{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:05:56Z","timestamp":1750309556832,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,28]]},"DOI":"10.1145\/3696410.3714887","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T22:47:11Z","timestamp":1745362031000},"page":"4832-4840","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Least Privilege Access for Persistent Storage Mechanisms in Web Browsers"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1842-9353","authenticated-orcid":false,"given":"Gayatri Priyadarsini","family":"Kancherla","sequence":"first","affiliation":[{"name":"Indian Institute of Technology Gandhinagar, Gandhinagar, India"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-7577-6394","authenticated-orcid":false,"given":"Dishank","family":"Goel","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology Gandhinagar, Gandhinagar, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3075-2743","authenticated-orcid":false,"given":"Abhishek","family":"Bichhawat","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology Gandhinagar, Gandhinagar, India"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Burp suite - application security testing software - portswigger. https:\/\/portswigger.net\/burp."},{"key":"e_1_3_2_1_2_1","unstructured":"Cookies having independent partitioned state (chips) - chrome developers. https:\/\/developer.chrome.com\/en\/docs\/privacy-sandbox\/chips\/."},{"key":"e_1_3_2_1_3_1","unstructured":"https:\/\/easylist-downloads.adblockplus.org\/easylist_noadult.txt. https:\/\/easylistdownloads.adblockplus.org\/easylist_noadult.txt."},{"key":"e_1_3_2_1_4_1","unstructured":"Myonetrust | cookie consent articles. https:\/\/my.onetrust.com\/s\/topic\/0TO1Q000000ItRyWAK\/cookie-consent?language=en_US. (Accessed on 09\/01\/2024)."},{"key":"e_1_3_2_1_5_1","unstructured":"Rfc 6265: Http state management mechanism - third party cookies. https:\/\/www.rfc-editor.org\/rfc\/rfc6265#section-7.1."},{"key":"e_1_3_2_1_6_1","unstructured":"Secure cookie attribute | owasp foundation. https:\/\/owasp.org\/www-community\/controls\/SecureCookieAttribute."},{"key":"e_1_3_2_1_7_1","volume-title":"https:\/\/gitlab.gnome.org\/GNOME\/meld","author":"Meld","year":"2023","unstructured":"Meld - visual diff and merge tool. https:\/\/gitlab.gnome.org\/GNOME\/meld, 2023."},{"key":"e_1_3_2_1_8_1","volume-title":"https:\/\/dev.to\/rdegges\/pleasestop-using-local-storage-1i04","author":"Please","year":"2023","unstructured":"Please stop using local storage - dev community. https:\/\/dev.to\/rdegges\/pleasestop-using-local-storage-1i04, 2023."},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/firefox-source-docs.mozilla.org\/testing\/marionette\/Testing.html","author":"Testing","year":"2023","unstructured":"Testing - firefox source docs documentation. https:\/\/firefox-source-docs.mozilla.org\/testing\/marionette\/Testing.html, 2023."},{"key":"e_1_3_2_1_10_1","volume-title":"May","author":"Web","year":"2023","unstructured":"Web storage api. https:\/\/html.spec.whatwg.org\/multipage\/webstorage.html, May 2023."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2022.23005"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3623382"},{"key":"e_1_3_2_1_13_1","unstructured":"Anudeep. Curated hostfile to block trackers and advertisements. https:\/\/github.com\/anudeepND\/blacklist."},{"key":"e_1_3_2_1_14_1","volume-title":"IEEE Symposium on Security and Privacy","author":"Bahrami P. N.","year":"2024","unstructured":"Bahrami, P. N., Fass, A., and Shafiq, Z. Poster: Cookieguard: Isolating first party cookies using cookieguard. IEEE Symposium on Security and Privacy (2024)."},{"key":"e_1_3_2_1_15_1","volume-title":"HTTP State Management Mechanism. RFC","author":"Barth A.","year":"2011","unstructured":"Barth, A. HTTP State Management Mechanism. RFC 6265, Apr. 2011."},{"key":"e_1_3_2_1_16_1","volume-title":"The Web Origin Concept. RFC","author":"Barth A.","year":"2011","unstructured":"Barth, A. The Web Origin Concept. RFC 6454, Dec. 2011."},{"key":"e_1_3_2_1_17_1","volume":"0","author":"Bell","year":"2023","unstructured":"Bell, J. Indexed Database API 3.0, Dec 2023.","journal-title":"J. Indexed Database API 3"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2869251"},{"key":"e_1_3_2_1_19_1","volume-title":"Cookies: HTTP State Management Mechanism draft-ietf-httpbis-rfc6265bis-15. RFC","author":"Bingler S.","year":"2024","unstructured":"Bingler, S., West, M., and Wilander, J. Cookies: HTTP State Management Mechanism draft-ietf-httpbis-rfc6265bis-15. RFC 6265, July 2024."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2022-0012"},{"key":"e_1_3_2_1_21_1","first-page":"2117","volume-title":"Proceedings of the Web Conference 2021 (New York, NY, USA, 2021), WWW '21, Association for Computing Machinery","author":"Chen Q.","unstructured":"Chen, Q., Ilia, P., Polychronakis, M., and Kapravelos, A. Cookie swap party: Abusing first-party cookies for web tracking. In Proceedings of the Web Conference 2021 (New York, NY, USA, 2021), WWW '21, Association for Computing Machinery, p. 2117--2129."},{"key":"e_1_3_2_1_22_1","unstructured":"Corporation M. Mitigating cross-site scripting with http-only cookies. http:\/\/msdn.microsoft.com\/en-us\/library\/ms533046(VS.85).aspx 2002."},{"key":"e_1_3_2_1_23_1","volume-title":"Nov.","author":"Cutler D. J.","year":"2022","unstructured":"Cutler, D. J. Cookies Having Independent Partitioned State specification, Nov. 2022."