{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:05:13Z","timestamp":1750309513478,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"MUR PNRR funded by the European Union under NextGenerationEU","award":["PE00000014"],"award-info":[{"award-number":["PE00000014"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678931","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"65-76","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Hidden Web Caches Discovery"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8743-0825","authenticated-orcid":false,"given":"Matteo","family":"Golinelli","sequence":"first","affiliation":[{"name":"Department of Information Engineering and Computer Science, University of Trento, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1252-8465","authenticated-orcid":false,"given":"Bruno","family":"Crispo","sequence":"additional","affiliation":[{"name":"Department of Information Engineering and Computer Science, University of Trento, Italy"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102140"},{"key":"e_1_3_2_1_2_1","unstructured":"Daniel\u00a0J Bernstein. 2005. Cache-timing attacks on AES. (2005)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","unstructured":"Mike Bishop. 2022. HTTP\/3. RFC 9114. https:\/\/doi.org\/10.17487\/RFC9114","DOI":"10.17487\/RFC9114"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242656"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/2041225.2041252"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2005.01.010"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978394"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455526.1455530"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/10721064_15"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352606"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","unstructured":"Roy\u00a0T. Fielding Mark Nottingham and Julian Reschke. 2022. HTTP Semantics. RFC 9110. https:\/\/doi.org\/10.17487\/RFC9110","DOI":"10.17487\/RFC9110"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813688"},{"key":"e_1_3_2_1_13_1","unstructured":"Omer Gil. 2017. Web Cache Deception Attack. https:\/\/omergil.blogspot.com\/2017\/02\/web-cache-deception-attack.html."},{"key":"e_1_3_2_1_14_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Goethem Tom\u00a0Van","year":"2020","unstructured":"Tom\u00a0Van Goethem, Christina P\u00f6pper, Wouter Joosen, and Mathy Vanhoef. 2020. Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1985\u20132002. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/van-goethem"},{"key":"e_1_3_2_1_15_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Goethem Tom\u00a0Van","year":"2020","unstructured":"Tom\u00a0Van Goethem, Christina P\u00f6pper, Wouter Joosen, and Mathy Vanhoef. 2020. Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1985\u20132002. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/van-goethem"},{"key":"e_1_3_2_1_16_1","volume-title":"Mind the CORS. (Nov","author":"Golinelli Matteo","year":"2023","unstructured":"Matteo Golinelli, Elham Arshad, Dmytro Kashchuk, and Bruno Crispo. 2023. Mind the CORS. (Nov. 2023)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2014.103"},{"key":"e_1_3_2_1_18_1","unstructured":"James Kettle. 2018. Practical Web Cache Poisoning. PortSwigger Web Security Blog. https:\/\/portswigger.net\/blog\/practical-web-cache-poisoning."},{"key":"e_1_3_2_1_19_1","unstructured":"James Kettle. 2020. Web Cache Entanglement: Novel Pathways to Poisoning. PortSwigger Research. https:\/\/portswigger.net\/research\/web-cache-entanglement."},{"volume-title":"RSA, DSS, and Other Systems. In Advances in Cryptology \u2014 CRYPTO \u201996","author":"Kocher C.","key":"e_1_3_2_1_20_1","unstructured":"Paul\u00a0C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology \u2014 CRYPTO \u201996, Neal Koblitz (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 104\u2013113."},{"key":"e_1_3_2_1_21_1","volume-title":"Cached and Confused: Web Cache Deception in the Wild. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Mirheidari Seyed\u00a0Ali","year":"2020","unstructured":"Seyed\u00a0Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. 2020. Cached and Confused: Web Cache Deception in the Wild. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 665\u2013682. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/mirheidari"},{"key":"e_1_3_2_1_22_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Mirheidari Seyed\u00a0Ali","year":"2022","unstructured":"Seyed\u00a0Ali Mirheidari, Matteo Golinelli, Kaan Onarlioglu, Engin Kirda, and Bruno Crispo. 2022. Web Cache Deception Escalates!. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 179\u2013196. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/mirheidari"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354215"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243796"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44499-8_8"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1524\/strm.2002.20.14.191"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70972-7_13"},{"key":"e_1_3_2_1_29_1","volume-title":"12th USENIX Workshop on Offensive Technologies (WOOT 18)","author":"Smith Michael","year":"2018","unstructured":"Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, and Deian Stefan. 2018. Browser history re:visited. In 12th USENIX Workshop on Offensive Technologies (WOOT 18). USENIX Association, Baltimore, MD. https:\/\/www.usenix.org\/conference\/woot18\/presentation\/smith"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","unstructured":"Martin Thomson and Cory Benfield. 2022. HTTP\/2. RFC 9113. https:\/\/doi.org\/10.17487\/RFC9113","DOI":"10.17487\/RFC9113"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813632"},{"key":"e_1_3_2_1_32_1","volume-title":"Computer Security \u2013 ESORICS","author":"Vanderlinden Vik","year":"2023","unstructured":"Vik Vanderlinden, Tom\u00a0Van Goethem, and Mathy Vanhoef. 2024. Time Will Tell: Exploiting Timing Leaks Using HTTP Response Headers. In Computer Security \u2013 ESORICS 2023, Gene Tsudik, Mauro Conti, Kaitai Liang, and Georgios Smaragdakis (Eds.). Springer Nature Switzerland, Cham, 3\u201322."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2023.23087"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID '24","location":"Padua Italy"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678931","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678931","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678931"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":33,"alternative-id":["10.1145\/3678890.3678931","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678931","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}