{"id":"https://openalex.org/W2221475113","doi":"https://doi.org/10.1145/2736277.2741089","title":"Network-based Origin Confusion Attacks against HTTPS Virtual Hosting","display_name":"Network-based Origin Confusion Attacks against HTTPS Virtual Hosting","publication_year":2015,"publication_date":"2015-05-18","ids":{"openalex":"https://openalex.org/W2221475113","doi":"https://doi.org/10.1145/2736277.2741089","mag":"2221475113"},"language":"en","primary_location":{"id":"doi:10.1145/2736277.2741089","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2736277.2741089","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 24th International Conference on World Wide Web","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5112054753","display_name":"Antoine Delignat-Lavaud","orcid":null},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en informatique et en automatique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"funder","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Antoine Delignat-Lavaud","raw_affiliation_strings":["Inria Paris-Rocquencourt, Paris, France"],"affiliations":[{"raw_affiliation_string":"Inria Paris-Rocquencourt, Paris, France","institution_ids":["https://openalex.org/I1326498283"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026297326","display_name":"Karthikeyan Bhargavan","orcid":"https://orcid.org/0000-0002-3152-8997"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en informatique et en automatique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"funder","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Karthikeyan Bhargavan","raw_affiliation_strings":["Inria Paris-Rocquencourt, Paris, France"],"affiliations":[{"raw_affiliation_string":"Inria Paris-Rocquencourt, Paris, France","institution_ids":["https://openalex.org/I1326498283"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5112054753"],"corresponding_institution_ids":["https://openalex.org/I1326498283"],"apc_list":null,"apc_paid":null,"fwci":3.95090582,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.94435218,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"227","last_page":"237"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7922122478485107},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.6621739864349365},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6128286123275757},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.522924542427063},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4653056263923645},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4348568916320801},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.41636669635772705},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.37668290734291077},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.36975300312042236}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7922122478485107},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.6621739864349365},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6128286123275757},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.522924542427063},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4653056263923645},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4348568916320801},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.41636669635772705},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.37668290734291077},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.36975300312042236},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2736277.2741089","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2736277.2741089","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 24th International Conference on World Wide Web","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":50,"referenced_works":["https://openalex.org/W39167138","https://openalex.org/W134409196","https://openalex.org/W197713628","https://openalex.org/W312009687","https://openalex.org/W1452942402","https://openalex.org/W1495444061","https://openalex.org/W1563971619","https://openalex.org/W1595861018","https://openalex.org/W1656502710","https://openalex.org/W1785797725","https://openalex.org/W1887796531","https://openalex.org/W1974977720","https://openalex.org/W1975344666","https://openalex.org/W1976371754","https://openalex.org/W1978637756","https://openalex.org/W1987283229","https://openalex.org/W2023040061","https://openalex.org/W2042676624","https://openalex.org/W2070775894","https://openalex.org/W2072978486","https://openalex.org/W2077092541","https://openalex.org/W2079569045","https://openalex.org/W2089775132","https://openalex.org/W2097981871","https://openalex.org/W2099175354","https://openalex.org/W2103475742","https://openalex.org/W2104899073","https://openalex.org/W2113247363","https://openalex.org/W2129830111","https://openalex.org/W2133723082","https://openalex.org/W2143504694","https://openalex.org/W2145994642","https://openalex.org/W2153041122","https://openalex.org/W2182238969","https://openalex.org/W2186622768","https://openalex.org/W2187970900","https://openalex.org/W2215019170","https://openalex.org/W2236904012","https://openalex.org/W2266218113","https://openalex.org/W2300554752","https://openalex.org/W2338858629","https://openalex.org/W2346063447","https://openalex.org/W2505013646","https://openalex.org/W4301409808","https://openalex.org/W6637047716","https://openalex.org/W6639592017","https://openalex.org/W6682325848","https://openalex.org/W6686019270","https://openalex.org/W6697978539","https://openalex.org/W6724496932"],"related_works":["https://openalex.org/W3124171372","https://openalex.org/W2235294519","https://openalex.org/W4248174414","https://openalex.org/W2943837643","https://openalex.org/W2558538437","https://openalex.org/W2612791064","https://openalex.org/W2075174112","https://openalex.org/W2622620488","https://openalex.org/W2893967483","https://openalex.org/W2779209348"],"abstract_inverted_index":{"We":[0,109],"investigate":[1],"current":[2],"deployment":[3],"practices":[4],"for":[5,12,176],"virtual":[6,46,95,115,147],"hosting,":[7],"a":[8,36,55,63,68,82,99,130],"widely":[9],"used":[10],"method":[11],"serving":[13],"multiple":[14],"HTTP":[15,180],"and":[16,30,125,140,151,171],"HTTPS":[17,40,89],"origins":[18],"from":[19,70,98],"the":[20,49,78,122,153,177],"same":[21,50],"server,":[22],"in":[23,81,160],"popular":[24,124],"content":[25],"delivery":[26],"networks,":[27],"cloud-hosting":[28],"infrastructures,":[29],"web":[31,168],"servers.":[32],"Our":[33],"study":[34],"uncovers":[35],"new":[37],"class":[38],"of":[39,72,179],"origin":[41,80,102],"confusion":[42,149],"attacks:":[43],"when":[44,88],"two":[45],"hosts":[47],"use":[48],"TLS":[51,56],"certificate,":[52],"or":[53,59,136],"share":[54],"session":[57],"cache":[58],"ticket":[60],"encryption":[61],"key,":[62],"network":[64,131],"attacker":[65],"may":[66],"cause":[67],"page":[69],"one":[71],"them":[73],"to":[74,93,103,133,167],"be":[75],"loaded":[76],"under":[77],"other's":[79],"client":[83],"browser.":[84],"These":[85],"attacks":[86,150],"appear":[87],"servers":[90],"are":[91,118,157],"configured":[92],"allow":[94],"host":[96,116,148],"fallback":[97],"client-requested,":[100],"secure":[101,138],"some":[104],"other":[105],"unexpected,":[106],"less-secure":[107],"origin.":[108],"present":[110],"evidence":[111],"that":[112,156],"such":[113],"vulnerable":[114],"configurations":[117],"widespread,":[119],"even":[120],"on":[121],"most":[123],"security-scrutinized":[126],"websites,":[127],"thus":[128],"allowing":[129],"adversary":[132],"hijack":[134],"pages,":[135],"steal":[137],"cookies":[139],"single":[141],"sign-on":[142],"tokens.":[143],"To":[144],"prevent":[145],"our":[146],"recover":[152],"isolation":[154],"guarantees":[155],"commonly":[158],"assumed":[159],"shared":[161],"hosting":[162],"environments,":[163],"we":[164],"propose":[165],"fixes":[166],"server":[169],"software":[170],"advocate":[172],"conservative":[173],"configuration":[174],"guidelines":[175],"composition":[178],"with":[181],"TLS.":[182]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":3},{"year":2016,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}