},{"key":"e_1_3_2_1_24_1","series-title":"Lecture Notes in Informatics (LNI)","first-page":"19","volume-title":"GI SICHERHEIT","author":"Demir N.","year":"2022","unstructured":"Demir, N., Theis, D., Urban, T., Pohlmann, N., and Pohlmann, N. Towards understanding first-party cookie tracking in the field. In GI SICHERHEIT 2022, Ed.: C.Wressnegger (2022), vol. P-323 of Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), Gesellschaft f\u00fcr Informatik (GI), pp. 19--34."},{"key":"e_1_3_2_1_25_1","volume-title":"Client-side storage","author":"Docs M. W.","year":"2024","unstructured":"Docs, M. W. Client-side storage, 2024."},{"key":"e_1_3_2_1_26_1","first-page":"1953","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2020), CCS '20, Association for Computing Machinery","author":"Drakonakis K.","unstructured":"Drakonakis, K., Ioannidis, S., and Polakis, J. The cookie hunter: Automated black-box auditing for web authentication and authorization flaws. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2020), CCS '20, Association for Computing Machinery, p. 1953--1970."},{"key":"e_1_3_2_1_27_1","unstructured":"Europe I. Tcf -- transparency & consent framework - iab europe. https:\/\/iabeurope.eu\/transparency-consent-framework\/."},{"key":"e_1_3_2_1_28_1","unstructured":"European Parliament and Council of the European Union. Directive 2002\/58\/EC of the European parliament and of the council 2002."},{"key":"e_1_3_2_1_29_1","unstructured":"European Parliament and Council of the European Union. Regulation (EU) 2016\/679 of the European Parliament and of the Council 2016."},{"key":"e_1_3_2_1_30_1","unstructured":"Foundation O. Cross site request forgery (csrf). https:\/\/owasp.org\/wwwcommunity\/attacks\/csrf."},{"key":"e_1_3_2_1_31_1","first-page":"710","volume-title":"Proceedings of the ACM Web Conference 2022 (New York, NY, USA, 2022), WWW '22, Association for Computing Machinery","author":"Jueckstock J.","unstructured":"Jueckstock, J., Snyder, P., Sarker, S., Kapravelos, A., and Livshits, B. Measuring the privacy vs. compatibility trade-off in preventing third-party stateful tracking. In Proceedings of the ACM Web Conference 2022 (New York, NY, USA, 2022), WWW '22, Association for Computing Machinery, p. 710--720."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833637"},{"key":"e_1_3_2_1_33_1","volume-title":"Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918","author":"Lauinger T.","year":"2018","unstructured":"Lauinger, T., Chaabane, A., Arshad, S., Robertson, W., Wilson, C., and Kirda, E. Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918 (2018)."},{"volume-title":"Proceedings of the 26th Annual Network and Distributed System Security Symposium (Feb. 2019), NDSS 2019.","author":"Le Pochat V.","key":"e_1_3_2_1_34_1","unstructured":"Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczynski, M., and Joosen, W. Tranco: A research-oriented top sites ranking hardened against manipulation. In Proceedings of the 26th Annual Network and Distributed System Security Symposium (Feb. 2019), NDSS 2019."},{"key":"e_1_3_2_1_35_1","volume-title":"Cookiegraph: Measuring and countering first-party tracking cookies. arXiv preprint arXiv:2208.12370","author":"Munir S.","year":"2022","unstructured":"Munir, S., Siby, S., Iqbal, U., Englehardt, S., Shafiq, Z., and Troncoso, C. Cookiegraph: Measuring and countering first-party tracking cookies. arXiv preprint arXiv:2208.12370 (2022)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329841"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363526"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19125-1_7"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.9796062"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23009"},{"key":"e_1_3_2_1_41_1","unstructured":"Team A. Adguard content blocking filters. https:\/\/github.com\/AdguardTeam\/ AdGuardFilters."},{"key":"e_1_3_2_1_42_1","unstructured":"TrustArc. Cookie consent management software and tool. https:\/\/trustarc.com\/ products\/consent-consumer-rights\/cookie-consent-manager\/."},{"key":"e_1_3_2_1_43_1","volume-title":"June","author":"West M.","year":"2016","unstructured":"West, M., and Goodwin, M. Same-Site Cookies, June 2016."},{"key":"e_1_3_2_1_44_1","volume-title":"Content security policy level 3. https:\/\/w3c.github. io\/webappsec-csp\/","author":"West M.","year":"2023","unstructured":"West, M., and Sartori, A. Content security policy level 3. https:\/\/w3c.github. io\/webappsec-csp\/, 2023."},{"key":"e_1_3_2_1_45_1","first-page":"707","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Zheng X.","year":"2015","unstructured":"Zheng, X., Jiang, J., Liang, J., Duan, H., Chen, S., Wan, T., and Weaver, N. Cookies lack integrity: Real-World implications. In 24th USENIX Security Symposium (USENIX Security 15) (Washington, D.C., Aug. 2015), USENIX Association, pp. 707--721."}],"event":{"name":"WWW '25: The ACM Web Conference 2025","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Sydney NSW Australia","acronym":"WWW '25"},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714887","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714887","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:53Z","timestamp":1750295933000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714887"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":45,"alternative-id":["10.1145\/3696410.3714887","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714887","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}