{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:51:46Z","timestamp":1778169106584,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,30]],"date-time":"2022-05-30T00:00:00Z","timestamp":1653868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Horizon 2020","award":["101019206"],"award-info":[{"award-number":["101019206"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,30]]},"DOI":"10.1145\/3488932.3517416","type":"proceedings-article","created":{"date-parts":[[2022,5,24]],"date-time":"2022-05-24T04:23:26Z","timestamp":1653366206000},"page":"784-798","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["SoK"],"prefix":"10.1145","author":[{"given":"Tom","family":"Van Goethem","sequence":"first","affiliation":[{"name":"imec-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gertjan","family":"Franken","sequence":"additional","affiliation":[{"name":"imec-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Iskander","family":"Sanchez-Rola","sequence":"additional","affiliation":[{"name":"Norton Research Labs, Tempe, AZ, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Dworken","sequence":"additional","affiliation":[{"name":"Google, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[{"name":"imec-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,5,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.44"},{"key":"e_1_3_2_1_2_1","unstructured":"Lukasz Anforowicz. 2019. CORB vs side channels. https:\/\/docs.google.com\/document\/d\/1kdqstoT1uH5JafGmRXrtKE4yVfjUVmXitjcvJ4tbBvM\/edit.  Lukasz Anforowicz. 2019. CORB vs side channels. https:\/\/docs.google.com\/document\/d\/1kdqstoT1uH5JafGmRXrtKE4yVfjUVmXitjcvJ4tbBvM\/edit."},{"key":"e_1_3_2_1_3_1","unstructured":"David Baron. 2002. :visited support allows queries into global history. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=147777.  David Baron. 2002. :visited support allows queries into global history. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=147777."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242656"},{"key":"e_1_3_2_1_5_1","volume-title":"Feature: Cookies default to SameSite=Lax. https:\/\/www.chromestatus.com\/feature\/5088147346030592.","author":"Status Chrome Platform","year":"2021","unstructured":"Chrome Platform Status . 2021 . Feature: Cookies default to SameSite=Lax. https:\/\/www.chromestatus.com\/feature\/5088147346030592. Chrome Platform Status. 2021. Feature: Cookies default to SameSite=Lax. https:\/\/www.chromestatus.com\/feature\/5088147346030592."},{"key":"e_1_3_2_1_6_1","unstructured":"Chromium bugs. 2018. Issue 843157: Security: leak cross-window request timing by exhausting connection pool. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=843157.  Chromium bugs. 2018. Issue 843157: Security: leak cross-window request timing by exhausting connection pool. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=843157."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352606"},{"key":"e_1_3_2_1_8_1","volume-title":"Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems. In 2021 IEEE Symposium on Security and Privacy. IEEE, 247--264","author":"Franken Gertjan","unstructured":"Gertjan Franken , Tom Van Goethem , and Wouter Joosen . [n.d.]. Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems. In 2021 IEEE Symposium on Security and Privacy. IEEE, 247--264 . Gertjan Franken, Tom Van Goethem, and Wouter Joosen. [n.d.]. Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems. In 2021 IEEE Symposium on Security and Privacy. IEEE, 247--264."},{"key":"e_1_3_2_1_9_1","unstructured":"Brent Fulgham. 2018. Protecting Against HSTS Abuse. https:\/\/webkit.org\/blog\/8146\/protecting-against-hsts-abuse\/.  Brent Fulgham. 2018. Protecting Against HSTS Abuse. https:\/\/webkit.org\/blog\/8146\/protecting-against-hsts-abuse\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813688"},{"key":"e_1_3_2_1_11_1","unstructured":"Luan Herrera. 