{"id":"https://openalex.org/W4308391531","doi":"https://doi.org/10.1145/3548606.3560597","title":"Cross Miniapp Request Forgery","display_name":"Cross Miniapp Request Forgery","publication_year":2022,"publication_date":"2022-11-07","ids":{"openalex":"https://openalex.org/W4308391531","doi":"https://doi.org/10.1145/3548606.3560597"},"language":"en","primary_location":{"id":"doi:10.1145/3548606.3560597","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3548606.3560597","pdf_url":null,"source":{"id":"https://openalex.org/S4363608815","display_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071031796","display_name":"Yuqing Yang","orcid":"https://orcid.org/0000-0002-5149-7913"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yuqing Yang","raw_affiliation_strings":["The Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"The Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100333755","display_name":"Yue Zhang","orcid":"https://orcid.org/0000-0002-7786-0231"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yue Zhang","raw_affiliation_strings":["The Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"The Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026864098","display_name":"Zhiqiang Lin","orcid":"https://orcid.org/0000-0001-6527-5994"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiqiang Lin","raw_affiliation_strings":["The Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"The Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5071031796"],"corresponding_institution_ids":["https://openalex.org/I52357470"],"apc_list":null,"apc_paid":null,"fwci":3.5592,"has_fulltext":false,"cited_by_count":29,"citation_normalized_percentile":{"value":0.94913112,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"3079","last_page":"3092"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7833324670791626},{"id":"https://openalex.org/keywords/communication-source","display_name":"Communication source","score":0.6904219388961792},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.657322108745575},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.584522008895874},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5604258179664612},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5378649830818176},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4510778486728668},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.10601705312728882},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.07841920852661133}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7833324670791626},{"id":"https://openalex.org/C198104137","wikidata":"https://www.wikidata.org/wiki/Q974688","display_name":"Communication source","level":2,"score":0.6904219388961792},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.657322108745575},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.584522008895874},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5604258179664612},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5378649830818176},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4510778486728668},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.10601705312728882},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.07841920852661133},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3548606.3560597","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3548606.3560597","pdf_url":null,"source":{"id":"https://openalex.org/S4363608815","display_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6399999856948853,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G7768473937","display_name":null,"funder_award_id":"1834215,2112471","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W27867186","https://openalex.org/W1224296734","https://openalex.org/W1596422334","https://openalex.org/W1663388364","https://openalex.org/W1988036170","https://openalex.org/W1994588724","https://openalex.org/W2072978486","https://openalex.org/W2119249378","https://openalex.org/W2235876906","https://openalex.org/W2266424407","https://openalex.org/W2403526004","https://openalex.org/W2756264071","https://openalex.org/W2766169223","https://openalex.org/W2884650968","https://openalex.org/W2904279077","https://openalex.org/W2943467804","https://openalex.org/W2990714382","https://openalex.org/W2997611631","https://openalex.org/W3009502465","https://openalex.org/W3018180091","https://openalex.org/W3046732376","https://openalex.org/W3097802856","https://openalex.org/W3130179069","https://openalex.org/W3187895569","https://openalex.org/W4205736172","https://openalex.org/W4229007013","https://openalex.org/W4237358558","https://openalex.org/W4250678488","https://openalex.org/W6755229480","https://openalex.org/W7063277931"],"related_works":["https://openalex.org/W2368605798","https://openalex.org/W2518037665","https://openalex.org/W2348524959","https://openalex.org/W2477036161","https://openalex.org/W2368049389","https://openalex.org/W2384861574","https://openalex.org/W4294565801","https://openalex.org/W2170801710","https://openalex.org/W2952704802","https://openalex.org/W2741781807"],"abstract_inverted_index":{"A":[0],"miniapp":[1,54,80,143,213,272],"is":[2,7,129],"a":[3,10,37,53,56,78,84,209],"full-fledged":[4],"app":[5,13,39,64],"that":[6,40,179,187,208,265],"executed":[8],"inside":[9],"mobile":[11],"super":[12,63],"such":[14,241,249],"as":[15,250],"WeChat":[16,162,172,191,237],"or":[17],"SnapChat.":[18],"Being":[19],"mini":[20],"by":[21,61,125],"nature,":[22],"it":[23,91],"often":[24],"has":[25],"to":[26,31,47,65,83,98,116,131,145,281],"communicate":[27],"with":[28,160],"other":[29],"miniapps":[30,124,163,173,178,198,238,276],"accomplish":[32],"complicated":[33],"tasks.":[34],"However,":[35],"unlike":[36],"web":[38,51],"uses":[41,55],"network":[42],"domains":[43],"(i.e.,":[44,106],"IP":[45],"addresses)":[46],"navigate":[48,66],"between":[49,67],"different":[50],"apps,":[52],"unique":[57],"global":[58],"appId":[59,76],"assigned":[60],"the":[62,74,100,107,110,118,134,138,154,200,204,224,233],"miniapps.":[68],"Unfortunately,":[69],"any":[70,150],"missing":[71,151],"checks":[72,152,202],"of":[73,87,103,109,120,142,153,190,196,203,212,218,226,232,235,240],"sender's":[75,205],"in":[77],"receiver":[79],"can":[81,244,268],"lead":[82],"new":[85],"type":[86],"attacks":[88],"we":[89],"name":[90],"cross-miniapp":[92],"request":[93],"forgery":[94],"(CMRF).":[95],"In":[96],"addition":[97],"demystifying":[99],"root":[101],"cause":[102],"this":[104,112,121,219,227],"attack":[105],"essence":[108],"vulnerability),":[111],"paper":[113],"also":[114,222],"seeks":[115],"measure":[117],"popularity":[119],"vulnerability":[122,228],"among":[123,271],"developing":[126],"CmrfScanner,":[127],"which":[128],"able":[130],"statically":[132],"detect":[133],"CMRF-vulnerability":[135],"based":[136],"on":[137],"abstract":[139],"syntax":[140],"tree":[141],"code":[144],"determine":[146],"whether":[147],"there":[148],"are":[149,215],"appIds.":[155],"We":[156,221,263],"have":[157,245],"tested":[158],"CmrfScanner":[159,184],"2,571,490":[161],"and":[164,168,174,193,229,258,274],"148,512":[165],"Baidu":[166,177,197,242],"miniapps,":[167,192],"identified":[169,186],"52,394":[170],"(2.04%)":[171],"494":[175],"(0.33%)":[176],"involve":[180],"cross-communication.":[181],"Among":[182],"them,":[183],"further":[185],"50,281":[188],"(95.97%)":[189],"493":[194],"(99.80%)":[195],"lack":[199,234],"appID":[201],"mini-apps,":[206],"indicating":[207],"large":[210],"amount":[211],"developers":[214],"not":[216,278],"aware":[217],"attack.":[220],"estimated":[223],"impact":[225],"found":[230],"55.05%":[231],"validation":[236],"(7.09%":[239],"miniapps)":[243],"direct":[246],"security":[247],"consequences":[248],"privileged":[251],"data":[252],"access,":[253],"information":[254],"leakage,":[255],"promotion":[256],"abuse,":[257],"even":[259],"shopping":[260],"for":[261],"free.":[262],"hope":[264],"our":[266],"findings":[267],"raise":[269],"awareness":[270],"developers,":[273],"future":[275],"will":[277],"be":[279],"subject":[280],"CMRF":[282],"attacks.":[283]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":16}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}