{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T05:41:27Z","timestamp":1781329287393,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T00:00:00Z","timestamp":1604016000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"BNRist Network and Software Security Research Program","award":["BNR2019TD01004"],"award-info":[{"award-number":["BNR2019TD01004"]}]},{"name":"The Joint Funds of the National Natural Science Foundation of China","award":["U1836113"],"award-info":[{"award-number":["U1836113"]}]},{"name":"Beijing Nova Program of Science and Technology","award":["Z191100001119131"],"award-info":[{"award-number":["Z191100001119131"]}]},{"name":"National Natural Science Foundation of China","award":["U1636204"],"award-info":[{"award-number":["U1636204"]}]},{"name":"National Natural Science Foundation of China","award":["U1836213"],"award-info":[{"award-number":["U1836213"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,30]]},"DOI":"10.1145\/3372297.3417252","type":"proceedings-article","created":{"date-parts":[[2020,11,2]],"date-time":"2020-11-02T18:27:04Z","timestamp":1604341624000},"page":"1939-1952","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks"],"prefix":"10.1145","author":[{"given":"Mingming","family":"Zhang","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xiaofeng","family":"Zheng","sequence":"additional","affiliation":[{"name":"Tsinghua University & QI-ANXIN Group, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kaiwen","family":"Shen","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ziqiao","family":"Kong","sequence":"additional","affiliation":[{"name":"QI-ANXIN Group, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chaoyi","family":"Lu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yu","family":"Wang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University & QI-ANXIN Group, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shuang","family":"Hao","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Min","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,11,2]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n.d.]. CVE-2011--3389: BEAST Attack. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2011--3389.  [n.d.]. CVE-2011--3389: BEAST Attack. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2011--3389."},{"key":"e_1_3_2_2_2_1","volume-title":"Port\/IP Redirection. https:\/\/docs.danami.com\/juggernaut\/user-guide\/port-ip-redirection. Accessed","year":"2019","unstructured":"[n.d.]. Danami : Port\/IP Redirection. https:\/\/docs.danami.com\/juggernaut\/user-guide\/port-ip-redirection. Accessed : Nov 3, 2019 . [n.d.]. Danami: Port\/IP Redirection. https:\/\/docs.danami.com\/juggernaut\/user-guide\/port-ip-redirection. Accessed: Nov 3, 2019."},{"key":"e_1_3_2_2_3_1","volume-title":"https:\/\/www.zdnet.com\/article\/google-chrome-engineers-want-to-block-some-http-file-downloads\/","author":"Google Chrome","year":"2019","unstructured":"[n.d.]. Google Chrome engineers want to block some HTTP file down-loads. https:\/\/www.zdnet.com\/article\/google-chrome-engineers-want-to-block-some-http-file-downloads\/ . April 10, 2019 . [n.d.].Google Chrome engineers want to block some HTTP file down-loads. https:\/\/www.zdnet.com\/article\/google-chrome-engineers-want-to-block-some-http-file-downloads\/. April 10, 2019."},{"key":"e_1_3_2_2_4_1","unstructured":"[n.d.]. Google: HSTS Preload List. https:\/\/opensource.google.com\/projects\/hstspreload.  [n.d.]. Google: HSTS Preload List. https:\/\/opensource.google.com\/projects\/hstspreload."},{"key":"e_1_3_2_2_5_1","unstructured":"[n.d.]. Google Transparency Report: HTTPS encryption on the web. https:\/\/transparencyreport.google.com\/https\/overview.  [n.d.]