2018. XS-Searching Google's bug tracker to find out vulnerable source code. https:\/\/medium.com\/@luanherrera\/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549.  Luan Herrera. 2018. XS-Searching Google's bug tracker to find out vulnerable source code. https:\/\/medium.com\/@luanherrera\/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549."},{"key":"e_1_3_2_1_12_1","unstructured":"Luan Herrera. 2021. XS-Leaks in redirect flows. https:\/\/docs.google.com\/presentation\/d\/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og\/.  Luan Herrera. 2021. XS-Leaks in redirect flows. https:\/\/docs.google.com\/presentation\/d\/1rlnxXUYHY9CHgCMckZsCGH4VopLo4DYMvAcOltma0og\/."},{"key":"e_1_3_2_1_13_1","volume-title":"Information Leaks via Safari's Intelligent Tracking Prevention. arXiv preprint arXiv:2001.07421","author":"Janc Artur","year":"2020","unstructured":"Artur Janc , Krzysztof Kotowicz , Lukas Weichselbaum , and Roberto Clapis . 2020. Information Leaks via Safari's Intelligent Tracking Prevention. arXiv preprint arXiv:2001.07421 ( 2020 ). Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, and Roberto Clapis. 2020. Information Leaks via Safari's Intelligent Tracking Prevention. arXiv preprint arXiv:2001.07421 (2020)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23104"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991080"},{"key":"e_1_3_2_1_16_1","unstructured":"Eiji Kitamura. 2021. Load cross-origin resources without CORP headers using COEP: credentialless. https:\/\/developer.chrome.com\/blog\/coep-credentialless-origin-trial\/.  Eiji Kitamura. 2021. Load cross-origin resources without CORP headers using COEP: credentialless. https:\/\/developer.chrome.com\/blog\/coep-credentialless-origin-trial\/."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23186"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484739"},{"key":"e_1_3_2_1_19_1","volume-title":"26th USENIX Security Symposium. 69--81","author":"Kohlbrenner David","year":"2017","unstructured":"David Kohlbrenner and Hovav Shacham . 2017 . On the effectiveness of mitigations against floating-point timing channels . In 26th USENIX Security Symposium. 69--81 . David Kohlbrenner and Hovav Shacham. 2017. On the effectiveness of mitigations against floating-point timing channels. In 26th USENIX Security Symposium. 69--81."},{"key":"e_1_3_2_1_20_1","volume-title":"30th USENIX Security Symposium.","author":"Laperdrix Pierre","year":"2021","unstructured":"Pierre Laperdrix , Oleksii Starov , Quan Chen , Alexandros Kapravelos , and Nick Nikiforakis . 2021 . Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets . In 30th USENIX Security Symposium. Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, and Nick Nikiforakis. 2021. Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets. In 30th USENIX Security Symposium."},{"key":"e_1_3_2_1_21_1","unstructured":"Stuart Larsen. 2020. Filtering the Crap Content Security Policy (CSP) Reports. https:\/\/csper.io\/blog\/csp-report-filtering.  Stuart Larsen. 2020. Filtering the Crap Content Security Policy (CSP) Reports. https:\/\/csper.io\/blog\/csp-report-filtering."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243867"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23027"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831189"},{"key":"e_1_3_2_1_25_1","unstructured":"Ron Masas. 2018. Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends. https:\/\/www.imperva.com\/blog\/facebook-privacy-bug\/.  Ron Masas. 2018. Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends. https:\/\/www.imperva.com\/blog\/facebook-privacy-bug\/."},{"key":"e_1_3_2_1_26_1","unstructured":"Ron Masas. 2019. A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. https:\/\/www.imperva.com\/blog\/mapping-communication-between-facebook-accounts-using-a-browser-based-side-channel-attack\/.  