{"id":"https://openalex.org/W2538556898","doi":"https://doi.org/10.1145/2976749.2978394","title":"Host of Troubles","display_name":"Host of Troubles","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2538556898","doi":"https://doi.org/10.1145/2976749.2978394","mag":"2538556898"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978394","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978394","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026227164","display_name":"Jianjun Chen","orcid":"https://orcid.org/0000-0003-4730-7803"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jianjun Chen","raw_affiliation_strings":["Tsinghua University &amp; Tsingua National Laboratory for Information Science and Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University &amp; Tsingua National Laboratory for Information Science and Technology, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5106743265","display_name":"Jian Jiang","orcid":"https://orcid.org/0000-0002-5994-292X"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]},{"id":"https://openalex.org/I134446601","display_name":"Berkeley College","ror":"https://ror.org/02xewxa75","country_code":"US","type":"education","lineage":["https://openalex.org/I134446601"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jian Jiang","raw_affiliation_strings":["UC Berkeley, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC Berkeley, Berkeley, CA, USA","institution_ids":["https://openalex.org/I134446601","https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University &amp; Tsingua National Laboratory for Information Science and Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University &amp; Tsingua National Laboratory for Information Science and Technology, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026992212","display_name":"Nicholas Weaver","orcid":"https://orcid.org/0000-0001-7004-5819"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]},{"id":"https://openalex.org/I1297971548","display_name":"International Computer Science Institute","ror":"https://ror.org/01ewh7m12","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1297971548"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nicholas Weaver","raw_affiliation_strings":["UC Berkeley &amp; ICSI, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC Berkeley &amp; ICSI, Berkeley, CA, USA","institution_ids":["https://openalex.org/I1297971548","https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041005536","display_name":"Tao Wan","orcid":"https://orcid.org/0000-0002-2962-4066"},"institutions":[{"id":"https://openalex.org/I4210115038","display_name":"Huawei Technologies (Canada)","ror":"https://ror.org/026venb53","country_code":"CA","type":"company","lineage":["https://openalex.org/I2250955327","https://openalex.org/I4210115038"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Tao Wan","raw_affiliation_strings":["Huawei Canada, Ottawa, Canada"],"affiliations":[{"raw_affiliation_string":"Huawei Canada, Ottawa, Canada","institution_ids":["https://openalex.org/I4210115038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002219113","display_name":"Vern Paxson","orcid":"https://orcid.org/0009-0005-2673-543X"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]},{"id":"https://openalex.org/I1297971548","display_name":"International Computer Science Institute","ror":"https://ror.org/01ewh7m12","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1297971548"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vern Paxson","raw_affiliation_strings":["UC Berkeley &amp; ICSI, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"UC Berkeley &amp; ICSI, Berkeley, CA, USA","institution_ids":["https://openalex.org/I1297971548","https://openalex.org/I95457486"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5026227164"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":4.159,"has_fulltext":false,"cited_by_count":36,"citation_normalized_percentile":{"value":0.94698924,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1516","last_page":"1527"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.8643852472305298},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8164745569229126},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.8145495057106018},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.48258817195892334},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.46813735365867615},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4652263820171356},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.42878666520118713},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.4101482033729553},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.31795692443847656},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23034188151359558},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.22036278247833252},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10450732707977295}],"concepts":[{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.8643852472305298},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8164745569229126},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.8145495057106018},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.48258817195892334},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.46813735365867615},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4652263820171356},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.42878666520118713},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.4101482033729553},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.31795692443847656},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23034188151359558},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.22036278247833252},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10450732707977295},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2978394","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978394","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.699999988079071}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320322624","display_name":"Tsinghua National Laboratory for Information Science and Technology","ror":"https://ror.org/03cve4549"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W18105143","https://openalex.org/W108297441","https://openalex.org/W283834841","https://openalex.org/W1490025813","https://openalex.org/W1540641082","https://openalex.org/W1553177637","https://openalex.org/W2070112613","https://openalex.org/W2074028702","https://openalex.org/W2114398364","https://openalex.org/W2139339270","https://openalex.org/W2144696387","https://openalex.org/W2166509025","https://openalex.org/W2221475113","https://openalex.org/W2291769357","https://openalex.org/W2300554752","https://openalex.org/W2579069073","https://openalex.org/W3001455961","https://openalex.org/W6637957265","https://openalex.org/W6662279128"],"related_works":["https://openalex.org/W2120447654","https://openalex.org/W2977179488","https://openalex.org/W2144453115","https://openalex.org/W2128223750","https://openalex.org/W4238532390","https://openalex.org/W2188872161","https://openalex.org/W2961779879","https://openalex.org/W797688974","https://openalex.org/W2002978035","https://openalex.org/W2209382646"],"abstract_inverted_index":{"The":[0,69,140],"Host":[1,88],"header":[2],"is":[3,13,28,72],"a":[4,50,59,76,110],"security-critical":[5],"component":[6],"in":[7,106],"an":[8],"HTTP":[9,55,79,92,121,133],"request,":[10],"as":[11,15,132],"it":[12,98],"used":[14],"the":[16,25,44,103,125,143,146,153],"basis":[17],"for":[18],"enforcing":[19],"security":[20,137],"and":[21,39,57,64,96,123,136,155],"caching":[22],"policies.":[23],"While":[24],"current":[26],"specification":[27],"generally":[29],"clear":[30],"on":[31,102],"how":[32,124],"host-related":[33],"protocol":[34],"fields":[35,84],"should":[36],"be":[37],"parsed":[38],"interpreted,":[40],"we":[41],"find":[42],"that":[43,73],"implementations":[45,56,93,122,156],"are":[46],"problematic.":[47],"We":[48,108],"tested":[49],"variety":[51],"of":[52,62,112,118,142,150,157],"widely":[53],"deployed":[54],"discover":[58],"wide":[60],"range":[61],"non-compliant":[63],"inconsistent":[65,116],"host":[66,83,119],"processing":[67],"behaviours.":[68],"particular":[70],"problem":[71,144],"when":[74,100],"facing":[75],"carefully":[77],"crafted":[78],"request":[80,105],"with":[81,86],"ambiguous":[82],"(e.g.,":[85],"multiple":[87],"headers),":[89],"two":[90],"different":[91],"often":[94],"accept":[95],"understand":[97],"differently":[99],"operating":[101],"same":[104],"sequence.":[107],"show":[109],"number":[111],"techniques":[113],"to":[114,128],"induce":[115],"interpretations":[117],"between":[120,152],"inconsistency":[126],"leads":[127],"severe":[129],"attacks":[130],"such":[131],"cache":[134],"poisoning":[135],"policy":[138],"bypass.":[139],"prevalence":[141],"highlights":[145],"potential":[147],"negative":[148],"impact":[149],"gaps":[151],"specifications":[154],"Internet":[158],"protocols.":[159]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2016-10-28T00:00:00"}