{"id":"https://openalex.org/W4409671537","doi":"https://doi.org/10.1145/3696410.3714887","title":"Least Privilege Access for Persistent Storage Mechanisms in Web Browsers","display_name":"Least Privilege Access for Persistent Storage Mechanisms in Web Browsers","publication_year":2025,"publication_date":"2025-04-22","ids":{"openalex":"https://openalex.org/W4409671537","doi":"https://doi.org/10.1145/3696410.3714887"},"language":"en","primary_location":{"id":"doi:10.1145/3696410.3714887","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714887","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714887","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714887","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028817422","display_name":"Gayatri Priyadarsini Kancherla","orcid":"https://orcid.org/0000-0002-1842-9353"},"institutions":[{"id":"https://openalex.org/I27674431","display_name":"Indian Institute of Technology Gandhinagar","ror":"https://ror.org/0036p5w23","country_code":"IN","type":"education","lineage":["https://openalex.org/I27674431"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Gayatri Priyadarsini Kancherla","raw_affiliation_strings":["Indian Institute of Technology Gandhinagar, Gandhinagar, India"],"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Gandhinagar, Gandhinagar, India","institution_ids":["https://openalex.org/I27674431"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102423332","display_name":"Dishank Goel","orcid":null},"institutions":[{"id":"https://openalex.org/I27674431","display_name":"Indian Institute of Technology Gandhinagar","ror":"https://ror.org/0036p5w23","country_code":"IN","type":"education","lineage":["https://openalex.org/I27674431"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Dishank Goel","raw_affiliation_strings":["Indian Institute of Technology Gandhinagar, Gandhinagar, India"],"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Gandhinagar, Gandhinagar, India","institution_ids":["https://openalex.org/I27674431"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022695129","display_name":"Abhishek Bichhawat","orcid":"https://orcid.org/0000-0002-3075-2743"},"institutions":[{"id":"https://openalex.org/I27674431","display_name":"Indian Institute of Technology Gandhinagar","ror":"https://ror.org/0036p5w23","country_code":"IN","type":"education","lineage":["https://openalex.org/I27674431"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Abhishek Bichhawat","raw_affiliation_strings":["Indian Institute of Technology Gandhinagar, Gandhinagar, India"],"affiliations":[{"raw_affiliation_string":"Indian Institute of Technology Gandhinagar, Gandhinagar, India","institution_ids":["https://openalex.org/I27674431"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5028817422"],"corresponding_institution_ids":["https://openalex.org/I27674431"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.03595072,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"4832","last_page":"4840"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7020165920257568},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.5079594254493713},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.42990589141845703},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2886899411678314}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7020165920257568},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.5079594254493713},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.42990589141845703},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2886899411678314}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3696410.3714887","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714887","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714887","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3696410.3714887","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714887","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714887","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7800732931","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320334771","funder_display_name":"Science and Engineering Research Board"}],"funders":[{"id":"https://openalex.org/F4320334771","display_name":"Science and Engineering Research Board","ror":"https://ror.org/03ffdsr55"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4409671537.pdf","grobid_xml":"https://content.openalex.org/works/W4409671537.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W137891084","https://openalex.org/W2154564703","https://openalex.org/W2186294736","https://openalex.org/W2891963243","https://openalex.org/W2901089484","https://openalex.org/W2945710818","https://openalex.org/W3154732898","https://openalex.org/W3216878076","https://openalex.org/W3217222343","https://openalex.org/W4230575913","https://openalex.org/W4254601238","https://openalex.org/W4321383449","https://openalex.org/W4353004773","https://openalex.org/W4386574347","https://openalex.org/W6816616332"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2374400535","https://openalex.org/W1603110617","https://openalex.org/W2108239983","https://openalex.org/W2892079901","https://openalex.org/W2940342784","https://openalex.org/W2390279801","https://openalex.org/W2134261832"],"abstract_inverted_index":{"Web":[0],"applications":[1,61],"often":[2],"include":[3],"third-party":[4,73,126,154,163,254],"content":[5],"to":[6,17,38,41,63,67,104,108,168,175,185,190],"personalize":[7],"a":[8,18,106],"user's":[9,19],"online":[10],"experience.":[11],"These":[12],"scripts":[13,79,127,164,207],"have":[14,35],"unrestricted":[15],"access":[16,40,52,66,85,124,161,215],"private":[20,88],"data":[21],"stored":[22,93],"in":[23,57,94,231,235],"the":[24,30,46,95,176,198,222,238,248,253],"browser's":[25],"persistent":[26,113,122],"storage,":[27],"associated":[28],"with":[29,237],"host":[31],"page.":[32],"Various":[33],"mechanisms":[34,48],"been":[36],"implemented":[37],"restrict":[39],"these":[42,78,166,191,218],"storage":[43,114,123,177,223,249],"objects,":[44],"however,":[45],"existing":[47],"provide":[49],"an":[50,118],"all-or-none":[51],"and":[53,69,86,133,146,188,201],"do":[54],"not":[55,213],"work":[56,102],"scenarios":[58],"where":[59],"web":[60],"need":[62],"allow":[64],"controlled":[65],"cookies":[68],"localstorage":[70,144],"objects":[71,167,178,250],"by":[72,125,153,172,245,252],"scripts.":[74,155,255],"If":[75],"some":[76,232],"of":[77,100,112,121,137,142,148],"behave":[80],"maliciously,":[81],"they":[82],"can":[83,242],"easily":[84],"modify":[87],"user":[89],"information":[90],"that":[91,135,179,203,227],"are":[92,151,183,212],"browser":[96,200],"objects.":[97,115,192,224],"The":[98],"goal":[99],"our":[101,195,228],"is":[103],"design":[105],"mechanism":[107],"enforce":[109],"fine-grained":[110],"control":[111],"We":[116,193,225],"perform":[117],"empirical":[119],"study":[120],"on":[128,165,197,217],"Tranco's":[129],"top":[130],"10,000":[131],"websites":[132,236],"find":[134],"89.84%":[136],"all":[138,143],"cookie":[139],"accesses,":[140],"90.98%":[141],"accesses":[145,150],"72.49%":[147],"IndexedDB":[149],"done":[152],"Our":[156],"approach":[157,196],"enforces":[158],"least":[159],"privilege":[160],"for":[162],"ensure":[169],"their":[170],"security":[171],"attaching":[173],"labels":[174],"specify":[180],"which":[181,211,241],"domains":[182],"allowed":[184,214],"read":[186],"from":[187,208,220],"write":[189],"implement":[194],"Firefox":[199],"show":[202,226],"it":[204],"effectively":[205],"blocks":[206],"other":[209],"domains,":[210],"based":[216],"labels,":[219],"accessing":[221],"enforcement":[229],"results":[230],"functionality":[233],"breakage":[234],"default":[239],"settings,":[240],"be":[243],"fixed":[244],"correctly":[246],"labeling":[247],"used":[251]},"counts_by_year":[],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}