{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:32:40Z","timestamp":1772119960121,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"European Commission","award":["700542-Future-Trust-H2020-DS-2015-1"],"award-info":[{"award-number":["700542-Future-Trust-H2020-DS-2015-1"]}]},{"name":"Excellence Strategy of the Federal and State Governments","award":["EXC 2092 CASA"],"award-info":[{"award-number":["EXC 2092 CASA"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,6]]},"DOI":"10.1145\/3319535.3339812","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T13:08:32Z","timestamp":1573132112000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["1 Trillion Dollar Refund"],"prefix":"10.1145","author":[{"given":"Vladislav","family":"Mladenov","sequence":"first","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"given":"Christian","family":"Mainka","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"given":"Karsten","family":"Meyer zu Selhausen","sequence":"additional","affiliation":[{"name":"Hackmanit GmbH, Bochum, Germany"}]},{"given":"Martin","family":"Grothe","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Adobe. 2018. Adobe Fast Facts. https:\/\/www.adobe.com\/about-adobe\/fast-facts.html  Adobe. 2018. Adobe Fast Facts. https:\/\/www.adobe.com\/about-adobe\/fast-facts.html"},{"key":"e_1_3_2_1_2_1","volume-title":"This PDF is a JPEG","author":"Albertini Ange","year":"2014"},{"key":"e_1_3_2_1_3_1","unstructured":"PDF association. 2018. PDF in 2016: Broader deeper richer. https:\/\/www.pdfa.org\/pdf-in-2016-broader-deeper-richer\/  PDF association. 2018. PDF in 2016: Broader deeper richer. https:\/\/www.pdfa.org\/pdf-in-2016-broader-deeper-richer\/"},{"key":"e_1_3_2_1_4_1","unstructured":"USENIX Association. 2018. Board of Directors Out of Band Motion. https:\/\/www.usenix.org\/sites\/default\/files\/2017-01_out-of-band_motion_signed.pdf  USENIX Association. 2018. Board of Directors Out of Band Motion. https:\/\/www.usenix.org\/sites\/default\/files\/2017-01_out-of-band_motion_signed.pdf"},{"key":"e_1_3_2_1_5_1","first-page":"28","article-title":"Digital Signature Trust vulnerability: A new attack on digital signatures","volume":"4","author":"Buccafurri Francesco","year":"2005","journal-title":"Information Management & Computer Security"},{"key":"e_1_3_2_1_6_1","volume-title":"Abhishek Vasisht Bhaskar, and Mu Zhang","author":"Carmony Curtis","year":"2016"},{"key":"e_1_3_2_1_7_1","unstructured":"European Commission. 2018. DSS Demonstration WebApp v5.3.1. https:\/\/ec.europa.eu\/cefdigital\/wiki\/display\/CEFDIGITAL\/DSS  European Commission. 2018. DSS Demonstration WebApp v5.3.1. https:\/\/ec.europa.eu\/cefdigital\/wiki\/display\/CEFDIGITAL\/DSS"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666657"},{"key":"e_1_3_2_1_9_1","unstructured":"Inc. DocuSign. 2018. DocuSign Validation Service. https:\/\/validator.docusign.com\/  Inc. DocuSign. 2018. DocuSign Validation Service. https:\/\/validator.docusign.com\/"},{"key":"e_1_3_2_1_10_1","unstructured":"EIUS doo. 2018. VEP E-obrazci. https:\/\/www.vep.si\/validator\/forms\/document-verify  EIUS doo. 2018. VEP E-obrazci. https:\/\/www.vep.si\/validator\/forms\/document-verify"},{"key":"e_1_3_2_1_11_1","unstructured":"eesti. 2018. SiVa Demo application. https:\/\/siva-arendus.eesti.ee\/  eesti. 2018. SiVa Demo application. https:\/\/siva-arendus.eesti.ee\/"},{"key":"e_1_3_2_1_12_1","unstructured":"Evrotrust. 