. Google Transparency Report: HTTPS encryption on the web. https:\/\/transparencyreport.google.com\/https\/overview."},{"key":"e_1_3_2_2_6_1","volume-title":"Accessed","year":"2019","unstructured":"[n.d.]. HTTPS usage statistics on top 1M websites. https:\/\/statoperator.com\/research\/https-usage-statistics-on-top-websites\/ . Accessed : Dec 14, 2019 . [n.d.]. HTTPS usage statistics on top 1M websites. https:\/\/statoperator.com\/research\/https-usage-statistics-on-top-websites\/. Accessed: Dec 14, 2019."},{"key":"e_1_3_2_2_7_1","first-page":"23","author":"Protocol Downgrade Attack Middle TLS","year":"2019","unstructured":"[n.d.]. Man-in-the- Middle TLS Protocol Downgrade Attack . https:\/\/www.praetorian.com\/blog\/man-in-the-middle-tls-ssl-protocol-downgrade-attack. Accessed : Auguset 23 , 2019 . [n.d.]. Man-in-the-Middle TLS Protocol Downgrade Attack. https:\/\/www.praetorian.com\/blog\/man-in-the-middle-tls-ssl-protocol-downgrade-attack. Accessed:Auguset 23, 2019.","journal-title":"Auguset"},{"key":"e_1_3_2_2_8_1","unstructured":"[n.d.]. MDN Web Docs: Mixed content. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Mixed_content.  [n.d.]. MDN Web Docs: Mixed content. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Mixed_content."},{"key":"e_1_3_2_2_9_1","unstructured":"[n.d.]. MDN Web Docs: Redirections in HTTP. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Redirections.  [n.d.]. MDN Web Docs: Redirections in HTTP. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Redirections."},{"key":"e_1_3_2_2_10_1","volume-title":"No More Mixed Messages About HTTPS. https:\/\/blog.chromium.org\/2019\/10\/no-more-mixed-messages-about-https.html","year":"2019","unstructured":"[n.d.]. No More Mixed Messages About HTTPS. https:\/\/blog.chromium.org\/2019\/10\/no-more-mixed-messages-about-https.html . October 3, 2019 . [n.d.]. No More Mixed Messages About HTTPS. https:\/\/blog.chromium.org\/2019\/10\/no-more-mixed-messages-about-https.html. October 3, 2019."},{"key":"e_1_3_2_2_11_1","volume-title":"OWASP Secure Headers Project. https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Headers_Project. Accessed","year":"2019","unstructured":"[n.d.]. OWASP Secure Headers Project. https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Headers_Project. Accessed : Dec 2, 2019 . [n.d.]. OWASP Secure Headers Project. https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Headers_Project. Accessed: Dec 2, 2019."},{"key":"e_1_3_2_2_12_1","unstructured":"[n.d.]. Preventing Mixed Content. https:\/\/developers.google.com\/web\/fundamentals\/security\/prevent-mixed-content\/what-is-mixed-content.  [n.d.]. Preventing Mixed Content. https:\/\/developers.google.com\/web\/fundamentals\/security\/prevent-mixed-content\/what-is-mixed-content."},{"key":"e_1_3_2_2_13_1","unstructured":"[n.d.]. SSLStrip2. https:\/\/github.com\/LeonardoNve\/sslstrip2.  [n.d.]. SSLStrip2. https:\/\/github.com\/LeonardoNve\/sslstrip2."},{"key":"e_1_3_2_2_14_1","unstructured":"[n.d.]. TLS Redirection (and Virtual Host Confusion). https:\/\/github.com\/GrrrDog\/TLS-Redirection#intro.  [n.d.]. TLS Redirection (and Virtual Host Confusion). https:\/\/github.com\/GrrrDog\/TLS-Redirection#intro."},{"key":"e_1_3_2_2_15_1","unstructured":"[n.d.]. Trying to take the dum-dum out of Security. https:\/\/web.archive.org\/web\/20150921195009\/http:\/\/sign0f4.blogspot.com\/2014\/10\/mitmf-v07-released-sslstrip-integration.html.  [n.d.]. Trying to take the dum-dum out of Security. https:\/\/web.archive.org\/web\/20150921195009\/http:\/\/sign0f4.blogspot.com\/2014\/10\/mitmf-v07-released-sslstrip-integration.html."},{"key":"e_1_3_2_2_16_1","volume-title":"Accessed","year":"2019","unstructured":"[n.d.]