{"id":"https://openalex.org/W3014530263","doi":"https://doi.org/10.1145/3320269.3372196","title":"CORSICA: Cross-Origin Web Service Identification","display_name":"CORSICA: Cross-Origin Web Service Identification","publication_year":2020,"publication_date":"2020-10-05","ids":{"openalex":"https://openalex.org/W3014530263","doi":"https://doi.org/10.1145/3320269.3372196","mag":"3014530263"},"language":"en","primary_location":{"id":"doi:10.1145/3320269.3372196","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3320269.3372196","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2004.00939","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008217804","display_name":"Christian Dresen","orcid":"https://orcid.org/0000-0001-9739-4090"},"institutions":[{"id":"https://openalex.org/I63274643","display_name":"FH M\u00fcnster","ror":"https://ror.org/00pv45a02","country_code":"DE","type":"education","lineage":["https://openalex.org/I63274643"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Christian Dresen","raw_affiliation_strings":["M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","institution_ids":["https://openalex.org/I63274643"]},{"raw_affiliation_string":"M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#","institution_ids":["https://openalex.org/I63274643"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063643364","display_name":"Fabian Ising","orcid":null},"institutions":[{"id":"https://openalex.org/I63274643","display_name":"FH M\u00fcnster","ror":"https://ror.org/00pv45a02","country_code":"DE","type":"education","lineage":["https://openalex.org/I63274643"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Fabian Ising","raw_affiliation_strings":["M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","institution_ids":["https://openalex.org/I63274643"]},{"raw_affiliation_string":"M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#","institution_ids":["https://openalex.org/I63274643"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082564851","display_name":"Damian Poddebniak","orcid":null},"institutions":[{"id":"https://openalex.org/I63274643","display_name":"FH M\u00fcnster","ror":"https://ror.org/00pv45a02","country_code":"DE","type":"education","lineage":["https://openalex.org/I63274643"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Damian Poddebniak","raw_affiliation_strings":["M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","institution_ids":["https://openalex.org/I63274643"]},{"raw_affiliation_string":"M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#","institution_ids":["https://openalex.org/I63274643"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005916645","display_name":"Tobias Kappert","orcid":null},"institutions":[{"id":"https://openalex.org/I63274643","display_name":"FH M\u00fcnster","ror":"https://ror.org/00pv45a02","country_code":"DE","type":"education","lineage":["https://openalex.org/I63274643"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tobias Kappert","raw_affiliation_strings":["M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","institution_ids":["https://openalex.org/I63274643"]},{"raw_affiliation_string":"M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#","institution_ids":["https://openalex.org/I63274643"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056790702","display_name":"Thorsten Holz","orcid":"https://orcid.org/0000-0002-2783-1264"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thorsten Holz","raw_affiliation_strings":["Ruhr-University Bochum, Bochum, Germany","[Ruhr University Bochum, Bochum, Germany]"],"affiliations":[{"raw_affiliation_string":"Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]},{"raw_affiliation_string":"[Ruhr University Bochum, Bochum, Germany]","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044292628","display_name":"Sebastian Schinzel","orcid":null},"institutions":[{"id":"https://openalex.org/I63274643","display_name":"FH M\u00fcnster","ror":"https://ror.org/00pv45a02","country_code":"DE","type":"education","lineage":["https://openalex.org/I63274643"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sebastian Schinzel","raw_affiliation_strings":["M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany","institution_ids":["https://openalex.org/I63274643"]},{"raw_affiliation_string":"M\u00fcnster Univ. of Applied Sciences, M\u00fcnster, Germany#TAB#","institution_ids":["https://openalex.org/I63274643"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5008217804"],"corresponding_institution_ids":["https://openalex.org/I63274643"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.04129188,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"409","last_page":"419"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.8062019944190979},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.690571129322052},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.689023494720459},{"id":"https://openalex.org/keywords/html5","display_name":"HTML5","score":0.6720261573791504},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.6679978370666504},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.6283089518547058},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.5337439775466919},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5323373079299927},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.49889564514160156},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.478799432516098},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.4106018841266632},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1886732280254364}],"concepts":[{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.8062019944190979},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.690571129322052},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.689023494720459},{"id":"https://openalex.org/C84063617","wikidata":"https://www.wikidata.org/wiki/Q2053","display_name":"HTML5","level":2,"score":0.6720261573791504},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