2018. Validate a signature. https:\/\/www.evrotrust.com\/landing\/en\/a\/validation  Evrotrust. 2018. Validate a signature. https:\/\/www.evrotrust.com\/landing\/en\/a\/validation"},{"key":"e_1_3_2_1_13_1","unstructured":"FeaturedCustomers. 2018. DocuSign Customer. https:\/\/www.featuredcustomers.com\/vendor\/docusign\/customers  FeaturedCustomers. 2018. DocuSign Customer. https:\/\/www.featuredcustomers.com\/vendor\/docusign\/customers"},{"key":"e_1_3_2_1_14_1","unstructured":"Agency for Digital Italy. 2018. DSS Demonstration WebApp v5.2. https:\/\/dss.agid.gov.it\/validation  Agency for Digital Italy. 2018. DSS Demonstration WebApp v5.2. https:\/\/dss.agid.gov.it\/validation"},{"key":"e_1_3_2_1_15_1","unstructured":"Forbes. 2018. Forbes Releases 2017 Cloud 100 List of the Best Private Cloud Companies in the World. http:\/\/bit.ly\/dokusign-forbesrank  Forbes. 2018. Forbes Releases 2017 Cloud 100 List of the Best Private Cloud Companies in the World. http:\/\/bit.ly\/dokusign-forbesrank"},{"key":"e_1_3_2_1_16_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Franken Gertjan","year":"2018"},{"key":"e_1_3_2_1_17_1","unstructured":"Bundesministerium f\u00fcr Digitalisierung und Wirtschaftsstandort. 2019. E-Government-Gesetz (E-GovG). https:\/\/www.ris.bka.gv.at\/GeltendeFassung\/Bundesnormen\/20003230\/E-GovG%2c%20Fassung%20vom%2004.02.2019.pdf  Bundesministerium f\u00fcr Digitalisierung und Wirtschaftsstandort. 2019. E-Government-Gesetz (E-GovG). https:\/\/www.ris.bka.gv.at\/GeltendeFassung\/Bundesnormen\/20003230\/E-GovG%2c%20Fassung%20vom%2004.02.2019.pdf"},{"key":"e_1_3_2_1_18_1","unstructured":"Ian Grigg. 2008. Technologists on signatures: looking in the wrong place. http:\/\/financialcryptography.com\/mt\/archives\/001056.html  Ian Grigg. 2008. Technologists on signatures: looking in the wrong place. http:\/\/financialcryptography.com\/mt\/archives\/001056.html"},{"key":"e_1_3_2_1_19_1","unstructured":"Ian Grigg. 2012. Signatures on fax & email - if you did not intend to be bound why did you bother to write it? http:\/\/financialcryptography.com\/mt\/archives\/001364.html  Ian Grigg. 2012. Signatures on fax & email - if you did not intend to be bound why did you bother to write it? http:\/\/financialcryptography.com\/mt\/archives\/001364.html"},{"key":"e_1_3_2_1_20_1","unstructured":"Arhs Group. 2018. Ellis Digital Signature. https:\/\/ellis.arhs-spikeseed.com\/  Arhs Group. 2018. Ellis Digital Signature. https:\/\/ellis.arhs-spikeseed.com\/"},{"key":"e_1_3_2_1_21_1","volume-title":"version 1.7","author":"Incorporated Adobe Systems"},{"key":"e_1_3_2_1_22_1","unstructured":"Alexander1 Inf\u00fchr. 2014. Multiple PDF Vulnerabilities -- Text and Pictures on Steroids. https:\/\/insert-script.blogspot.de\/2014\/12\/multiple-pdf-vulnerabilites-text-and.html  Alexander1 Inf\u00fchr. 2014. Multiple PDF Vulnerabilities -- Text and Pictures on Steroids. https:\/\/insert-script.blogspot.de\/2014\/12\/multiple-pdf-vulnerabilites-text-and.html"},{"key":"e_1_3_2_1_23_1","unstructured":"Alexander Inf\u00fchr. 2015. PDF -- Mess with the Web. https:\/\/2015.appsec.eu\/wp-content\/uploads\/2015\/09\/owasp-appseceu2015-infuhr.pdf  Alexander Inf\u00fchr. 2015. PDF -- Mess with the Web. https:\/\/2015.appsec.eu\/wp-content\/uploads\/2015\/09\/owasp-appseceu2015-infuhr.pdf"},{"key":"e_1_3_2_1_24_1","unstructured":"Alexander2 Inf\u00fchr. 2018. Adobe Reader PDF - Client Side Request