{"id":"https://openalex.org/W2057718232","doi":"https://doi.org/10.1145/1455770.1455783","title":"SOMA","display_name":"SOMA","publication_year":2008,"publication_date":"2008-10-27","ids":{"openalex":"https://openalex.org/W2057718232","doi":"https://doi.org/10.1145/1455770.1455783","mag":"2057718232"},"language":"en","primary_location":{"id":"doi:10.1145/1455770.1455783","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1455770.1455783","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061976736","display_name":"Terri Oda","orcid":null},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Terri Oda","raw_affiliation_strings":["Carleton University, Ottawa, ON, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, ON, Canada","institution_ids":["https://openalex.org/I67031392"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038853903","display_name":"Glenn Wurster","orcid":null},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Glenn Wurster","raw_affiliation_strings":["Carleton University, Ottawa, ON, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, ON, Canada","institution_ids":["https://openalex.org/I67031392"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011846293","display_name":"Paul C. van Oorschot","orcid":"https://orcid.org/0000-0002-5038-5370"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"P. C. van Oorschot","raw_affiliation_strings":["Carleton University, Ottawa, ON, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, ON, Canada","institution_ids":["https://openalex.org/I67031392"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111980259","display_name":"Anil Somayaji","orcid":"https://orcid.org/0000-0003-4761-9743"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Anil Somayaji","raw_affiliation_strings":["Carleton University, Ottawa, ON, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, ON, Canada","institution_ids":["https://openalex.org/I67031392"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5061976736"],"corresponding_institution_ids":["https://openalex.org/I67031392"],"apc_list":null,"apc_paid":null,"fwci":14.3817,"has_fulltext":false,"cited_by_count":57,"citation_normalized_percentile":{"value":0.98587691,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"89","last_page":"98"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8228832483291626},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.7590519189834595},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.6689512133598328},{"id":"https://openalex.org/keywords/soma","display_name":"Soma","score":0.6365751028060913},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.6026241779327393},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.47453176975250244},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.4531075358390808},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44586315751075745},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.42057913541793823},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.38486653566360474},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.36063945293426514},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.3597928285598755},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.27718687057495117},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.1920483112335205},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08967986702919006}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8228832483291626},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.7590519189834595},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.6689512133598328},{"id":"https://openalex.org/C2779617337","wikidata":"https://www.wikidata.org/wiki/Q842429","display_name":"Soma","level":2,"score":0.6365751028060913},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.6026241779327393},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.47453176975250244},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.4531075358390808},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44586315751075745},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.42057913541793823},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.38486653566360474},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.36063945293426514},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.3597928285598755},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.27718687057495117},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.1920483112335205},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08967986702919006},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C169760540","wikidata":"https://www.wikidata.org/wiki/Q207011","display_name":"Neuroscience","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1455770.1455783","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1455770.1455783","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.75,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W24839522","https://openalex.org/W1222699389","https://openalex.org/W1491237615","https://openalex.org/W1532095902","https://openalex.org/W1737016141","https://openalex.org/W2003189607","https://openalex.org/W2034120733","https://openalex.org/W2040210405","https://openalex.org/W2041607772","https://openalex.org/W2079029390","https://openalex.org/W2094873755","https://openalex.org/W2095610745","https://openalex.org/W2095629885","https://openalex.org/W2103834013","https://openalex.org/W2118168041","https://openalex.org/W2119085032","https://openalex.org/W2122847456","https://openalex.org/W2126579964","https://openalex.org/W2145779758","https://openalex.org/W2149684006","https://openalex.org/W2162316255","https://openalex.org/W2611023804","https://openalex.org/W4245410964","https://openalex.org/W6674628898"],"related_works":["https://openalex.org/W2548409577","https://openalex.org/W2407701912","https://openalex.org/W3180404666","https://openalex.org/W1531015913","https://openalex.org/W1484631816","https://openalex.org/W2167752994","https://openalex.org/W2907218437","https://openalex.org/W2117221897","https://openalex.org/W2181766705","https://openalex.org/W4245700610"],"abstract_inverted_index":{"Unrestricted":[0],"information":[1,23,49,92],"flows":[2,50],"are":[3],"a":[4,44,152],"key":[5],"security":[6],"weakness":[7],"of":[8,124],"current":[9,103],"web":[10,32,54,104,142],"design.":[11],"Cross-site":[12],"scripting,":[13],"cross-site":[14],"request":[15,128],"forgery,":[16],"and":[17,70,90,106,115,132,141],"other":[18],"attacks":[19],"typically":[20],"require":[21],"that":[22,51,117],"be":[24,134],"sent":[25],"or":[26,67],"retrieved":[27,86],"from":[28,84,87,93],"arbitrary,":[29],"often":[30],"malicious,":[31],"servers.":[33],"In":[34],"this":[35],"paper":[36],"we":[37,80,149],"propose":[38],"Same":[39],"Origin":[40],"Mutual":[41],"Approval":[42],"(SOMA),":[43],"new":[45],"policy":[46],"for":[47,65,113],"controlling":[48],"prevents":[52],"common":[53],"vulnerabilities.":[55],"By":[56],"requiring":[57,72],"site":[58],"operators":[59],"to":[60,76,96],"specify":[61],"approved":[62],"external":[63,74],"domains":[64,75],"sending":[66],"receiving":[68],"information,":[69],"by":[71,139],"those":[73],"also":[77],"approve":[78],"interactions,":[79],"prevent":[81],"page":[82],"content":[83],"being":[85,94],"malicious":[88],"servers":[89,116],"sensitive":[91],"communicated":[95],"an":[97,122],"attacker.":[98],"SOMA":[99,120,154],"is":[100,107],"compatible":[101],"with":[102,136],"applications":[105],"incrementally":[108],"deployable,":[109],"providing":[110],"immediate":[111],"benefits":[112],"clients":[114],"implement":[118],"it.":[119],"has":[121],"overhead":[123],"one":[125],"additional":[126],"HTTP":[127],"per":[129],"domain":[130],"accessed":[131],"can":[133],"implemented":[135],"minimal":[137],"effort":[138],"application":[140],"browser":[143],"developers.":[144],"To":[145],"evaluate":[146],"our":[147],"proposal,":[148],"have":[150],"developed":[151],"Firefox":[153],"add-on.":[155]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":10},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":7},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}