{"id":"https://openalex.org/W4283363696","doi":"https://doi.org/10.1109/eurosp53844.2022.00041","title":"SoK: Workerounds - Categorizing Service Worker Attacks and Mitigations","display_name":"SoK: Workerounds - Categorizing Service Worker Attacks and Mitigations","publication_year":2022,"publication_date":"2022-06-01","ids":{"openalex":"https://openalex.org/W4283363696","doi":"https://doi.org/10.1109/eurosp53844.2022.00041"},"language":"en","primary_location":{"id":"doi:10.1109/eurosp53844.2022.00041","is_oa":false,"landing_page_url":"https://doi.org/10.1109/eurosp53844.2022.00041","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 7th European Symposium on Security and Privacy (EuroS&amp;P)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074383678","display_name":"Karthika Subramani","orcid":"https://orcid.org/0009-0004-8955-4049"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Karthika Subramani","raw_affiliation_strings":["University of Georgia"],"affiliations":[{"raw_affiliation_string":"University of Georgia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087177121","display_name":"Jordan Jueckstock","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jordan Jueckstock","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041544321","display_name":"Alexandros Kapravelos","orcid":"https://orcid.org/0000-0002-8839-8521"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alexandros Kapravelos","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071832270","display_name":"Roberto Perdisci","orcid":"https://orcid.org/0000-0002-7339-0041"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Roberto Perdisci","raw_affiliation_strings":["University of Georgia","Georgia Institute of Technology"],"affiliations":[{"raw_affiliation_string":"University of Georgia","institution_ids":[]},{"raw_affiliation_string":"Georgia Institute of Technology","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5074383678"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.744,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.67739761,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"555","last_page":"571"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.8796175718307495},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8033202886581421},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.7501599192619324},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6611893773078918},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6330040097236633},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6200776100158691},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.6024318933486938},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5158244967460632},{"id":"https://openalex.org/keywords/social-engineering","display_name":"Social engineering (security)","score":0.505518913269043},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.5028128027915955},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5024356842041016},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.49339547753334045},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.4509548246860504},{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.44379085302352905},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.43691810965538025},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.4361768364906311},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3588317036628723},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.25318148732185364},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.1721627414226532},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10929083824157715}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.8796175718307495},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8033202886581421},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.7501599192619324},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6611893773078918},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6330040097236633},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6200776100158691},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.6024318933486938},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5158244967460632},{"id":"https://openalex.org/C70118762","wikidata":"https://www.wikidata.org/wiki/Q376934","display_name":"Social engineering (security)","level":2,"score":0.505518913269043},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.5028128027915955},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5024356842041016},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.49339547753334045},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.4509548246860504},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.44379085302352905},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.43691810965538025},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.4361768364906311},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3588317036628723},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.25318148732185364},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.1721627414226532},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10929083824157715},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C136264566","wikidata":"https://www.wikidata.org/wiki/Q159810","display_name":"Economy","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/eurosp53844.2022.00041","is_oa":false,"landing_page_url":"https://doi.org/10.1109/eurosp53844.2022.00041","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 