{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:28:50Z","timestamp":1766449730220,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":63,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1409868, CNS-1405886, DGE-1069311"],"award-info":[{"award-number":["CNS-1409868, CNS-1405886, DGE-1069311"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3133966","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"179-194","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":36,"title":["Most Websites Don't Need to Vibrate"],"prefix":"10.1145","author":[{"given":"Peter","family":"Snyder","sequence":"first","affiliation":[{"name":"University of Illinois at Chicago, Chicago, IL, USA"}]},{"given":"Cynthia","family":"Taylor","sequence":"additional","affiliation":[{"name":"University of Illinois at Chicago, Chicago, IL, USA"}]},{"given":"Chris","family":"Kanich","sequence":"additional","affiliation":[{"name":"University of Illinois at Chicago, Chicago, IL, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"https:\/\/adblockplus.org\/. [Online","author":"Adblock","year":"2015","unstructured":"Adblock plus. https:\/\/adblockplus.org\/. [Online; accessed 16-October-2015]."},{"key":"e_1_3_2_2_2_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-2363","author":"Cve","year":"2011","unstructured":"Cve-2011-2363. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2011-2363, 2011. [Online; accessed 11-August-2016]."},{"key":"e_1_3_2_2_3_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-4171","author":"Cve","year":"2012","unstructured":"Cve-2012-4171. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-4171, 2012. [Online; accessed 11-August-2016]."},{"key":"e_1_3_2_2_4_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2031","author":"Cve","year":"2013","unstructured":"Cve-2013-2031. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2031, 2013. [Online; accessed 11-August-2016]."},{"key":"e_1_3_2_2_5_1","volume-title":"https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!topic\/blink-dev\/1wWhVoKWztY","author":"Chromium","year":"2014","unstructured":"Chromium blink mailing list discussion. https:\/\/groups.google.com\/a\/chromium.org\/forum\/#!topic\/blink-dev\/1wWhVoKWztY, 2014. [Online; accessed 15-February-2016]."},{"key":"e_1_3_2_2_6_1","volume-title":"System permissions. https:\/\/developer.android.com\/guide\/topics\/security\/permissions.html","author":"Android","year":"2015","unstructured":"Android developer's guide: System permissions. https:\/\/developer.android.com\/guide\/topics\/security\/permissions.html, 2015. [Online; accessed 17-February-2016]."},{"key":"e_1_3_2_2_7_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015-0818","author":"Cve","year":"2015","unstructured":"Cve-2015-0818. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015-0818, 2015. [Online; accessed 11-August-2016]."},{"key":"e_1_3_2_2_8_1","volume-title":"https:\/\/dev.chromium.org\/blink#new-features","author":"Chromium","year":"2016","unstructured":"Chromium blink web features guidelines. https:\/\/dev.chromium.org\/blink#new-features, 2016. [Online; accessed 15-February-2016]."},{"key":"e_1_3_2_2_9_1","volume-title":"https:\/\/www.w3.org\/TR\/hr-time-2\/","author":"High","year":"2016","unstructured":"High resolution time level 2. https:\/\/www.w3.org\/TR\/hr-time-2\/, 2016. [Online; accessed 11-November-2016]."},{"key":"e_1_3_2_2_10_1","volume-title":"https:\/\/www.w3.org\/TR\/workers\/","author":"Web","year":"2016","unstructured":"Web workers. https:\/\/www.w3.org\/TR\/workers\/, 2016. [Online; accessed 13-August-2016]."},{"key":"e_1_3_2_2_11_1","volume-title":"Real-time communication between browsers. https:\/\/www.w3.org\/TR\/webrtc\/","author":"Webrtc 0","year":"2016","unstructured":"Webrtc 1.0: Real-time communication between browsers. https:\/\/www.w3.org\/TR\/webrtc\/, 2016. [Online; accessed 11-August-2016]."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660347"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516674"},{"key":"e_1_3_2_2_14_1","unstructured":"Adenot P. Wilson C. and Rogers C. Web audio api. http:\/\/www.w3.org\/TR\/webaudio\/ 2013."