{"id":"https://openalex.org/W3002929229","doi":"https://doi.org/10.1145/3366423.3380092","title":"An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources","display_name":"An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources","publication_year":2020,"publication_date":"2020-04-20","ids":{"openalex":"https://openalex.org/W3002929229","doi":"https://doi.org/10.1145/3366423.3380092","mag":"3002929229"},"language":"en","primary_location":{"id":"doi:10.1145/3366423.3380092","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3366423.3380092","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of The Web Conference 2020","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3366423.3380092","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031241829","display_name":"Bertil Chapuis","orcid":"https://orcid.org/0000-0003-3168-5375"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Bertil Chapuis","raw_affiliation_strings":["UNIL-HEC Lausanne, Switzerland"],"affiliations":[{"raw_affiliation_string":"UNIL-HEC Lausanne, Switzerland","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036553203","display_name":"Olamide Omolola","orcid":null},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Olamide Omolola","raw_affiliation_strings":["TU Graz, Austria"],"affiliations":[{"raw_affiliation_string":"TU Graz, Austria","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033262697","display_name":"Mauro Cherubini","orcid":"https://orcid.org/0000-0002-1860-6110"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mauro Cherubini","raw_affiliation_strings":["UNIL-HEC Lausanne, Switzerland"],"affiliations":[{"raw_affiliation_string":"UNIL-HEC Lausanne, Switzerland","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053332520","display_name":"Mathias Humbert","orcid":"https://orcid.org/0000-0001-5046-1727"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mathias Humbert","raw_affiliation_strings":["armasuisse S+T, Switzerland"],"affiliations":[{"raw_affiliation_string":"armasuisse S+T, Switzerland","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5017780534","display_name":"K\u00e9vin Huguenin","orcid":"https://orcid.org/0000-0001-7147-1828"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"K\u00e9vin Huguenin","raw_affiliation_strings":["UNIL-HEC Lausanne, Switzerland"],"affiliations":[{"raw_affiliation_string":"UNIL-HEC Lausanne, Switzerland","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5031241829"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.4998,"has_fulltext":true,"cited_by_count":12,"citation_normalized_percentile":{"value":0.91271965,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"34","last_page":"45"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7611442804336548},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.6985108256340027},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.6593432426452637},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.5611692667007446},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5327026844024658},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5020666122436523},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.46281397342681885},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4438701868057251},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.4083627164363861},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.23295745253562927}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7611442804336548},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.6985108256340027},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.6593432426452637},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.5611692667007446},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5327026844024658},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5020666122436523},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.46281397342681885},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4438701868057251},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.4083627164363861},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.23295745253562927},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"doi:10.1145/3366423.3380092","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3366423.3380092","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of The Web Conference 2020","raw_type":"proceedings-article"},{"id":"pmh:oai:serval.unil.ch:BIB_641044F40080","is_oa":true,"landing_page_url":"https://serval.unil.ch/notice/serval:BIB_641044F40080","pdf_url":null,"source":{"id":"https://openalex.org/S4306401797","display_name":"SERVAL (Universit\u00e9 de Lausanne)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210093590","host_organization_name":"Swiss School of Archaeology in Greece","host_organization_lineage":["https://openalex.org/I4210093590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Web Conference (WWW), pp. 34-45","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:iris.unil.ch:iris/142319","is_oa":true,"landing_page_url":"https://iris.unil.ch/handle/iris/142319","pdf_url":"https://iris.unil.ch/bitstreams/50d644a8-9457-4653-98a7-453e36f803c3/download","source":{"id":"https://openalex.org/S7407055444","display_name":"IRIS","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"},{"id":"pmh:oai:HAL:hal-02435688v1","is_oa":true,"landing_page_url":"https://hal.science/hal-02435688","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Web Conference (WWW), Apr 2020, Taipei, Taiwan. pp.34-45, &#x27E8;10.1145/3366423.3380092&#x27E9;","raw_type":"Conference