Ron Masas. 2019. A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. https:\/\/www.imperva.com\/blog\/mapping-communication-between-facebook-accounts-using-a-browser-based-side-channel-attack\/."},{"key":"e_1_3_2_1_27_1","unstructured":"Matt Menke. 2020. Storage Isolation Project. https:\/\/docs.google.com\/document\/d\/1V8sFDCEYTXZmwKa_qWUfTVNAuBcPsu6FC0PhqMD6KKQ\/.  Matt Menke. 2020. Storage Isolation Project. https:\/\/docs.google.com\/document\/d\/1V8sFDCEYTXZmwKa_qWUfTVNAuBcPsu6FC0PhqMD6KKQ\/."},{"key":"e_1_3_2_1_28_1","unstructured":"Rowan Merewood. 2019. SameSite cookies explained. https:\/\/web.dev\/samesite-cookies-explained\/.  Rowan Merewood. 2019. SameSite cookies explained. https:\/\/web.dev\/samesite-cookies-explained\/."},{"key":"e_1_3_2_1_29_1","unstructured":"Mozilla Developer Network. 2021 a. Cross-Origin Opener Policy (COOP). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Cross-Origin-Opener-Policy.  Mozilla Developer Network. 2021 a. Cross-Origin Opener Policy (COOP). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Cross-Origin-Opener-Policy."},{"key":"e_1_3_2_1_30_1","unstructured":"Mozilla Developer Network. 2021 b. Cross-Origin Resource Policy (CORP). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Cross-Origin_Resource_Policy_(CORP).  Mozilla Developer Network. 2021 b. Cross-Origin Resource Policy (CORP). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Cross-Origin_Resource_Policy_(CORP)."},{"key":"e_1_3_2_1_31_1","unstructured":"Mozilla Developer Network and Jesse Ruderman. 2020. Same-origin policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy.  Mozilla Developer Network and Jesse Ruderman. 2020. Same-origin policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813708"},{"key":"e_1_3_2_1_33_1","volume-title":"Playing Fetch: New XS-Leak exploits browser redirects to break user privacy. https:\/\/portswigger.net\/daily-swig\/playing-fetch-new-xs-leak-exploits-browser-redirects-to-break-user-privacy.","author":"Osborne Charlie","year":"2021","unstructured":"Charlie Osborne . 2021 . Playing Fetch: New XS-Leak exploits browser redirects to break user privacy. https:\/\/portswigger.net\/daily-swig\/playing-fetch-new-xs-leak-exploits-browser-redirects-to-break-user-privacy. Charlie Osborne. 2021. Playing Fetch: New XS-Leak exploits browser redirects to break user privacy. https:\/\/portswigger.net\/daily-swig\/playing-fetch-new-xs-leak-exploits-browser-redirects-to-break-user-privacy."},{"key":"e_1_3_2_1_34_1","volume-title":"28th USENIX Security Symposium. 1661--1678","author":"Reis Charles","year":"2019","unstructured":"Charles Reis , Alexander Moshchuk , and Nasko Oskov . 2019 . Site isolation: process separation for web sites within the browser . In 28th USENIX Security Symposium. 1661--1678 . Charles Reis, Alexander Moshchuk, and Nasko Oskov. 2019. Site isolation: process separation for web sites within the browser. In 28th USENIX Security Symposium. 1661--1678."},{"key":"e_1_3_2_1_35_1","unstructured":"Renwa. 2020. Bypass SameSite Cookies Default to Lax and get CSRF. https:\/\/medium.com\/@renwa\/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b.  Renwa. 2020. Bypass SameSite Cookies Default to Lax and get CSRF. https:\/\/medium.com\/@renwa\/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359803"},{"key":"e_1_3_2_1_37_1","volume-title":"Cookies from the Past: Timing Server-Side Request Processing Code for History Sniffing. ACM Dgital Threats: Research and Practice Journal (DTRAP)","author":"Sanchez-Rola Iskander","year":"2020","unstructured":"Iskander Sanchez-Rola , Davide Balzarotti , and Igor Santos . 2020. Cookies from the Past: Timing Server-Side Request Processing Code for History Sniffing. ACM Dgital Threats: Research and Practice Journal (DTRAP) ( 2020 ). Iskander Sanchez-Rola, Davide Balzarotti, and Igor Santos. 