{"id":"https://openalex.org/W2511463445","doi":"https://doi.org/10.1145/2976749.2978414","title":"\"The Web/Local\" Boundary Is Fuzzy","display_name":"\"The Web/Local\" Boundary Is Fuzzy","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2511463445","doi":"https://doi.org/10.1145/2976749.2978414","mag":"2511463445"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978414","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978414","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070140780","display_name":"Yaoqi Jia","orcid":null},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Yaoqi Jia","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112422404","display_name":"Zheng Leong Chua","orcid":null},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zheng Leong Chua","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102150414","display_name":"Hong Hu","orcid":"https://orcid.org/0000-0002-6261-3190"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Hong Hu","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100366890","display_name":"Shuo Chen","orcid":"https://orcid.org/0000-0003-3893-715X"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shuo Chen","raw_affiliation_strings":["Microsoft Research, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034054081","display_name":"Prateek Saxena","orcid":"https://orcid.org/0000-0002-1875-8675"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Prateek Saxena","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084611756","display_name":"Zhenkai Liang","orcid":"https://orcid.org/0000-0001-7138-5030"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zhenkai Liang","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5070140780"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":4.7132,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.95364456,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"791","last_page":"804"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.762197732925415},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6098482608795166},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5626177191734314},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.47769883275032043},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.47701549530029297},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.46467146277427673},{"id":"https://openalex.org/keywords/guard","display_name":"Guard (computer science)","score":0.43823668360710144},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.431330144405365},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3822079002857208},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3487536609172821},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.256997674703598}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.762197732925415},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6098482608795166},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5626177191734314},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.47769883275032043},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.47701549530029297},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.46467146277427673},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.43823668360710144},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.431330144405365},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3822079002857208},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3487536609172821},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.256997674703598},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2978414","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978414","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.46000000834465027,"display_name":"Peace, Justice and strong institutions"},{"id":"https://metadata.un.org/sdg/17","score":0.4099999964237213,"display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W1112477","https://openalex.org/W2363194","https://openalex.org/W136211262","https://openalex.org/W1459231281","https://openalex.org/W1515981325","https://openalex.org/W1527502244","https://openalex.org/W1558430956","https://openalex.org/W1582331515","https://openalex.org/W1590050693","https://openalex.org/W1693301795","https://openalex.org/W1705596515","https://openalex.org/W1816718056","https://openalex.org/W1823377586","https://openalex.org/W1825457006","https://openalex.org/W1907897959","https://openalex.org/W1963947298","https://openalex.org/W2015083179","https://openalex.org/W2037671236","https://openalex.org/W2042856445","https://openalex.org/W2062340141","https://openalex.org/W2079029390","https://openalex.org/W2081768685","https://openalex.org/W2088383546","https://openalex.org/W2089180764","https://openalex.org/W2109219878","https://openalex.org/W2122757982","https://openalex.org/W2138381338","https://openalex.org/W2138517425","https://openalex.org/W2140611647","https://openalex.org/W2140908857","https://openalex.org/W2148686658","https://openalex.org/W2155851497","https://openalex.org/W2159079348","https://openalex.org/W2171295941","https://openalex.org/W2295441334","https://openalex.org/W2296324027","https://openalex.org/W2350778671","https://openalex.org/W2512784977","https://openalex.org/W2549548403","https://openalex.org/W2575425722","https://openalex.org/W3207158246","https://openalex.org/W4234020632","https://openalex.org/W4245410964","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W2156201195","https://openalex.org/W2358174607","https://openalex.org/W2613374639","https://openalex.org/W2187625726","https://openalex.org/W2371044121","https://openalex.org/W2027150799","https://openalex.org/W2003115932","https://openalex.org/W4313139008","https://openalex.org/W186778346","https://openalex.org/W4249792249"],"abstract_inverted_index":{"Process-based":[0],"isolation,":[1],"suggested":[2],"by":[3],"several":[4,27],"research":[5,28],"prototypes,":[6,29],"is":[7,17,117],"a":[8,133,186],"cornerstone":[9],"of":[10,53,104,110],"modern":[11],"browser":[12,21],"security":[13],"architectures.":[14],"Google":[15,63],"Chrome":[16],"the":[18,69,72,79,82,95,99,112,139,191],"first":[19],"commercial":[20],"that":[22,74,122],"adopts":[23],"this":[24,89],"architecture.":[25],"Unlike":[26],"Chrome's":[30,127],"process-based":[31,96],"design":[32],"does":[33],"not":[34,157],"isolate":[35,78],"different":[36],"web":[37,80],"origins,":[38],"but":[39],"primarily":[40],"promises":[41],"to":[42,135,189],"protect":[43],"\"the":[44,48],"local":[45,70,83,140],"system\"":[46],"from":[47,81],"web\".":[49],"However,":[50],"as":[51,102,132],"billions":[52],"users":[54],"now":[55],"use":[56],"web-based":[57],"cloud":[58],"services":[59],"(e.g.,":[60],"Dropbox":[61],"and":[62,146,155,175,184],"Drive),":[64],"which":[65],"are":[66,152],"integrated":[67],"into":[68],"system,":[71,142],"premise":[73],"browsers":[75],"can":[76,129],"effectively":[77],"system":[84,114,148],"has":[85],"become":[86],"questionable.":[87],"In":[88],"paper,":[90],"we":[91,120,179],"argue":[92],"that,":[93],"if":[94],"isolation":[97],"disregards":[98],"same-origin":[100],"policy":[101],"one":[103],"its":[105,108],"goals,":[106],"then":[107],"promise":[109],"maintaining":[111],"\"web/local":[113],"(local)\"":[115],"separation":[116],"doubtful.":[118],"Specifically,":[119],"show":[121],"existing":[123],"memory":[124],"vulnerabilities":[125],"in":[126,138],"renderer":[128],"be":[130],"used":[131],"stepping-stone":[134],"drop":[136],"executables/scripts":[137],"file":[141],"install":[143],"unwanted":[144],"applications":[145],"misuse":[147],"sensors.":[149],"These":[150],"attacks":[151,168,192],"purely":[153],"data-oriented":[154],"do":[156],"alter":[158],"any":[159],"control":[160],"flow":[161],"or":[162],"import":[163],"foreign":[164],"code.":[165],"Thus,":[166],"such":[167],"bypass":[169],"binary-level":[170],"protection":[171],"mechanisms,":[172],"including":[173],"ASLR":[174],"in-memory":[176],"partitioning.":[177],"Finally,":[178],"discuss":[180],"various":[181],"full":[182],"defenses":[183],"present":[185],"possible":[187],"way":[188],"mitigate":[190],"presented.":[193]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}