{"id":"https://openalex.org/W2143504694","doi":"https://doi.org/10.1109/sp.2014.49","title":"An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System","display_name":"An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System","publication_year":2014,"publication_date":"2014-05-01","ids":{"openalex":"https://openalex.org/W2143504694","doi":"https://doi.org/10.1109/sp.2014.49","mag":"2143504694"},"language":"en","primary_location":{"id":"doi:10.1109/sp.2014.49","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp.2014.49","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 IEEE Symposium on Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5019297588","display_name":"Daniel Fett","orcid":null},"institutions":[{"id":"https://openalex.org/I89864525","display_name":"Universit\u00e4t Trier","ror":"https://ror.org/02778hg05","country_code":"DE","type":"education","lineage":["https://openalex.org/I89864525"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel Fett","raw_affiliation_strings":["University of Trier, Germany","University of Trier,Trier,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Trier, Germany","institution_ids":["https://openalex.org/I89864525"]},{"raw_affiliation_string":"University of Trier,Trier,Germany","institution_ids":["https://openalex.org/I89864525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088011494","display_name":"Ralf K\u00fcsters","orcid":"https://orcid.org/0000-0002-9071-9312"},"institutions":[{"id":"https://openalex.org/I89864525","display_name":"Universit\u00e4t Trier","ror":"https://ror.org/02778hg05","country_code":"DE","type":"education","lineage":["https://openalex.org/I89864525"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ralf Kusters","raw_affiliation_strings":["University of Trier, Germany","University of Trier,Trier,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Trier, Germany","institution_ids":["https://openalex.org/I89864525"]},{"raw_affiliation_string":"University of Trier,Trier,Germany","institution_ids":["https://openalex.org/I89864525"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5032615835","display_name":"Guido Schmitz","orcid":"https://orcid.org/0000-0002-3776-5475"},"institutions":[{"id":"https://openalex.org/I89864525","display_name":"Universit\u00e4t Trier","ror":"https://ror.org/02778hg05","country_code":"DE","type":"education","lineage":["https://openalex.org/I89864525"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Guido Schmitz","raw_affiliation_strings":["University of Trier, Germany","University of Trier,Trier,Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Trier, Germany","institution_ids":["https://openalex.org/I89864525"]},{"raw_affiliation_string":"University of Trier,Trier,Germany","institution_ids":["https://openalex.org/I89864525"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":9.3571,"has_fulltext":false,"cited_by_count":62,"citation_normalized_percentile":{"value":0.98121199,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"673","last_page":"688"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7767162322998047},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.5910118222236633},{"id":"https://openalex.org/keywords/html5","display_name":"HTML5","score":0.5655098557472229},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.531994640827179},{"id":"https://openalex.org/keywords/ajax","display_name":"Ajax","score":0.5155470371246338},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.48675060272216797},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.4399644732475281},{"id":"https://openalex.org/keywords/web-modeling","display_name":"Web modeling","score":0.43379852175712585},{"id":"https://openalex.org/keywords/model-checking","display_name":"Model checking","score":0.43273890018463135},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.37421321868896484},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37185341119766235},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3691078722476959},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.20955324172973633},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12304365634918213}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7767162322998047},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.5910118222236633},{"id":"https://openalex.org/C84063617","wikidata":"https://www.wikidata.org/wiki/Q2053","display_name":"HTML5","level":2,"score":0.5655098557472229},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.531994640827179},{"id":"https://openalex.org/C504723692","wikidata":"https://www.wikidata.org/wiki/Q134471","display_name":"Ajax","level":3,"score":0.5155470371246338},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.48675060272216797},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.4399644732475281},{"id":"https://openalex.org/C130436687","wikidata":"https://www.wikidata.org/wiki/Q7978591","display_name":"Web