7th European Symposium on Security and Privacy (EuroS&amp;P)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.41999998688697815,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G4302409756","display_name":null,"funder_award_id":"N00014-21-1-2159","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G6390803006","display_name":null,"funder_award_id":"CNS-2126641,CNS-2047260","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W200873936","https://openalex.org/W1480813933","https://openalex.org/W1965209910","https://openalex.org/W2101678831","https://openalex.org/W2320204756","https://openalex.org/W2497845670","https://openalex.org/W2510556079","https://openalex.org/W2604188240","https://openalex.org/W2607676867","https://openalex.org/W2614073125","https://openalex.org/W2620581970","https://openalex.org/W2726232829","https://openalex.org/W2753884237","https://openalex.org/W2783112941","https://openalex.org/W2792874054","https://openalex.org/W2798939599","https://openalex.org/W2888214114","https://openalex.org/W2890733335","https://openalex.org/W2929305171","https://openalex.org/W2962776979","https://openalex.org/W2963619203","https://openalex.org/W2964203713","https://openalex.org/W2970862645","https://openalex.org/W2980614388","https://openalex.org/W2980770947","https://openalex.org/W3007732466","https://openalex.org/W3045686863","https://openalex.org/W3104970816","https://openalex.org/W3110204761","https://openalex.org/W3112391078","https://openalex.org/W3132118391","https://openalex.org/W3138855186","https://openalex.org/W3181804636","https://openalex.org/W3205176130","https://openalex.org/W4288079443","https://openalex.org/W6740477492","https://openalex.org/W6744187103","https://openalex.org/W6781614840"],"related_works":["https://openalex.org/W2944809083","https://openalex.org/W3159552247","https://openalex.org/W4229025036","https://openalex.org/W2548409577","https://openalex.org/W1531015913","https://openalex.org/W2737752763","https://openalex.org/W3180404666","https://openalex.org/W2572193563","https://openalex.org/W4391182755","https://openalex.org/W2407701912"],"abstract_inverted_index":{"Service":[0],"Workers":[1],"(SWs)":[2],"are":[3,185],"a":[4,51,74,177,214,261],"powerful":[5],"feature":[6],"at":[7],"the":[8,23,44,99,150,221,228],"core":[9],"of":[10,53,101,179,217,230],"Progressive":[11],"Web":[12],"Apps,":[13],"namely":[14],"web":[15,120,236],"applications":[16,237],"that":[17,29,142,184,198,247],"can":[18],"continue":[19],"to":[20,32,61,72,87,104,135,206,240,252],"function":[21],"when":[22,162],"user's":[24],"device":[25,33],"is":[26],"offline":[27],"and":[28,35,129,137,155,160,168,188,194,225,254],"have":[30,49,143,165],"access":[31],"sensors":[34],"capabilities":[36],"previously":[37,145],"accessible":[38],"only":[39],"by":[40,170,204,233],"native":[41],"applications.":[42],"During":[43],"past":[45],"few":[46],"years,":[47],"researchers":[48],"found":[50],"number":[52,178],"ways":[54],"in":[55,98,220],"which":[56],"SWs":[57,68,136,231],"may":[58,69,84,95,110],"be":[59,70,85,96,111,202,250],"abused":[60,71,112],"achieve":[62],"different":[63,153,171],"malicious":[64],"purposes.":[65],"For":[66],"instance,":[67],"build":[73],"web-based":[75],"botnet,":[76],"launch":[77],"DDoS":[78],"attacks,":[79],"or":[80,108,115],"perform":[81],"cryptomining;":[82],"they":[83,94,109],"hijacked":[86],"create":[88],"persistent":[89],"cross-site":[90],"scripting":[91],"(XSS)":[92],"attacks;":[93],"leveraged":[97],"context":[100],"side-channel":[102],"attacks":[103,118,151,164],"compromise":[105],"users'":[106],"privacy;":[107],"for":[113],"phishing":[114],"social":[116],"engineering":[117],"using":[119],"push":[121],"notifications-based":[122],"malvertising.":[123],"In":[124],"this":[125],"paper,":[126],"we":[127,175,199,212],"reproduce":[128],"analyze":[130,157],"known":[131],"attack":[132],"vectors":[133],"related":[134],"explore":[138],"new":[139,195,242],"abuse":[140],"paths":[141],"not":[144],"been":[146,166],"considered.":[147],"We":[148],"systematize":[149],"into":[152],"categories,":[154],"then":[156],"whether,":[158],"how,":[159],"estimate":[161],"these":[163,241],"published":[167],"mitigated":[169],"browser":[172,196],"vendors.":[173],"Then,":[174],"discuss":[176],"open":[180],"SW":[181,190,209,257],"security":[182,258],"problems":[183],"currently":[186],"unmitigated,":[187],"propose":[189],"behavior":[191,229],"monitoring":[192],"approaches":[193],"policies":[197,219,259],"believe":[200],"should":[201,249],"implemented":[203],"browsers":[205],"further":[207],"improve":[208],"security.":[210],"Furthermore,":[211],"implement":[213,253],"proof-of-concept":[215],"version":[216],"several":[218],"Chromium":[222],"code":[223],"base,":[224],"also":[226],"measure":[227],"used":[232],"highly":[234],"popular":[235],"with":[238],"respect":[239],"policies.":[243],"Our":[244],"measurements":[245],"show":[246],"it":[248],"feasible":[251],"enforce":[255],"stricter":[256],"without":[260],"significant":[262],"impact":[263],"on":[264],"most":[265],"legitimate":[266],"production":[267],"SWs.":[268]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2022-06-25T00:00:00"}