2020. Cookies from the Past: Timing Server-Side Request Processing Code for History Sniffing. ACM Dgital Threats: Research and Practice Journal (DTRAP) (2020)."},{"key":"e_1_3_2_1_38_1","volume-title":"26th USENIX Security Symposium. 679--694","author":"Sanchez-Rola Iskander","year":"2017","unstructured":"Iskander Sanchez-Rola , Igor Santos , and Davide Balzarotti . 2017 . Extension breakdown: Security analysis of browsers extension resources control policies . In 26th USENIX Security Symposium. 679--694 . Iskander Sanchez-Rola, Igor Santos, and Davide Balzarotti. 2017. Extension breakdown: Security analysis of browsers extension resources control policies. In 26th USENIX Security Symposium. 679--694."},{"key":"e_1_3_2_1_39_1","volume-title":"26th USENIX Security Symposium. 1357--1374","author":"Schuster Roei","year":"2017","unstructured":"Roei Schuster , Vitaly Shmatikov , and Eran Tromer . 2017 . Beauty and the burst: Remote identification of encrypted video streams . In 26th USENIX Security Symposium. 1357--1374 . Roei Schuster, Vitaly Shmatikov, and Eran Tromer. 2017. Beauty and the burst: Remote identification of encrypted video streams. In 26th USENIX Security Symposium. 1357--1374."},{"key":"e_1_3_2_1_40_1","volume-title":"26th USENIX Security Symposium. 713--727","author":"Schwenk J\u00f6rg","year":"2017","unstructured":"J\u00f6rg Schwenk , Marcus Niemietz , and Christian Mainka . 2017 . Same-origin policy: Evaluation in modern browsers . In 26th USENIX Security Symposium. 713--727 . J\u00f6rg Schwenk, Marcus Niemietz, and Christian Mainka. 2017. Same-origin policy: Evaluation in modern browsers. In 26th USENIX Security Symposium. 713--727."},{"key":"e_1_3_2_1_41_1","volume-title":"30th USENIX Security Symposium.","author":"Shusterman Anatoly","year":"2021","unstructured":"Anatoly Shusterman , Ayush Agarwal , Sioli O'Connell , Daniel Genkin , Yossi Oren , and Yuval Yarom . 2021 . Prime Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses . In 30th USENIX Security Symposium. Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, and Yuval Yarom. 2021. Prime Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses. In 30th USENIX Security Symposium."},{"key":"e_1_3_2_1_42_1","volume-title":"28th USENIX Security Symposium. 639--656","author":"Shusterman Anatoly","year":"2019","unstructured":"Anatoly Shusterman , Lachlan Kang , Yarden Haskal , Yosef Meltser , Prateek Mittal , Yossi Oren , and Yuval Yarom . 2019 . Robust website fingerprinting through the cache occupancy channel . In 28th USENIX Security Symposium. 639--656 . Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom. 2019. Robust website fingerprinting through the cache occupancy channel. In 28th USENIX Security Symposium. 639--656."},{"key":"e_1_3_2_1_43_1","volume-title":"12th USENIX Workshop on Offensive Technologies (WOOT 18)","author":"Smith Michael","year":"2018","unstructured":"Michael Smith , Craig Disselkoen , Shravan Narayan , Fraser Brown , and Deian Stefan . 2018 . Browser history re: visited . In 12th USENIX Workshop on Offensive Technologies (WOOT 18) . Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, and Deian Stefan. 2018. Browser history re: visited. In 12th USENIX Workshop on Offensive Technologies (WOOT 18)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Konstantinos Solomos John Kristoff Chris Kanich and Jason Polakis. 2021. Persistent Tracking in Modern Browsers. (2021).  Konstantinos Solomos John Kristoff Chris Kanich and Jason Polakis. 2021. Persistent Tracking in Modern Browsers. (2021).","DOI":"10.14722\/ndss.2021.24202"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00058"},{"key":"e_1_3_2_1_46_1","volume-title":"Roberto Clapis, David Dworken, and NDevTK.","author":"Sousa Manuel","year":"2020","unstructured":"Manuel Sousa , terjanq , Roberto Clapis, David Dworken, and NDevTK. 