Injection. https:\/\/insert-script.blogspot.de\/2018\/05\/adobe-reader-pdf-client-side-request.html  Alexander2 Inf\u00fchr. 2018. Adobe Reader PDF - Client Side Request Injection. https:\/\/insert-script.blogspot.de\/2018\/05\/adobe-reader-pdf-client-side-request.html"},{"key":"e_1_3_2_1_25_1","volume-title":"Advanced communications and multimedia security","author":"Kain K"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076785"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2014.998843"},{"key":"e_1_3_2_1_28_1","volume-title":"2015 International Conference on Information Systems Security and Privacy (ICISSP). IEEE, 27--36","author":"Maiorca Davide","year":"2015"},{"key":"e_1_3_2_1_29_1","volume-title":"Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware","author":"Maiorca Davide"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31537-4_40"},{"key":"e_1_3_2_1_31_1","volume-title":"PDF Mirage: Content Masking Attack Against Information-Based Online Services. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Markwood Ian","year":"2017"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1103022.1103026"},{"key":"e_1_3_2_1_33_1","unstructured":"Tim McLean. 2015. Blog post: Critical vulnerabilities in JSON Web Token libraries. https:\/\/www.chosenplaintext.ca\/2015\/03\/31\/jwt-algorithm-confusion.html  Tim McLean. 2015. Blog post: Critical vulnerabilities in JSON Web Token libraries. https:\/\/www.chosenplaintext.ca\/2015\/03\/31\/jwt-algorithm-confusion.html"},{"key":"e_1_3_2_1_34_1","unstructured":"Vladislav Mladenov Christian Mainka Meyer zu Selhausen Martin Grothe and J\u00f6rg Schwenk. 2018. Vulnerability Report: Attacks bypassing the signature validation in PDF. Technical Report. Ruhr Univeristy Bochum Chair for Network and Data Security. https:\/\/www.nds.ruhr-uni-bochum.de\/research\/publications\/vulnerability-report-attacks-bypassing-signature-v\/  Vladislav Mladenov Christian Mainka Meyer zu Selhausen Martin Grothe and J\u00f6rg Schwenk. 2018. Vulnerability Report: Attacks bypassing the signature validation in PDF. Technical Report. Ruhr Univeristy Bochum Chair for Network and Data Security. https:\/\/www.nds.ruhr-uni-bochum.de\/research\/publications\/vulnerability-report-attacks-bypassing-signature-v\/"},{"key":"e_1_3_2_1_35_1","unstructured":"United States Government Printing Office. 2000. ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT. https:\/\/www.govinfo.gov\/content\/pkg\/PLAW-106publ229\/pdf\/PLAW-106publ229.pdf  United States Government Printing Office. 2000. ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT. https:\/\/www.govinfo.gov\/content\/pkg\/PLAW-106publ229\/pdf\/PLAW-106publ229.pdf"},{"key":"e_1_3_2_1_36_1","volume-title":"Hiding Malicious Content in PDF Documents. CoRR","author":"Popescu Dan-Sabin","year":"2012"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-009-0128-2"},{"key":"e_1_3_2_1_38_1","unstructured":"RUNDFUNK UND TELEKOM REGULIERUNGS-GMBH. 2018. RTR - Signatur-Pr\u00fcfung. https:\/\/www.signatur.rtr.at\/de\/vd\/Pruefung.html  RUNDFUNK UND TELEKOM REGULIERUNGS-GMBH. 2018. RTR - Signatur-Pr\u00fcfung. https:\/\/www.signatur.rtr.at\/de\/vd\/Pruefung.html"},{"key":"e_1_3_2_1_39_1","unstructured":"Check Point Research. 2018. NTLM Credentials Theft via PDF Files. https:\/\/research.checkpoint.com\/ntlm-credentials-theft-via-pdf-files\/  Check Point Research. 2018. NTLM Credentials Theft via PDF Files. https:\/\/research.checkpoint.com\/ntlm-credentials-theft-via-pdf-files\/"},{"key":"e_1_3_2_1_40_1","unstructured":"Billy Rios Federico Lanusse and Mauro Gentile. 