. Usage statistics of HTTP Strict Transport Security for websites. https:\/\/w3techs.com\/technologies\/details\/ce-hsts\/all\/all . Accessed : Dec 13, 2019 . [n.d.]. Usage statistics of HTTP Strict Transport Security for websites. https:\/\/w3techs.com\/technologies\/details\/ce-hsts\/all\/all. Accessed: Dec 13, 2019."},{"key":"e_1_3_2_2_17_1","unstructured":"2016. Mixed Content (W3C Candidate Recommendation). https:\/\/www.w3.org\/TR\/2016\/CR-mixed-content-20160802\/.  2016. Mixed Content (W3C Candidate Recommendation). https:\/\/www.w3.org\/TR\/2016\/CR-mixed-content-20160802\/."},{"key":"e_1_3_2_2_18_1","unstructured":"2019. Mixed Content (W3C Editor's draft). https:\/\/w3c.github.io\/webappsec-mixed-content\/.  2019. Mixed Content (W3C Editor's draft). https:\/\/w3c.github.io\/webappsec-mixed-content\/."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.42"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01704-0_27"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-29962-0_29"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"crossref","unstructured":"Stefano Calzavara Alvise Rabitti Alessio Ragazzo and Michele Bugliesi. 2019. Testing for Integrity Flaws in Web Sessions.  Stefano Calzavara Alvise Rabitti Alessio Ragazzo and Michele Bugliesi. 2019. Testing for Integrity Flaws in Web Sessions.","DOI":"10.1007\/978-3-030-29962-0_29"},{"key":"e_1_3_2_2_23_1","volume-title":"International Work-shop on Constructive Side-Channel Analysis and Secure Design","author":"Chen Fuqing","unstructured":"Fuqing Chen , Haixin Duan , Xiaofeng Zheng , Jian Jiang , and Jianjun Chen . 2018. Path Leaks of HTTPS Side-Channel by Cookie Injection . In International Work-shop on Constructive Side-Channel Analysis and Secure Design . Springer , 189--203. Fuqing Chen, Haixin Duan, Xiaofeng Zheng, Jian Jiang, and Jianjun Chen. 2018. Path Leaks of HTTPS Side-Channel by Cookie Injection. In International Work-shop on Constructive Side-Channel Analysis and Secure Design. Springer, 189--203."},{"key":"e_1_3_2_2_24_1","unstructured":"Jianjun Chen. [n.d.]. Host of Troubles Vulnerabilities. https:\/\/hostof troubles.com\/.  Jianjun Chen. [n.d.]. Host of Troubles Vulnerabilities. https:\/\/hostof troubles.com\/."},{"key":"e_1_3_2_2_25_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Chen Jianjun","year":"2018","unstructured":"Jianjun Chen , Jian Jiang , Haixin Duan , Tao Wan , Shuo Chen , Vern Paxson , and Min Yang . 2018 . We Still Don't Have Secure Cross-Domain Requests: an Empirical Study of{CORS} . In 27th USENIX Security Symposium (USENIX Security 18) . 1079--1093. Jianjun Chen, Jian Jiang, Haixin Duan, Tao Wan, Shuo Chen, Vern Paxson, and Min Yang. 2018. We Still Don't Have Secure Cross-Domain Requests: an Empirical Study of{CORS}. In 27th USENIX Security Symposium (USENIX Security 18). 1079--1093."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978394"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.12"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987455"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"crossref","unstructured":"David Cooper Stefan Santesson S Farrell Sharon Boeyen Rusell Housley and W Polk. 2008. RFC 5280: Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. IETF May(2008).  David Cooper Stefan Santesson S Farrell Sharon Boeyen Rusell Housley and W Polk. 2008. RFC 5280: Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. IETF May(2008).","DOI":"10.17487\/rfc5280"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23374"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741089"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"crossref","unstructured":"Zakir Durumeric Zane Ma Drew Springall Richard Barnes Nick Sullivan Elie Bursztein Michael Bailey J Alex Halderman and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In NDSS.  