2020 . XS-Leaks Wiki . https:\/\/xsleaks.dev\/. Manuel Sousa, terjanq, Roberto Clapis, David Dworken, and NDevTK. 2020. XS-Leaks Wiki. https:\/\/xsleaks.dev\/."},{"key":"e_1_3_2_1_47_1","volume-title":"28th USENIX Security Symposium. 923--939","author":"Staicu Cristian-Alexandru","year":"2019","unstructured":"Cristian-Alexandru Staicu and Michael Pradel . 2019 . Leaky images: Targeted privacy attacks in the web . In 28th USENIX Security Symposium. 923--939 . Cristian-Alexandru Staicu and Michael Pradel. 2019. Leaky images: Targeted privacy attacks in the web. In 28th USENIX Security Symposium. 923--939."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.18"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","unstructured":"Avinash Sudhodanan Soheil Khodayari and Juan Caballero. 2019. Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks. arXiv preprint arXiv:1908.02204(2019).  Avinash Sudhodanan Soheil Khodayari and Juan Caballero. 2019. Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks. arXiv preprint arXiv:1908.02204(2019).","DOI":"10.14722\/ndss.2020.24278"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274708"},{"key":"e_1_3_2_1_51_1","unstructured":"terjanq. 2019. Mass XS-Search using Cache Attack. https:\/\/terjanq.github.io\/Bug-Bounty\/Google\/cache-attack-06jd2d2mz2r0\/index.html.  terjanq. 2019. Mass XS-Search using Cache Attack. https:\/\/terjanq.github.io\/Bug-Bounty\/Google\/cache-attack-06jd2d2mz2r0\/index.html."},{"key":"e_1_3_2_1_52_1","volume-title":"11th USENIX Workshop on Offensive Technologies (WOOT 17)","author":"Goethem Tom Van","year":"2017","unstructured":"Tom Van Goethem and Wouter Joosen . 2017 . One side-channel to bring them all and in the darkness bind them: Associating isolated browsing sessions . In 11th USENIX Workshop on Offensive Technologies (WOOT 17) . Tom Van Goethem and Wouter Joosen. 2017. One side-channel to bring them all and in the darkness bind them: Associating isolated browsing sessions. In 11th USENIX Workshop on Offensive Technologies (WOOT 17)."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813632"},{"key":"e_1_3_2_1_54_1","volume-title":"29th USENIX Security Symposium. 1985--2002","author":"Goethem Tom Van","year":"2020","unstructured":"Tom Van Goethem , Christina P\u00f6pper , Wouter Joosen , and Mathy Vanhoef . 2020 . Timeless timing attacks: Exploiting concurrency to leak secrets over remote connections . In 29th USENIX Security Symposium. 1985--2002 . Tom Van Goethem, Christina P\u00f6pper, Wouter Joosen, and Mathy Vanhoef. 2020. Timeless timing attacks: Exploiting concurrency to leak secrets over remote connections. In 29th USENIX Security Symposium. 1985--2002."},{"key":"e_1_3_2_1_55_1","volume-title":"25th USENIX Security Symposium. 447--462","author":"Goethem Tom Van","year":"2016","unstructured":"Tom Van Goethem , Mathy Vanhoef , Frank Piessens , and Wouter Joosen . 2016 . Request and conquer: Exposing cross-origin resource size . In 25th USENIX Security Symposium. 447--462 . Tom Van Goethem, Mathy Vanhoef, Frank Piessens, and Wouter Joosen. 2016. Request and conquer: Exposing cross-origin resource size. In 25th USENIX Security Symposium. 447--462."},{"key":"e_1_3_2_1_56_1","volume-title":"26th USENIX Security Symposium. 849--864","author":"Vila Pepe","year":"2017","unstructured":"Pepe Vila and Boris K\u00f6pf . 2017 . Loophole: Timing attacks on shared event loops in chrome . In 26th USENIX Security Symposium. 849--864 . Pepe Vila and Boris K\u00f6pf. 2017. Loophole: Timing attacks on shared event loops in chrome. In 26th USENIX Security Symposium. 849--864."},{"key":"e_1_3_2_1_57_1","unstructured":"WebKit. 2013. Optionally partition cache to prevent using cache for tracking. https:\/\/bugs.webkit.org\/show_bug.cgi?id=110269 .  