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991091"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.44"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046626"},{"key":"e_1_3_2_2_18_1","volume-title":"The chromium (google chrome) open source project on open hub. https:\/\/www.openhub.net\/p\/chrome\/analyses\/latest\/code_history","author":"Black Duck Software Inc.","year":"2015","unstructured":"Black Duck Software Inc. The chromium (google chrome) open source project on open hub. https:\/\/www.openhub.net\/p\/chrome\/analyses\/latest\/code_history, 2015. [Online; accessed 16-October-2015]."},{"key":"e_1_3_2_2_19_1","unstructured":"Blue V. You say advertising i say block that malware. http:\/\/www.engadget.com\/2016\/01\/08\/you-say-advertising-i-say-block-that-malware\/ 2016. [Online; accessed 15-February-2016]."},{"key":"e_1_3_2_2_20_1","volume-title":"The noscript misnomer - why should i trust vjs.zendcdn.net? https:\/\/thehackerblog.com\/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net\/index.html","author":"Bryant M.","year":"2015","unstructured":"Bryant, M. The noscript misnomer - why should i trust vjs.zendcdn.net? https:\/\/thehackerblog.com\/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net\/index.html, 2015. [Online; accessed 12-August-2016]."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23152"},{"key":"e_1_3_2_2_22_1","volume-title":"Scalable vector graphics (svg) 1.1","author":"Dahlstr\u00f6m E.","year":"2011","unstructured":"Dahlstr\u00f6m, E., Dengler, P., Grasso, A., Lilley, C., McCormack, C., Schepers, D., and Watt, J. Scalable vector graphics (svg) 1.1 (second edition). http:\/\/www.w3.org\/TR\/SVG11\/, 2011."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23390"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA465464"},{"key":"e_1_3_2_2_25_1","unstructured":"Dorwin D. Smith J. Watson M. and Bateman A. Encrypted media extensions. http:\/\/www.w3.org\/TR\/encrypted-media\/ 2015."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978313"},{"key":"e_1_3_2_2_27_1","volume-title":"https:\/\/easylist.adblockplus.org\/en\/. [Online","author":"Fanboy A","year":"2015","unstructured":"Fanboy, MonztA, Famlam, and Khrin. Easylist. https:\/\/easylist.adblockplus.org\/en\/. [Online; accessed 16-October-2015]."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813688"},{"key":"e_1_3_2_2_29_1","volume-title":"boringssl - git at google. https:\/\/boringssl.googlesource.com\/boringssl\/","author":"Google","year":"2016","unstructured":"Google. boringssl - git at google. https:\/\/boringssl.googlesource.com\/boringssl\/, 2016. [Online; accessed 12-November-2016]."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23271"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24174-6_6"},{"key":"e_1_3_2_2_32_1","first-page":"151","volume-title":"Proceedings of the 18th conference on USENIX security symposium (Berkeley, CA, USA, 2009), SSYM'09, USENIX Association","author":"Guarnieri S.","unstructured":"Guarnieri, S., and Livshits, B. Gatekeeper: mostly static enforcement of security and reliability policies for javascript code. In Proceedings of the 18th conference on USENIX security symposium (Berkeley, CA, USA, 2009), SSYM'09, USENIX Association, pp. 151--168."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_15"},{"key":"e_1_3_2_2_34_1","volume-title":"8th USENIX Workshop on Offensive Technologies (WOOT 14)","author":"Ho G.","year":"2014","unstructured":"Ho, G., Boneh, D., Ballard, L., and Provos, N. Tick tock: building browser red pills from timing side channels. In 8th USENIX Workshop on Offensive Technologies (WOOT 14) (2014)."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664247"},{"key":"e_1_3_2_2_36_1","unstructured":"Kostiainen A. Vibration. http:\/\/www.w3.org\/TR\/vibration\/ 2105."},{"key":"e_1_3_2_2_37_1","unstructured":"Kostiainen A. Oksanen I. and Haza\u00ebl-Massieux D. Html media capture. http:\/\/www.w3.org\/TR\/html-media-capture\/ 2104."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516712"},{"key":"e_1_3_2_2_39_1","unstructured":"Lamouri M. and C#239;ceres M. Screen orientation. http:\/\/www.w3.org\/TR\/screen-orientation\/ 2105."},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.57"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1835449.1835513"},{"key":"e_1_3_2_2_42_1","volume-title":"Noscript - javascript\/java\/flash blocker for a safer firefox experience! https:\/\/noscript.net\/","author":"Maone G.","year":"2015","unstructured":"Maone, G. Noscript - javascript\/java\/flash blocker for a safer firefox experience! https:\/\/noscript.net\/, 2015. [Online; accessed 08-February-2015]."