":"e_1_3_2_1_10_1","unstructured":"Cordova platform support. http:\/\/cordova.apache.org\/docs\/en\/3.4.0\/guide_support_index.md.html 2014.  Cordova platform support. http:\/\/cordova.apache.org\/docs\/en\/3.4.0\/guide_support_index.md.html 2014."},{"volume-title":"ISC","year":"2010","author":"Davi L.","key":"e_1_3_2_1_11_1"},{"volume-title":"MoST","year":"2014","author":"DeFreez D.","key":"e_1_3_2_1_12_1"},{"volume-title":"USENIX Security","year":"2011","author":"Dietz M.","key":"e_1_3_2_1_13_1"},{"volume-title":"USENIX Security","year":"2011","author":"Felt A.","key":"e_1_3_2_1_14_1"},{"key":"e_1_3_2_1_15_1","unstructured":"Firefox OS app permissions. https:\/\/developer.mozilla.org\/en-US\/Apps\/Build\/App_permissions 2014.  Firefox OS app permissions. https:\/\/developer.mozilla.org\/en-US\/Apps\/Build\/App_permissions 2014."},{"key":"e_1_3_2_1_16_1","unstructured":"Firefox OS security model. https:\/\/developer.mozilla.org\/en-US\/Firefox_OS\/Security\/Security_model 2014.  Firefox OS security model. https:\/\/developer.mozilla.org\/en-US\/Firefox_OS\/Security\/Security_model 2014."},{"volume-title":"NDSS","year":"2010","author":"Finifter M.","key":"e_1_3_2_1_17_1"},{"volume-title":"USENIX ATC","year":"2008","author":"Ford B.","key":"e_1_3_2_1_18_1"},{"volume-title":"NDSS","year":"2004","author":"Garfinkel T.","key":"e_1_3_2_1_19_1"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23323"},{"volume-title":"USENIX Security","year":"1996","author":"Goldberg I.","key":"e_1_3_2_1_21_1"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"volume-title":"NDSS","year":"2012","author":"Grace M.","key":"e_1_3_2_1_23_1"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.33"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660275"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660275"},{"volume-title":"WebApps","year":"2012","author":"Lin K.","key":"e_1_3_2_1_28_1"},{"volume-title":"USENIX Security","year":"2010","author":"Louw M.","key":"e_1_3_2_1_29_1"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.11"},{"key":"e_1_3_2_1_33_1","unstructured":"M. Miller M. Samuel B. Laurie I. Awad and M. Stay. Caja: Safe active content in sanitized JavaScript. http:\/\/google-caja.googlecode.com 2008.  M. Miller M. Samuel B. Laurie I. Awad and M. Stay. Caja: Safe active content in sanitized JavaScript. http:\/\/google-caja.googlecode.com 2008."},{"key":"e_1_3_2_1_34_1","unstructured":"WebView addJavascriptInterface remote code execution. https:\/\/labs.mwrinfosecurity.com\/blog\/2013\/09\/24\/webview-addjavascriptinterface-remote-code-execution\/.  WebView addJavascriptInterface remote code execution. https:\/\/labs.mwrinfosecurity.com\/blog\/2013\/09\/24\/webview-addjavascriptinterface-remote-code-execution\/."},{"key":"e_1_3_2_1_35_1","unstructured":"NSA. Security-enhanced linux. http:\/\/www.nsa.gov\/research\/selinux\/.  NSA. Security-enhanced linux. http:\/\/www.nsa.gov\/research\/selinux\/."},{"key":"e_1_3_2_1_36_1","unstructured":"Ubuntu OnlineAccounts API. http:\/\/developer.ubuntu.com\/api\/html5\/sdk-14.04\/OnlineAccounts.OnlineAccounts\/ 2014.  Ubuntu OnlineAccounts API. http:\/\/developer.ubuntu.com\/api\/html5\/sdk-14.04\/OnlineAccounts.OnlineAccounts\/ 2014."},{"volume-title":"USENIX Security","year":"2011","author":"Politz J.","key":"e_1_3_2_1_37_1"},{"volume-title":"USENIX Security","year":"2003","author":"Provos N.","key":"e_1_3_2_1_38_1"},{"key":"e_1_3_2_1_39_1","unstructured":"E. Shapira. Analyzing an Android WebView exploit. http:\/\/blogs.avg.com\/mobile\/analyzing-android-webview-exploit\/.  E. Shapira. Analyzing an Android WebView exploit. http:\/\/blogs.avg.com\/mobile\/analyzing-android-webview-exploit\/."},{"volume-title":"USENIX Security","year":"2012","author":"Shekhar S.","key":"e_1_3_2_1_40_1"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_16"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.35"},{"volume-title":"NDSS","year":"2013","author":"Son S.","key":"e_1_3_2_1_43_1"},{"volume-title":"MoST","year":"2012","author":"Stevens R.","key":"e_1_3_2_1_44_1"},{"volume-title":"NDSS","year":"2005","author":"Sun W.","key":"e_1_3_2_1_45_1"},{"key":"e_1_3_2_1_46_1","unstructured":"SUSE. AppArmor Linux application security. https:\/\/www.suse.com\/support\/security\/apparmor\/.  SUSE. AppArmor Linux application security. https:\/\/www.suse.com\/support\/security\/apparmor\/."},{"key":"e_1_3_2_1_47_1","unstructured":"System applications working group charter. http:\/\/www.w3.org\/2012\/09\/sysapps-wg-charter 2014.  System applications working group charter. http:\/\/www.w3.org\/2012\/09\/sysapps-wg-charter 2014."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.39"},{"key":"e_1_3_2_1_49_1","unstructured":"Ubuntu Unity Web API. http:\/\/developer.ubuntu.com\/api\/devel\/ubuntu-13.10\/javascript\/web-docs\/ 2014.  Ubuntu Unity Web API. http:\/\/developer.ubuntu.com\/api\/devel\/ubuntu-13.10\/javascript\/web-docs\/ 2014."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516727"},{"key":"e_1_3_2_1_51_1","unstructured":"App capability declarations (Windows Runtime apps). http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/apps\/hh464936.aspx 2014.  App capability declarations (Windows Runtime apps). http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/apps\/hh464936.aspx 2014."},{"key":"e_1_3_2_1_52_1","unstructured":"M. Zalewski. Browser security handbook. https:\/\/code.google.com\/p\/browsersec\/wiki\/Main.  M. Zalewski. Browser security handbook. https:\/\/code.google.com\/p\/browsersec\/wiki\/Main."}],"event":{"name":"WWW '15: 24th International World Wide Web Conference","sponsor":["IW3C2 International World Wide Web Conference Committee","SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Florence Italy","acronym":"WWW '15"},"container-title":["Proceedings of the 24th International Conference on World Wide Web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2736277.2741663","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2736277.2741663","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:12:30Z","timestamp":1750227150000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2736277.2741663"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,5,18]]},"references-count":52,"alternative-id":["10.1145\/2736277.2741663","10.5555\/2736277"],"URL":"https:\/\/doi.org\/10.1145\/2736277.2741663","relation":{},"subject":[],"published":{"date-parts":[[2015,5,18]]},"assertion":[{"value":"2015-05-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}