WebKit. 2013. Optionally partition cache to prevent using cache for tracking. https:\/\/bugs.webkit.org\/show_bug.cgi?id=110269 ."},{"key":"e_1_3_2_1_58_1","unstructured":"WHATWG. 2021. HTML Living Standard. 4.8.5 The iframe element. https:\/\/html.spec.whatwg.org\/multipage\/iframe-embed-object.html#attr-iframe-name.  WHATWG. 2021. HTML Living Standard. 4.8.5 The iframe element. https:\/\/html.spec.whatwg.org\/multipage\/iframe-embed-object.html#attr-iframe-name."},{"key":"e_1_3_2_1_59_1","unstructured":"XS-Leaks Wiki. 2020 a. Cache Probing. https:\/\/xsleaks.dev\/docs\/attacks\/cache-probing\/.  XS-Leaks Wiki. 2020 a. Cache Probing. https:\/\/xsleaks.dev\/docs\/attacks\/cache-probing\/."},{"key":"e_1_3_2_1_60_1","unstructured":"XS-Leaks Wiki. 2020 b. CORP Leaks. https:\/\/xsleaks.dev\/docs\/attacks\/browser-features\/corp\/.  XS-Leaks Wiki. 2020 b. CORP Leaks. https:\/\/xsleaks.dev\/docs\/attacks\/browser-features\/corp\/."},{"key":"e_1_3_2_1_61_1","unstructured":"XS-Leaks Wiki. 2020 c. Cross-Origin-Opener-Policy. https:\/\/xsleaks.dev\/docs\/defenses\/opt-in\/coop\/.  XS-Leaks Wiki. 2020 c. Cross-Origin-Opener-Policy. https:\/\/xsleaks.dev\/docs\/defenses\/opt-in\/coop\/."},{"key":"e_1_3_2_1_62_1","unstructured":"XS-Leaks Wiki. 2020 d. Error Events. https:\/\/xsleaks.dev\/docs\/attacks\/error-events\/.  XS-Leaks Wiki. 2020 d. Error Events. https:\/\/xsleaks.dev\/docs\/attacks\/error-events\/."},{"key":"e_1_3_2_1_63_1","unstructured":"XS-Leaks Wiki. 2020 e. Frame Counting. https:\/\/xsleaks.dev\/docs\/attacks\/frame-counting\/.  XS-Leaks Wiki. 2020 e. Frame Counting. https:\/\/xsleaks.dev\/docs\/attacks\/frame-counting\/."},{"key":"e_1_3_2_1_64_1","unstructured":"XS-Leaks Wiki. 2020 f. ID Attribute. https:\/\/xsleaks.dev\/docs\/attacks\/id-attribute\/.  XS-Leaks Wiki. 2020 f. ID Attribute. https:\/\/xsleaks.dev\/docs\/attacks\/id-attribute\/."},{"key":"e_1_3_2_1_65_1","unstructured":"XS-Leaks Wiki. 2020 g. Navigations. https:\/\/xsleaks.dev\/docs\/attacks\/navigations\/.  XS-Leaks Wiki. 2020 g. Navigations. https:\/\/xsleaks.dev\/docs\/attacks\/navigations\/."},{"key":"e_1_3_2_1_66_1","unstructured":"XS-Leaks Wiki. 2020 h. postMessage Broadcasts. https:\/\/xsleaks.dev\/docs\/attacks\/postmessage-broadcasts\/.  XS-Leaks Wiki. 2020 h. postMessage Broadcasts. https:\/\/xsleaks.dev\/docs\/attacks\/postmessage-broadcasts\/."},{"key":"e_1_3_2_1_67_1","unstructured":"XS-Leaks Wiki. 2020 i. Resource Isolation Policy. https:\/\/xsleaks.dev\/docs\/defenses\/isolation-policies\/resource-isolation\/.  XS-Leaks Wiki. 2020 i. Resource Isolation Policy. https:\/\/xsleaks.dev\/docs\/defenses\/isolation-policies\/resource-isolation\/."},{"key":"e_1_3_2_1_68_1","unstructured":"XS-Leaks Wiki. 2020 j. X-Frame-Options and Status Type Detector. https:\/\/xsleaks.github.io\/xsleaks\/examples\/x-frame\/index.html.  XS-Leaks Wiki. 2020 j. X-Frame-Options and Status Type Detector. https:\/\/xsleaks.github.io\/xsleaks\/examples\/x-frame\/index.html."}],"event":{"name":"ASIA CCS '22: ACM Asia Conference on Computer and Communications Security","location":"Nagasaki Japan","acronym":"ASIA CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3517416","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3488932.3517416","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:30Z","timestamp":1750193310000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3517416"}},"subtitle":["Exploring Current and Future Research Directions on XS-Leaks through an Extended Formal Model"],"short-title":[],"issued":{"date-parts":[[2022,5,30]]},"references-count":68,"alternative-id":["10.1145\/3488932.3517416","10.1145\/3488932"],"URL":"https:\/\/doi.org\/10.1145\/3488932.3517416","relation":{},"subject":[],"published":{"date-parts":[[2022,5,30]]},"assertion":[{"value":"2022-05-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}