{"id":"https://openalex.org/W4416756227","doi":"https://doi.org/10.1109/msec.2025.3602309","title":"Toward Practical and Scalable Adoption of Nonce-Based Content Security Policy on the Web","display_name":"Toward Practical and Scalable Adoption of Nonce-Based Content Security Policy on the Web","publication_year":2025,"publication_date":"2025-11-01","ids":{"openalex":"https://openalex.org/W4416756227","doi":"https://doi.org/10.1109/msec.2025.3602309"},"language":null,"primary_location":{"id":"doi:10.1109/msec.2025.3602309","is_oa":false,"landing_page_url":"https://doi.org/10.1109/msec.2025.3602309","pdf_url":null,"source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069828837","display_name":"Anhao Xiang","orcid":"https://orcid.org/0000-0002-8850-8583"},"institutions":[{"id":"https://openalex.org/I167576493","display_name":"Colorado School of Mines","ror":"https://ror.org/04raf6v53","country_code":"US","type":"education","lineage":["https://openalex.org/I167576493"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Anhao Xiang","raw_affiliation_strings":["Department of Computer Science, Colorado School of Mines, Golden, CO, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA","institution_ids":["https://openalex.org/I167576493"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108303232","display_name":"Mengxia Ren","orcid":"https://orcid.org/0009-0003-3918-4206"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mengxia Ren","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101641878","display_name":"Chuan Yue","orcid":"https://orcid.org/0000-0002-6095-4768"},"institutions":[{"id":"https://openalex.org/I167576493","display_name":"Colorado School of Mines","ror":"https://ror.org/04raf6v53","country_code":"US","type":"education","lineage":["https://openalex.org/I167576493"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chuan Yue","raw_affiliation_strings":["Department of Computer Science, Colorado School of Mines, Golden, CO, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA","institution_ids":["https://openalex.org/I167576493"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120617785","display_name":"James Crea","orcid":"https://orcid.org/0009-0002-3646-5531"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James Crea","raw_affiliation_strings":["Department of Computer Science, University of Illinois Urbana&#x2013;Champaign, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Illinois Urbana&#x2013;Champaign, Urbana, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113651753","display_name":"J G Kingham","orcid":"https://orcid.org/0009-0008-7978-6515"},"institutions":[{"id":"https://openalex.org/I167576493","display_name":"Colorado School of Mines","ror":"https://ror.org/04raf6v53","country_code":"US","type":"education","lineage":["https://openalex.org/I167576493"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jack Kingham","raw_affiliation_strings":["Department of Computer Science, Colorado School of Mines, Golden, CO, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA","institution_ids":["https://openalex.org/I167576493"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5120433991","display_name":"Zachary Samuels","orcid":"https://orcid.org/0009-0009-4084-3719"},"institutions":[{"id":"https://openalex.org/I167576493","display_name":"Colorado School of Mines","ror":"https://ror.org/04raf6v53","country_code":"US","type":"education","lineage":["https://openalex.org/I167576493"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zachary Samuels","raw_affiliation_strings":["Department of Computer Science, Colorado School of Mines, Golden, CO, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Colorado School of Mines, Golden, CO, USA","institution_ids":["https://openalex.org/I167576493"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5069828837"],"corresponding_institution_ids":["https://openalex.org/I167576493"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.51396809,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"6","first_page":"73","last_page":"78"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.7311999797821045,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.7311999797821045,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.051100000739097595,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.03779999911785126,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5296000242233276},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.39969998598098755},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.38749998807907104},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.3513000011444092},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.3197000026702881},{"id":"https://openalex.org/keywords/content-analysis","display_name":"Content analysis","score":0.2752000093460083},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2750999927520752}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.582099974155426},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5296000242233276},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46959999203681946},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4659999907016754},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.41749998927116394},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.39969998598098755},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3903999924659729},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.38749998807907104},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.3513000011444092},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.3197000026702881},{"id":"https://openalex.org/C162446236","wikidata":"https://www.wikidata.org/wiki/Q653137","display_name":"Content analysis","level":2,"score":0.2752000093460083},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2750999927520752},{"id":"https://openalex.org/C2776324614","wikidata":"https://www.wikidata.org/wiki/Q3948731","display_name":"Web content","level":3,"score":0.2728999853134155},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.272599995136261},{"id":"https://openalex.org/C2778152352","wikidata":"https://www.wikidata.org/wiki/Q5165061","display_name":"Content (measure theory)","level":2,"score":0.26750001311302185},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.265500009059906},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.2651999890804291},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.26159998774528503},{"id":"https://openalex.org/C2983909278","wikidata":"https://www.wikidata.org/wiki/Q6368","display_name":"Web browser","level":3,"score":0.2563999891281128},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.2542000114917755},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.25049999356269836}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/msec.2025.3602309","is_oa":false,"landing_page_url":"https://doi.org/10.1109/msec.2025.3602309","pdf_url":null,"source":{"id":"https://openalex.org/S61906035","display_name":"IEEE Security & Privacy","issn_l":"1540-7993","issn":["1540-7993","1558-4046"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Security &amp; Privacy","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W2510134782","https://openalex.org/W2535549398","https://openalex.org/W3190536237","https://openalex.org/W4385412320","https://openalex.org/W4392666870","https://openalex.org/W4406858793","https://openalex.org/W4411552603"],"related_works":[],"abstract_inverted_index":{"Content":[0],"Security":[1],"Policy":[2],"is":[3],"a":[4],"widely":[5],"supported":[6],"browser":[7],"mechanism":[8],"designed":[9],"to":[10,28],"mitigate":[11],"content":[12],"injection":[13],"attacks.":[14],"However,":[15],"its":[16],"real-world":[17],"adoption":[18],"remains":[19],"limited,":[20],"and":[21,33],"many":[22],"existing":[23],"deployments":[24],"are":[25],"insecure":[26],"due":[27],"the":[29],"complexity":[30],"of":[31],"writing":[32],"maintaining":[34],"secure":[35],"policies.":[36]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-27T00:00:00"}