papers"},{"id":"pmh:oai:hesso.tind.io:15315","is_oa":false,"landing_page_url":"http://arodes.hes-so.ch/record/15315","pdf_url":null,"source":{"id":"https://openalex.org/S4306402432","display_name":"ArODES (HES-SO (https://www.hes-so.ch/))","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210088449","host_organization_name":"HES-SO Gen\u00e8ve","host_organization_lineage":["https://openalex.org/I4210088449"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://arodes.hes-so.ch/record/15315","raw_type":"Text"},{"id":"pmh:oai:serval.unil.ch:BIB_3BD04F4DF33D","is_oa":true,"landing_page_url":"https://serval.unil.ch/notice/serval:BIB_3BD04F4DF33D","pdf_url":null,"source":{"id":"https://openalex.org/S4306401797","display_name":"SERVAL (Universit\u00e9 de Lausanne)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210093590","host_organization_name":"Swiss School of Archaeology in Greece","host_organization_lineage":["https://openalex.org/I4210093590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings of the Web Conference (WWW), pp. 34\u201345","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"doi:10.1145/3366423.3380092","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3366423.3380092","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of The Web Conference 2020","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3378801267","display_name":null,"funder_award_id":"19024","funder_id":"https://openalex.org/F4320321942","funder_display_name":"Hasler Stiftung"}],"funders":[{"id":"https://openalex.org/F4320321942","display_name":"Hasler Stiftung","ror":"https://ror.org/04m3t9183"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W946133946","https://openalex.org/W1803273808","https://openalex.org/W2016874080","https://openalex.org/W2069101457","https://openalex.org/W2091747079","https://openalex.org/W2099474262","https://openalex.org/W2099889974","https://openalex.org/W2101678831","https://openalex.org/W2119588373","https://openalex.org/W2128551894","https://openalex.org/W2139179587","https://openalex.org/W2511044583","https://openalex.org/W2512279548","https://openalex.org/W2551763599","https://openalex.org/W2563509884","https://openalex.org/W2583097029","https://openalex.org/W2605157885","https://openalex.org/W2614073125","https://openalex.org/W2616029431","https://openalex.org/W2619020149","https://openalex.org/W2643441730","https://openalex.org/W2733681384","https://openalex.org/W2757395016","https://openalex.org/W2786284130","https://openalex.org/W2788782991","https://openalex.org/W2790829532","https://openalex.org/W2805795238","https://openalex.org/W2850153722","https://openalex.org/W2890220547","https://openalex.org/W2903809408","https://openalex.org/W2909986196","https://openalex.org/W2945710818","https://openalex.org/W2966008409","https://openalex.org/W3102301970","https://openalex.org/W3104970816","https://openalex.org/W4238577395","https://openalex.org/W4254194321","https://openalex.org/W4281564584"],"related_works":["https://openalex.org/W2167278502","https://openalex.org/W2913452075","https://openalex.org/W2389737178","https://openalex.org/W3005817867","https://openalex.org/W2016596278","https://openalex.org/W605324233","https://openalex.org/W1566985031","https://openalex.org/W3140034589","https://openalex.org/W2982387199","https://openalex.org/W3037157331"],"abstract_inverted_index":{"Web":[0,88,98],"developers":[1,50,131,150,159,190],"can":[2],"(and":[3],"do)":[4],"include":[5,52],"subresources":[6,17,67],"such":[7],"as":[8],"scripts,":[9],"stylesheets":[10],"and":[11,30,121,134,162,198],"images":[12],"in":[13,44,54,57,209],"their":[14,55],"webpages.":[15],"Such":[16],"might":[18],"be":[19,36],"stored":[20],"on":[21,86],"content":[22],"delivery":[23],"networks":[24],"(CDNs).":[25],"This":[26,201],"practice":[27],"creates":[28],"security":[29],"privacy":[31],"risks,":[32],"should":[33],"a":[34,146,155,204],"subresource":[35,39],"corrupted.":[37],"The":[38,177],"integrity":[40,65],"(SRI)":[41],"recommendation,":[42],"released":[43],"mid-2016":[45],"by":[46,89,125,189],"the":[47,64,76,82,87,97,100,108,126,175,180,185],"W3C,":[48],"enables":[49],"to":[51,62],"digests":[53],"webpages":[56],"order":[58],"for":[59,203],"web":[60,149],"browsers":[61],"verify":[63],"of":[66,81,84,96,110,128,148,158,169,174,179,187,207],"before":[68],"loading":[69],"them.":[70],"In":[71],"this":[72],"paper,":[73],"we":[74],"conduct":[75],"first":[77],"large-scale":[78],"longitudinal":[79],"study":[80],"use":[83],"SRI":[85,111,144,161,188,208],"analyzing":[90],"massive":[91],"crawls":[92],"(\u2248":[93],"3B":[94],"URLs)":[95],"over":[99],"last":[101],"3.5":[102],"years.":[103],"Our":[104],"results":[105,178],"show":[106,183],"that":[107,154,184],"adoption":[109],"is":[112,122,191],"modest":[113],"(\u2248),":[114],"but":[115,167],"grows":[116],"at":[117],"an":[118],"increasing":[119],"rate":[120],"highly":[123],"influenced":[124],"practices":[127],"popular":[129],"library":[130],"(e.g.,":[132,137],"Bootstrap)":[133],"CDN":[135],"operators":[136],"jsDelivr).":[138],"We":[139],"complement":[140],"our":[141],"analysis":[142],"about":[143],"with":[145],"survey":[147,181],"(N=):":[151],"It":[152],"shows":[153],"substantial":[156],"proportion":[157],"know":[160],"understand":[163],"its":[164],"basic":[165],"functioning,":[166],"most":[168],"them":[170],"ignore":[171],"important":[172],"aspects":[173],"recommendation.":[176],"also":[182],"integration":[186,206],"mostly":[192],"manual":[193],"\u2013":[194],"hence":[195],"not":[196],"scalable":[197],"error":[199],"prone.":[200],"calls":[202],"better":[205],"build":[210],"tools.":[211]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2}],"updated_date":"2026-03-18T14:38:29.013473","created_date":"2025-10-10T00:00:00"}