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.36"},{"key":"e_1_3_2_2_44_1","volume-title":"Google caja. https:\/\/developers.google.com\/caja\/","author":"Miller M. S.","year":"2013","unstructured":"Miller, M. S. Google caja. https:\/\/developers.google.com\/caja\/, 2013."},{"key":"e_1_3_2_2_45_1","volume-title":"https:\/\/github.com\/mozilla\/dxr","author":"Mozilla Corporation","year":"2016","unstructured":"Mozilla Corporation. Dxr. https:\/\/github.com\/mozilla\/dxr, 2016."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.43"},{"key":"e_1_3_2_2_47_1","volume-title":"Stealing sensitive browser data with the W3C Ambient Light Sensor API. https:\/\/blog.lukaszolejnik.com\/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api\/","author":"Olejnik L.","year":"2017","unstructured":"Olejnik, L. Stealing sensitive browser data with the W3C Ambient Light Sensor API. https:\/\/blog.lukaszolejnik.com\/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api\/, 2017."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813708"},{"key":"e_1_3_2_2_50_1","volume-title":"Milk or wine: does software security improve with age? In Usenix Security","author":"Ozment A.","year":"2006","unstructured":"Ozment, A., and Schechter, S. E. Milk or wine: does software security improve with age? In Usenix Security (2006)."},{"key":"e_1_3_2_2_51_1","unstructured":"Patrizio A. How forbes inadvertently proved the anti-malware value of ad blockers. http:\/\/www.networkworld.com\/article\/3021113\/security\/forbes-malware-ad-blocker-advertisements.html 2016. [Online; accessed 15-February-2016]."},{"key":"e_1_3_2_2_52_1","volume-title":"The design and implementation of the tor browser. https:\/\/www.torproject.org\/projects\/torbrowser\/design\/#fingerprinting-linkability","author":"Perry M.","year":"2015","unstructured":"Perry, M., Clark, E., and Murdoch, S. The design and implementation of the tor browser. https:\/\/www.torproject.org\/projects\/torbrowser\/design\/#fingerprinting-linkability, 2015. [Online; accessed 15-February-2016]."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987466"},{"key":"e_1_3_2_2_55_1","volume-title":"NDSS","author":"Son S.","year":"2013","unstructured":"Son, S., and Shmatikov, V. The postman always rings twice: Attacking and defending postmessage in html5 websites. In NDSS (2013)."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.10"},{"key":"e_1_3_2_2_58_1","unstructured":"Turner D. and Kostiainen A. Ambient light events. http:\/\/www.w3.org\/TR\/ambient-light\/ 2105."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813632"},{"key":"e_1_3_2_2_60_1","volume-title":"Proceedings of the Usenix Security Symposium","author":"Van Goethem T.","year":"2016","unstructured":"Van Goethem, T., Vanhoef, M., Piessens, F., and Joosen, W. Request and conquer: Exposing cross-origin resource size. In Proceedings of the Usenix Security Symposium (2016)."},{"key":"e_1_3_2_2_61_1","volume-title":"Html living standard. https:\/\/html.spec.whatwg.org\/","author":"Web Hypertext Application Technology Working Group (WHATWG).","year":"2015","unstructured":"Web Hypertext Application Technology Working Group (WHATWG). Html living standard. https:\/\/html.spec.whatwg.org\/, 2015."},{"key":"e_1_3_2_2_62_1","first-page":"737","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Weissbacher M.","year":"2015","unstructured":"Weissbacher, M., Robertson, W., Kirda, E., Kruegel, C., and Vigna, G. Zigzag: Automatically hardening web applications against client-side validation vulnerabilities. In 24th USENIX Security Symposium (USENIX Security 15) (2015), pp. 737--752."},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813716"},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-76440-3_4"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Dallas Texas USA","acronym":"CCS '17"},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133966","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133966","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133966","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133966"}},"subtitle":["A Cost-Benefit Approach to Improving Browser Security"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":63,"alternative-id":["10.1145\/3133956.3133966","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3133966","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}