.6679978370666504},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.6283089518547058},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.5337439775466919},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5323373079299927},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.49889564514160156},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.478799432516098},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.4106018841266632},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1886732280254364},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C136264566","wikidata":"https://www.wikidata.org/wiki/Q159810","display_name":"Economy","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3320269.3372196","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3320269.3372196","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2004.00939","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2004.00939","pdf_url":"https://arxiv.org/pdf/2004.00939","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:3014530263","is_oa":true,"landing_page_url":"http://arxiv.org/pdf/2004.00939.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.2004.00939","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2004.00939","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2004.00939","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2004.00939","pdf_url":"https://arxiv.org/pdf/2004.00939","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320335322","display_name":"European Regional Development Fund","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3014530263.pdf","grobid_xml":"https://content.openalex.org/works/W3014530263.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W1527571395","https://openalex.org/W1659880361","https://openalex.org/W1709767083","https://openalex.org/W1987566287","https://openalex.org/W2072978486","https://openalex.org/W2101424852","https://openalex.org/W2141367366","https://openalex.org/W2150477710","https://openalex.org/W2255369088","https://openalex.org/W2281150297","https://openalex.org/W2336650211","https://openalex.org/W2752565799","https://openalex.org/W2850153722","https://openalex.org/W2886654865","https://openalex.org/W4250101418"],"related_works":["https://openalex.org/W3092067332","https://openalex.org/W2182089504","https://openalex.org/W2101678831","https://openalex.org/W1530588090","https://openalex.org/W1856284726","https://openalex.org/W3035133617","https://openalex.org/W2313055692","https://openalex.org/W2948532510","https://openalex.org/W2903080305","https://openalex.org/W2068531859","https://openalex.org/W916837809","https://openalex.org/W2134646643","https://openalex.org/W3102356356","https://openalex.org/W3044475393","https://openalex.org/W3126695527","https://openalex.org/W2523390657","https://openalex.org/W2129596343","https://openalex.org/W1995714055","https://openalex.org/W3209479567","https://openalex.org/W2118315370"],"abstract_inverted_index":{"Vulnerabilities":[0],"in":[1,78,132,142],"private":[2],"networks":[3],"are":[4,16,130],"difficult":[5],"to":[6,31,63,85,193,217],"detect":[7],"for":[8,19,44],"attackers":[9],"outside":[10],"of":[11,66,76,101,126,152,155,169],"the":[12,56,79,166,170,187,233],"network.":[13],"While":[14],"there":[15],"known":[17],"methods":[18],"port":[20],"scanning":[21],"internal":[22,29],"hosts":[23,37],"that":[24,36,55,81,105,129,232],"work":[25],"by":[26,69],"luring":[27],"unwitting":[28],"users":[30],"an":[32],"external":[33],"web":[34,87,103,156],"page":[35],"malicious":[38],"JavaScript":[39,99,121],"code,":[40],"no":[41],"such":[42],"method":[43],"detailed":[45],"and":[46,98,138,181,203,230,244],"precise":[47],"service":[48],"identification":[49,249],"is":[50,54,215],"known.":[51],"The":[52,113],"reason":[53],"Same":[57],"Origin":[58],"Policy":[59,242],"(SOP)":[60],"prevents":[61],"access":[62],"HTTP":[64],"responses":[65],"other":[67],"origins":[68],"default.":[70],"We":[71,136],"perform":[72],"a":[73,143],"structured":[74],"analysis":[75],"loopholes":[77],"SOP":[80],"can":[82,148,184],"be":[83],"used":[84,174],"identify":[86,150,218],"applications":[88],"across":[89],"network":[90],"boundaries.":[91],"For":[92],"this,":[93],"we":[94,226],"analyze":[95,227],"HTML5,":[96],"CSS,":[97],"features":[100],"standard-compliant":[102],"browsers":[104],"may":[106],"leak":[107],"sensitive":[108],"information":[109],"about":[110],"cross-origin":[111,127],"content.":[112],"results":[114],"reveal":[115],"several":[116],"novel":[117],"techniques,":[118],"including":[119],"leaking":[120],"function":[122],"names":[123],"or":[124],"styles":[125],"requests":[128,210],"available":[131],"all":[133],"common":[134],"browsers.":[135],"implement":[137],"test":[139],"these":[140],"techniques":[141],"tool":[144],"called":[145],"CORSICA.":[146],"It":[147],"successfully":[149],"31":[151],"42":[153],"(74%)":[154],"services":[157],"running":[158],"on":[159,190,211],"different":[160],"IoT":[161],"devices":[162],"as":[163,165],"well":[164],"version":[167],"numbers":[168],"four":[171,204],"most":[172],"widely":[173],"content":[175],"management":[176],"systems":[177],"WordPress,":[178],"Drupal,":[179],"Joomla,":[180],"TYPO3.":[182],"CORSICA":[183,214],"also":[185],"determine":[186],"patch":[188],"level":[189],"average":[191],"down":[192],"three":[194],"versions":[195,198,201,205],"(WordPress),":[196],"six":[197],"(Drupal),":[199],"two":[200],"(Joomla),":[202],"(TYPO3)":[206],"with":[207],"only":[208],"ten":[209],"average.":[212],"Furthermore,":[213],"able":[216],"48":[219],"WordPress":[220],"plugins":[221],"containing":[222],"65":[223],"vulnerabilities.":[224],"Finally,":[225],"mitigation":[228],"strategies":[229,239],"show":[231],"proposed":[234],"but":[235],"not":[236],"yet":[237],"implemented":[238],"Cross-Origin":[240],"Resource":[241],"(CORP)}":[243],"Sec-Metadata":[245],"would":[246],"prevent":[247],"our":[248],"techniques.":[250]},"counts_by_year":[],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2025-10-10T00:00:00"}