Zakir Durumeric Zane Ma Drew Springall Richard Barnes Nick Sullivan Elie Bursztein Michael Bailey J Alex Halderman and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In NDSS.","DOI":"10.14722\/ndss.2017.23456"},{"key":"e_1_3_2_2_33_1","unstructured":"Leonardo Nve Egea. [n.d.]. dns2proxy. https:\/\/github.com\/LeonardoNve\/dns2proxy.  Leonardo Nve Egea. [n.d.]. dns2proxy. https:\/\/github.com\/LeonardoNve\/dns2proxy."},{"key":"e_1_3_2_2_34_1","unstructured":"Leonardo Nve Egea. 2015. sslstrip+. https:\/\/github.com\/LeonardoNve\/sslstrip2.  Leonardo Nve Egea. 2015. sslstrip+. https:\/\/github.com\/LeonardoNve\/sslstrip2."},{"key":"e_1_3_2_2_35_1","volume-title":"Measuring HTTPS Adoption on the Web. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Felt Adrienne Porter","year":"2017","unstructured":"Adrienne Porter Felt , Richard Barnes , April King , Chris Palmer , Chris Bentzel , and Parisa Tabriz . 2017 . Measuring HTTPS Adoption on the Web. In 26th USENIX Security Symposium (USENIX Security 17) . 1323--1338. Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring HTTPS Adoption on the Web. In 26th USENIX Security Symposium (USENIX Security 17). 1323--1338."},{"key":"e_1_3_2_2_36_1","unstructured":"Steve Gibson. Dec 11 2005. ARP Cache Poisoning: How one bad machineon your Ethernet Local Area Network (LAN) can ruin your whole day. https:\/\/www.grc.com\/nat\/arp.htm.  Steve Gibson. Dec 11 2005. ARP Cache Poisoning: How one bad machineon your Ethernet Local Area Network (LAN) can ruin your whole day. https:\/\/www.grc.com\/nat\/arp.htm."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"crossref","unstructured":"Jeff Hodges Collin Jackson and Adam Barth. 2012. RFC 6797: Http strict transport security (hsts). URL: http:\/\/tools.ietf.org\/html\/draft-ietf-websec-strict-transport-sec-04(2012).  Jeff Hodges Collin Jackson and Adam Barth. 2012. RFC 6797: Http strict transport security (hsts). URL: http:\/\/tools.ietf.org\/html\/draft-ietf-websec-strict-transport-sec-04(2012).","DOI":"10.17487\/rfc6797"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_2_39_1","unstructured":"Ralph Holz Yaron Sheffer and Peter Saint-Andre. 2015. RFC 7457: Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS).(2015).  Ralph Holz Yaron Sheffer and Peter Saint-Andre. 2015. RFC 7457: Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS).(2015)."},{"key":"e_1_3_2_2_40_1","unstructured":"P Johnston and R Moore. [n.d.]. Multiple browser cookie injection vulnerabilities(2004).  P Johnston and R Moore. [n.d.]. Multiple browser cookie injection vulnerabilities(2004)."},{"key":"e_1_3_2_2_41_1","unstructured":"David Keeler. 2012. Preloading HSTS. Mozilla Security Blog(2012).  David Keeler. 2012. Preloading HSTS. Mozilla Security Blog(2012)."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"crossref","unstructured":"Michael Kranch and Joseph Bonneau. 2015. Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Transport Security and Key Pinning. NDSS.  Michael Kranch and Joseph Bonneau. 2015. Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Transport Security and Key Pinning. NDSS.","DOI":"10.14722\/ndss.2015.23162"},{"key":"e_1_3_2_2_43_1","volume-title":"28th USENIX Security Symposium(USENIX Security 19)","author":"Kumar Deepak","year":"2019","unstructured":"Deepak Kumar , Kelly Shen , Benton Case , Deepali Garg , Galina Alperovich , Dmitry Kuznetsov , Rajarshi Gupta , and Zakir Durumeric . 2019 . All things considered: ananalysis of IoT devices on home networks . In 28th USENIX Security Symposium(USENIX Security 19) . 1169--1185. Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, and Zakir Durumeric. 