{"id":"https://openalex.org/W4281396748","doi":"https://doi.org/10.1145/3488932.3517416","title":"SoK","display_name":"SoK","publication_year":2022,"publication_date":"2022-05-24","ids":{"openalex":"https://openalex.org/W4281396748","doi":"https://doi.org/10.1145/3488932.3517416"},"language":"en","primary_location":{"id":"doi:10.1145/3488932.3517416","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3488932.3517416","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3517416","source":{"id":"https://openalex.org/S4363609011","display_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3517416","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061602585","display_name":"Tom Van Goethem","orcid":"https://orcid.org/0000-0001-6846-9081"},"institutions":[{"id":"https://openalex.org/I4210114974","display_name":"IMEC","ror":"https://ror.org/02kcbn207","country_code":"BE","type":"nonprofit","lineage":["https://openalex.org/I4210114974"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE"],"is_corresponding":true,"raw_author_name":"Tom Van Goethem","raw_affiliation_strings":["imec-DistriNet, KU Leuven, Leuven, Belgium"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"imec-DistriNet, KU Leuven, Leuven, Belgium","institution_ids":["https://openalex.org/I4210114974","https://openalex.org/I99464096"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026610847","display_name":"Gertjan Franken","orcid":"https://orcid.org/0000-0002-4859-8027"},"institutions":[{"id":"https://openalex.org/I4210114974","display_name":"IMEC","ror":"https://ror.org/02kcbn207","country_code":"BE","type":"nonprofit","lineage":["https://openalex.org/I4210114974"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Gertjan Franken","raw_affiliation_strings":["imec-DistriNet, KU Leuven, Leuven, Belgium"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"imec-DistriNet, KU Leuven, Leuven, Belgium","institution_ids":["https://openalex.org/I4210114974","https://openalex.org/I99464096"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029014592","display_name":"Iskander S\u00e1nchez-Rola","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Iskander Sanchez-Rola","raw_affiliation_strings":["Norton Research Labs, Tempe, AZ, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Norton Research Labs, Tempe, AZ, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072918566","display_name":"David Dworken","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Dworken","raw_affiliation_strings":["Google, Seattle, WA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Google, Seattle, WA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054031138","display_name":"Wouter Joosen","orcid":"https://orcid.org/0000-0002-7710-5092"},"institutions":[{"id":"https://openalex.org/I4210114974","display_name":"IMEC","ror":"https://ror.org/02kcbn207","country_code":"BE","type":"nonprofit","lineage":["https://openalex.org/I4210114974"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Wouter Joosen","raw_affiliation_strings":["imec-DistriNet, KU Leuven, Leuven, Belgium"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"imec-DistriNet, KU Leuven, Leuven, Belgium","institution_ids":["https://openalex.org/I4210114974","https://openalex.org/I99464096"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5061602585"],"corresponding_institution_ids":["https://openalex.org/I4210114974","https://openalex.org/I99464096"],"apc_list":null,"apc_paid":null,"fwci":0.4843,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.57160844,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"784","last_page":"798"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7672754526138306},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6351116895675659},{"id":"https://openalex.org/keywords/rendering","display_name":"Rendering (computer graphics)","score":0.5080883502960205},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4720799922943115},{"id":"https://openalex.org/keywords/information-sensitivity","display_name":"Information sensitivity","score":0.4642983078956604},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4519221782684326},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.420011043548584},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4196421504020691},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.3761669397354126},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.08727434277534485}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7672754526138306},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6351116895675659},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.5080883502960205},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4720799922943115},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.4642983078956604},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4519221782684326},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.420011043548584},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4196421504020691},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.3761669397354126},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.08727434277534485}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3488932.3517416","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3488932.3517416","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3517416","source":{"id":"https://openalex.org/S4363609011","display_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:lirias2repo.kuleuven.be:20.500.12942/703415","is_oa":true,"landing_page_url":"https://lirias.kuleuven.be/handle/20.500.12942/703415","pdf_url":null,"source":{"id":"https://openalex.org/S4306401954","display_name":"Lirias (KU Leuven)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I99464096","host_organization_name":"KU Leuven","host_organization_lineage":["https://openalex.org/I99464096"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May - 3 June 2022","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1145/3488932.3517416","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3488932.3517416","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3517416","source":{"id":"https://openalex.org/S4363609011","display_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6700000166893005}],"awards":[{"id":"https://openalex.org/G6014534120","display_name":null,"funder_award_id":"101019206","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320322308","display_name":"KU Leuven","ror":"https://ror.org/05f950310"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4281396748.pdf","grobid_xml":"https://content.openalex.org/works/W4281396748.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1557855942","https://openalex.org/W1965209910","https://openalex.org/W1988160443","https://openalex.org/W2040210405","https://openalex.org/W2048018257","https://openalex.org/W2061354941","https://openalex.org/W2108384401","https://openalex.org/W2560443936","https://openalex.org/W2723746209","https://openalex.org/W2752929869","https://openalex.org/W2890733335","https://openalex.org/W2896648147","https://openalex.org/W2947561144","https://openalex.org/W2964194794","https://openalex.org/W2989751675","https://openalex.org/W3008757785","https://openalex.org/W3137713441","https://openalex.org/W3138855186","https://openalex.org/W3214196324","https://openalex.org/W4289038676"],"related_works":["https://openalex.org/W1551379303","https://openalex.org/W2085319386","https://openalex.org/W2034199088","https://openalex.org/W189451467","https://openalex.org/W1606592130","https://openalex.org/W2994272732","https://openalex.org/W2157301192","https://openalex.org/W2789245562","https://openalex.org/W2260680879","https://openalex.org/W4366150264"],"abstract_inverted_index":{"A":[0],"web":[1,99],"visit":[2],"typically":[3],"consists":[4],"of":[5,22,48,84,97],"the":[6,18,26,60,77,91,98,101],"browser":[7],"rendering":[8],"a":[9,46],"dynamically":[10],"generated":[11],"response":[12],"that":[13],"is":[14],"specifically":[15],"tailored":[16],"to":[17,45,58],"user.":[19,78],"This":[20],"generation":[21],"responses":[23],"based":[24],"on":[25,81],"currently":[27],"authenticated":[28],"user,":[29],"whose":[30],"authentication":[31],"credentials":[32],"are":[33],"automatically":[34],"included":[35],"via":[36],"cookies":[37],"in":[38,69],"all":[39],"(including":[40],"cross-site)":[41],"requests,":[42],"have":[43],"led":[44],"multitude":[47],"issues.":[49],"Through":[50],"cross-site":[51],"leaks":[52],"(XS-Leaks),":[53],"an":[54],"adversary":[55],"can":[56,71],"try":[57],"circumvent":[59],"same-origin":[61],"policy":[62],"and":[63,90,104],"extract":[64],"information":[65,75],"about":[66,76],"responses,":[67],"which":[68],"turn":[70],"reveal":[72],"potentially":[73],"sensitive":[74],"As":[79],"research":[80],"this":[82],"class":[83],"vulnerabilities":[85],"only":[86],"recently":[87],"gained":[88],"traction,":[89],"attacks":[92],"affect":[93],"many":[94],"different":[95],"components":[96],"platform,":[100],"intrinsic":[102],"characteristics":[103],"underlying":[105],"causes":[106],"remain":[107],"largely":[108],"unexplored.":[109]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":3}],"updated_date":"2026-05-23T08:51:43.019350","created_date":"2022-05-25T00:00:00"}