2013. Adobe Reader Same-Origin Policy Bypass. http:\/\/www.sneaked.net\/adobe-reader-same-origin-policy-bypass  Billy Rios Federico Lanusse and Mauro Gentile. 2013. Adobe Reader Same-Origin Policy Bypass. http:\/\/www.sneaked.net\/adobe-reader-same-origin-policy-bypass"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420987"},{"key":"e_1_3_2_1_42_1","volume-title":"21st USENIX Security Symposium","author":"Somorovsky Juraj","year":"2012"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-016-0045-0"},{"key":"e_1_3_2_1_44_1","unstructured":"Tom\u00e1s Stefan. 2017. Digital Signature Verification in PDF. https:\/\/dspace.cvut.cz\/bitstream\/handle\/10467\/76810\/F8-BP-2018-Stefan-Tomas-thesis.pdf'sequence=-1  Tom\u00e1s Stefan. 2017. Digital Signature Verification in PDF. https:\/\/dspace.cvut.cz\/bitstream\/handle\/10467\/76810\/F8-BP-2018-Stefan-Tomas-thesis.pdf'sequence=-1"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63688-7_19"},{"key":"e_1_3_2_1_46_1","volume-title":"Feature Conservation in Adversarial Classifier Evasion: A Case Study. CoRR","author":"Tong Liang","year":"2017"},{"key":"e_1_3_2_1_47_1","volume-title":"A Framework for Validating Models of Evasion Attacks on Machine Learning, with Application to PDF Malware Detection. arXiv preprint arXiv:1708.08327","author":"Tong Liang","year":"2017"},{"key":"e_1_3_2_1_48_1","unstructured":"European Union. 2014. REGULATION (EU) No 910\/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32014R0910  European Union. 2014. REGULATION (EU) No 910\/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32014R0910"},{"key":"e_1_3_2_1_49_1","volume-title":"Malicious URI resolving in PDF Documents. Blackhat Abu Dhabi","author":"Valentin H.","year":"2012"},{"key":"e_1_3_2_1_50_1","volume-title":"Karsten Meyer zu Selhausen, Martin Grothe and J\u00f6rg Schwenk","author":"Mladenov Vladislav","year":"2018"},{"key":"e_1_3_2_1_51_1","volume-title":"Karsten Meyer zu Selhausen, Martin Grothe and J\u00f6rg Schwenk","author":"Mladenov Vladislav","year":"2018"},{"key":"e_1_3_2_1_52_1","volume-title":"Karsten Meyer zu Selhausen, Martin Grothe and J\u00f6rg Schwenk","author":"Mladenov Vladislav","year":"2018"},{"key":"e_1_3_2_1_53_1","unstructured":"Wikipedia. 2019. Electronic signatures and law. https:\/\/en.wikipedia.org\/wiki\/Electronic_signatures_and_law  Wikipedia. 2019. Electronic signatures and law. https:\/\/en.wikipedia.org\/wiki\/Electronic_signatures_and_law"},{"key":"e_1_3_2_1_54_1","unstructured":"Michal Zalewski. 2012. The tangled Web: A guide to securing modern web applications. No Starch Press.  Michal Zalewski. 2012. The tangled Web: A guide to securing modern web applications. No Starch Press."}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3339812","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3339812","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:24:01Z","timestamp":1750202641000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3339812"}},"subtitle":["How To Spoof PDF Signatures"],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":54,"alternative-id":["10.1145\/3319535.3339812","10.1145\/3319535"],"URL":"https:\/\/doi.org\/10.1145\/3319535.3339812","relation":{},"subject":[],"published":{"date-parts":[[2019,11,6]]},"assertion":[{"value":"2019-11-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}