2019. All things considered: ananalysis of IoT devices on home networks. In 28th USENIX Security Symposium(USENIX Security 19). 1169--1185."},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.23919\/CYCON.2018.8405025"},{"key":"e_1_3_2_2_45_1","unstructured":"Olivier Levillain. 2016.A study of the TLS ecosystem. Ph.D. Dissertation. Institut National des T\u00e9l\u00e9communications.  Olivier Levillain. 2016.A study of the TLS ecosystem. Ph.D. Dissertation. Institut National des T\u00e9l\u00e9communications."},{"key":"e_1_3_2_2_46_1","volume-title":"International Conference on Security and Privacy in Communication Systems. Springer, 489--509","author":"Li Xurong","year":"2017","unstructured":"Xurong Li , Chunming Wu , Shouling Ji , Qinchen Gu , and Raheem Beyah . 2017 . HSTS Measurement and an Enhanced Stripping Attack Against HTTPS . In International Conference on Security and Privacy in Communication Systems. Springer, 489--509 . Xurong Li, Chunming Wu, Shouling Ji, Qinchen Gu, and Raheem Beyah. 2017. HSTS Measurement and an Enhanced Stripping Attack Against HTTPS. In International Conference on Security and Privacy in Communication Systems. Springer, 489--509."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.12"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"crossref","unstructured":"Meng Luo Pierre Laperdrix Nima Honarmand and Nick Nikiforakis. 2019. Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers. In NDSS.  Meng Luo Pierre Laperdrix Nima Honarmand and Nick Nikiforakis. 2019. Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers. In NDSS.","DOI":"10.14722\/ndss.2019.23149"},{"key":"e_1_3_2_2_49_1","volume-title":"https:\/\/moxie.org\/software\/sslsnif f\/. Accessed","author":"Marlinspike Moxie","year":"2019","unstructured":"Moxie Marlinspike . 2002. SSL Sniff Attack . https:\/\/moxie.org\/software\/sslsnif f\/. Accessed : Nov 4, 2019 . Moxie Marlinspike. 2002. SSLSniff Attack. https:\/\/moxie.org\/software\/sslsnif f\/. Accessed: Nov 4, 2019."},{"key":"e_1_3_2_2_50_1","unstructured":"Moxie Marlinspike. 2009. More tricks for defeating SSL in practice. Black Hat USA(2009).  Moxie Marlinspike. 2009. More tricks for defeating SSL in practice. Black Hat USA(2009)."},{"key":"e_1_3_2_2_51_1","volume-title":"SSL Strip Attack. https:\/\/moxie.org\/software\/sslstrip\/. Accessed","author":"Marlinspike Moxie","year":"2019","unstructured":"Moxie Marlinspike . 2009. SSL Strip Attack. https:\/\/moxie.org\/software\/sslstrip\/. Accessed : Nov 4, 2019 . Moxie Marlinspike. 2009. SSL Strip Attack. https:\/\/moxie.org\/software\/sslstrip\/. Accessed: Nov 4, 2019."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186091"},{"key":"e_1_3_2_2_53_1","volume-title":"Black Hat Conference, USA.","author":"Moixe Marlingspike","year":"2009","unstructured":"Marlingspike Moixe . 2009 . New tricks for defeating ssl in practice . In Black Hat Conference, USA. Marlingspike Moixe. 2009. New tricks for defeating ssl in practice. In Black Hat Conference, USA."},{"key":"e_1_3_2_2_54_1","unstructured":"Ivan Petrov Denis Peskov Gregory Coard Taejoong Chung David Choffnes Dave Levin Bruce M Maggs Alan Mislove and Christo Wilson. [n.d.]. Measuring the Rapid Growth of HSTS and HPKP Deployments. ([n. d.]).  Ivan Petrov Denis Peskov Gregory Coard Taejoong Chung David Choffnes Dave Levin Bruce M Maggs Alan Mislove and Christo Wilson. [n.d.]. Measuring the Rapid Growth of HSTS and HPKP Deployments. ([n. d.])."},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3143361.3143400"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2000. RFC 2818: Http over tls. (2000).  Eric Rescorla. 2000. RFC 2818: Http over tls. (2000).","DOI":"10.17487\/rfc2818"},{"key":"e_1_3_2_2_57_1","unstructured":"Ivan Ristic. 