modeling","level":3,"score":0.43379852175712585},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.43273890018463135},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.37421321868896484},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37185341119766235},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3691078722476959},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.20955324172973633},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12304365634918213},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp.2014.49","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp.2014.49","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 IEEE Symposium on Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6200000047683716,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W33829987","https://openalex.org/W105715719","https://openalex.org/W169416091","https://openalex.org/W1580416641","https://openalex.org/W1581816844","https://openalex.org/W1773284672","https://openalex.org/W1973054120","https://openalex.org/W1976371754","https://openalex.org/W1997143966","https://openalex.org/W2023040061","https://openalex.org/W2060804845","https://openalex.org/W2089775132","https://openalex.org/W2090184259","https://openalex.org/W2092919558","https://openalex.org/W2113247363","https://openalex.org/W2114189125","https://openalex.org/W2114497629","https://openalex.org/W2121845793","https://openalex.org/W2133723082","https://openalex.org/W2136243456","https://openalex.org/W2143504694","https://openalex.org/W2144271133","https://openalex.org/W2150387335","https://openalex.org/W2398053170","https://openalex.org/W2399231848","https://openalex.org/W2403526004","https://openalex.org/W6601359076","https://openalex.org/W6604243033","https://openalex.org/W6634553575","https://openalex.org/W6676780202","https://openalex.org/W6712380439","https://openalex.org/W6712739088","https://openalex.org/W6713737576"],"related_works":["https://openalex.org/W244522823","https://openalex.org/W2998695923","https://openalex.org/W24906233","https://openalex.org/W2364835760","https://openalex.org/W1583761149","https://openalex.org/W1018948836","https://openalex.org/W2188399467","https://openalex.org/W3005817867","https://openalex.org/W2189059287","https://openalex.org/W77504895"],"abstract_inverted_index":{"The":[0,206],"web":[1,17,50,153],"constitutes":[2],"a":[3,45,91,98,106,135,158,191,194],"complex":[4,138],"infrastructure":[5],"and,":[6],"as":[7,34,36,90,147],"demonstrated":[8],"by":[9,22,30,217,225],"numerous":[10],"attacks,":[11],"rigorous":[12,125],"analysis":[13,96,126,156],"of":[14,97,101,113,127,160],"standards":[15,82,102],"and":[16,76,83,103,109,151,184,219],"applications":[18],"is":[19,65,72],"indispensable.":[20],"Inspired":[21],"successful":[23],"prior":[24,54,171],"work,":[25,115],"in":[26,40,170,190,203],"particular":[27],"the":[28,49,81,95,123,128,177,187,209,226],"work":[29,42],"Akhawe":[31],"et":[32,38],"al.":[33],"well":[35],"Bansal":[37],"al.,":[39],"this":[41],"we":[43,116],"propose":[44,174],"formal":[46],"model":[47,62,119],"for":[48,94,176,208],"infrastructure.":[51],"While":[52],"unlike":[53],"works,":[55],"which":[56],"aim":[57],"at":[58],"automatic":[59],"analysis,":[60],"our":[61,114,118,204,220],"so":[63],"far":[64],"not":[66,166],"directly":[67],"amenable":[68],"to":[69,80,120],"automation,":[70],"it":[71,87],"much":[73],"more":[74],"comprehensive":[75],"accurate":[77],"with":[78,193],"respect":[79],"specifications.":[84],"As":[85,105],"such,":[86],"can":[88],"serve":[89],"solid":[92],"basis":[93],"broad":[99],"range":[100],"applications.":[104],"case":[107],"study":[108],"another":[110],"important":[111],"contribution":[112],"use":[117],"carry":[121],"out":[122],"first":[124],"Browser":[129],"ID":[130],"system":[131,142,189],"(a.k.a.":[132],"Mozilla":[133,218,227],"Persona),":[134],"recently":[136],"developed":[137],"real-world":[139],"single":[140],"sign-on":[141],"that":[143,164,186],"employs":[144],"technologies":[145],"such":[146],"AJAX,":[148],"cross-document":[149],"messaging,":[150],"HTML5":[152],"storage.":[154],"Our":[155],"revealed":[157],"number":[159],"very":[161],"critical":[162,211],"flaws":[163,212],"could":[165],"have":[167,213,222],"been":[168,215,223],"captured":[169],"models.":[172],"We":[173],"fixes":[175,207],"flaws,":[178],"formally":[179],"state":[180],"relevant":[181],"security":[182,201],"properties,":[183],"prove":[185],"fixed":[188],"setting":[192],"so-called":[195],"secondary":[196],"identity":[197],"provider":[198],"satisfies":[199],"these":[200],"properties":[202],"model.":[205],"most":[210],"already":[214],"adopted":[216],"findings":[221],"rewarded":[224],"Security":[228],"Bug":[229],"Bounty":[230],"Program.":[231]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":10},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":6},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}