2013.Bulletproof SSL and TLS: Understanding and Deploying SSL\/TLS and PKI to Secure Servers and Web Applications. Feisty Duck.  Ivan Ristic. 2013.Bulletproof SSL and TLS: Understanding and Deploying SSL\/TLS and PKI to Secure Servers and Web Applications. Feisty Duck."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"crossref","unstructured":"Peter Saint-Andre and Jeff Hodges. 2011. RFC 6125: Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X. 509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). Internet Engineering Task Force (IETF) RFC(2011).  Peter Saint-Andre and Jeff Hodges. 2011. RFC 6125: Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X. 509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). Internet Engineering Task Force (IETF) RFC(2011).","DOI":"10.17487\/rfc6125"},{"key":"e_1_3_2_2_59_1","unstructured":"Jose Selvi. [n.d.]. Bypassing HTTP strict transport security. ([n. d.]).  Jose Selvi. [n.d.]. Bypassing HTTP strict transport security. ([n. d.])."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994620.2994638"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.49"},{"key":"e_1_3_2_2_62_1","volume-title":"International Conference on Financial Cryptography and Data Security. Springer, 250--259","author":"Soghoian Christopher","year":"2011","unstructured":"Christopher Soghoian and Sid Stamm . 2011 . Certified lies: Detecting and defeating government interception attacks against SSL (short paper) . In International Conference on Financial Cryptography and Data Security. Springer, 250--259 . Christopher Soghoian and Sid Stamm. 2011. Certified lies: Detecting and defeating government interception attacks against SSL (short paper). In International Conference on Financial Cryptography and Data Security. Springer, 250--259."},{"key":"e_1_3_2_2_63_1","unstructured":"speedguide. [n.d.]. Port 8443 Details. howpub=https:\/\/www.speedguide.net\/port.php?port=8443.  speedguide. [n.d.]. Port 8443 Details. howpub=https:\/\/www.speedguide.net\/port.php?port=8443."},{"key":"e_1_3_2_2_64_1","unstructured":"Joe Stewart. 2003. DNS cache poisoning--the next generation.  Joe Stewart. 2003. DNS cache poisoning--the next generation."},{"key":"e_1_3_2_2_65_1","volume-title":"DNS and BIND Security Issues. In Usenix Security Symposium.","author":"Vixie Paul","year":"1995","unstructured":"Paul Vixie . 1995 . DNS and BIND Security Issues. In Usenix Security Symposium. Paul Vixie. 1995. DNS and BIND Security Issues. In Usenix Security Symposium."},{"key":"e_1_3_2_2_66_1","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Zheng Xiaofeng","year":"2015","unstructured":"Xiaofeng Zheng , Jian Jiang , Jinjin Liang , Haixin Duan , Shuo Chen , Tao Wan , and Nicholas Weaver . 2015 . Cookies lack integrity: Real-world implications . In 24th USENIX Security Symposium (USENIX Security 15) . 707--721. Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan, Shuo Chen, Tao Wan, and Nicholas Weaver. 2015. Cookies lack integrity: Real-world implications. In 24th USENIX Security Symposium (USENIX Security 15). 707--721."}],"event":{"name":"CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event USA","acronym":"CCS '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3417252","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3372297.3417252","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:30Z","timestamp":1750197690000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3417252"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,30]]},"references-count":66,"alternative-id":["10.1145\/3372297.3417252","10.1145\/3372297"],"URL":"https:\/\/doi.org\/10.1145\/3372297.3417252","relation":{},"subject":[],"published":{"date-parts":[[2020,10,30]]},"assertion":[{"value":"2020-11-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}