{"id":"https://openalex.org/W4416502083","doi":"https://doi.org/10.1145/3730567.3764490","title":"$CookieGuard:$ Characterizing and Isolating the First-Party Cookie Jar","display_name":"$CookieGuard:$ Characterizing and Isolating the First-Party Cookie Jar","publication_year":2025,"publication_date":"2025-10-28","ids":{"openalex":"https://openalex.org/W4416502083","doi":"https://doi.org/10.1145/3730567.3764490"},"language":null,"primary_location":{"id":"doi:10.1145/3730567.3764490","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764490","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3730567.3764490","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023914560","display_name":"Pouneh Nikkhah Bahrami","orcid":"https://orcid.org/0000-0002-1514-2920"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Pouneh Nikkhah Bahrami","raw_affiliation_strings":["University of California, Davis, Davis, CA, USA"],"raw_orcid":"https://orcid.org/0000-0002-1514-2920","affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037725779","display_name":"Aurore Fass","orcid":"https://orcid.org/0000-0001-6611-4447"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Aurore Fass","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"],"raw_orcid":"https://orcid.org/0000-0001-6611-4447","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011499718","display_name":"Zubair Shafiq","orcid":"https://orcid.org/0000-0002-4500-9354"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zubair Shafiq","raw_affiliation_strings":["University of California, Davis, Davis, USA"],"raw_orcid":"https://orcid.org/0000-0002-4500-9354","affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5023914560"],"corresponding_institution_ids":["https://openalex.org/I84218800"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.47510086,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"645","last_page":"661"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.847100019454956,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.847100019454956,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.07540000230073929,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.01549999974668026,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.7505000233650208},{"id":"https://openalex.org/keywords/frame","display_name":"Frame (networking)","score":0.5698999762535095},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.5491999983787537},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.4377000033855438},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4284000098705292},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.4092999994754791}],"concepts":[{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.7505000233650208},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6287999749183655},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6039000153541565},{"id":"https://openalex.org/C126042441","wikidata":"https://www.wikidata.org/wiki/Q1324888","display_name":"Frame (networking)","level":2,"score":0.5698999762535095},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.5491999983787537},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.4377000033855438},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4284000098705292},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.4092999994754791},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3732999861240387},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.3646000027656555},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.35569998621940613},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.35269999504089355},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.30160000920295715},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.2953000068664551},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.29429998993873596},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.2800000011920929}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3730567.3764490","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764490","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3730567.3764490","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764490","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W202191487","https://openalex.org/W2101678831","https://openalex.org/W2145804665","https://openalex.org/W2472584751","https://openalex.org/W2794456160","https://openalex.org/W2888081251","https://openalex.org/W2904027722","https://openalex.org/W2945710818","https://openalex.org/W2963779160","https://openalex.org/W2980960050","https://openalex.org/W3005541700","https://openalex.org/W3023348505","https://openalex.org/W3082398667","https://openalex.org/W3102356356","https://openalex.org/W3134294367","https://openalex.org/W3140911083","https://openalex.org/W3147673361","https://openalex.org/W3153365264","https://openalex.org/W3154732898","https://openalex.org/W3154807658","https://openalex.org/W3172367785","https://openalex.org/W3195407113","https://openalex.org/W3213211985","https://openalex.org/W4224319972","https://openalex.org/W4240995061","https://openalex.org/W4281773502","https://openalex.org/W4307823787","https://openalex.org/W4388858907","https://openalex.org/W4400381954"],"related_works":[],"abstract_inverted_index":{"As":[0],"third-party":[1,26,43,61,127],"cookies":[2,13,71,111,132,173],"are":[3,14],"being":[4,16,195],"phased":[5],"out":[6],"or":[7,145],"restricted":[8],"by":[9,41,197,208],"major":[10],"browsers,":[11],"first-party":[12,37,70,110,131,148,172,212],"increasingly":[15],"used":[17],"for":[18,116],"web":[19],"tracking.":[20],"Prior":[21],"work":[22,203],"has":[23],"shown":[24],"that":[25,121,129,133],"scripts":[27,128,143],"embedded":[28],"in":[29,72,112,215],"the":[30,52,73,100,113,124,192,205,209,216],"main":[31,74,114],"frame":[32,115],"can":[33],"access":[34,68,108],"and":[35,60,92,104,139,154,221],"exfiltrate":[36,130],"cookies\u2014including":[38],"those":[39],"set":[40],"other":[42],"scripts.":[44],"However,":[45],"existing":[46],"browser":[47,218],"security":[48,219],"mechanisms":[49],"such":[50,142],"as":[51],"Same-Origin":[53],"Policy":[54,58],"(SOP),":[55],"Content":[56],"Security":[57],"(CSP),":[59],"storage":[62],"partitioning":[63],"do":[64],"not":[65,136],"prevent":[66],"cross-domain":[67,107,181],"to":[69,81,109,158,170],"frame.":[75],"While":[76],"recent":[77],"studies":[78],"have":[79],"begun":[80],"highlight":[82],"this":[83,96,159],"issue,":[84],"there":[85],"remains":[86],"a":[87,166,175,223],"lack":[88,160,210],"of":[89,106,123,161,191,211],"comprehensive":[90],"measurement":[91,103],"practical":[93],"defenses.":[94],"In":[95],"work,":[97],"we":[98,163],"conduct":[99],"first":[101],"large-scale":[102],"analysis":[105],"20,000":[117],"websites.":[118],"We":[119],"find":[120],"56%":[122],"websites":[125,194],"include":[126],"they":[134],"did":[135],"originally":[137],"set,":[138],"32%":[140],"where":[141],"overwrite":[144],"delete":[146],"these":[147],"cookies.":[149],"To":[150],"mitigate":[151],"potential":[152],"confidentiality":[153],"integrity":[155],"risks":[156,206],"due":[157],"isolation,":[162],"propose":[164],"CookieGuard,":[165],"browser-based":[167],"runtime":[168],"mechanism":[169],"isolate":[171],"on":[174],"per-script-origin":[176],"basis.":[177],"CookieGuard":[178],"blocks":[179],"unauthorized":[180],"cookie":[182,213],"operations":[183],"while":[184],"preserving":[185],"site":[186],"functionality,":[187],"with":[188],"only":[189],"3%":[190],"tested":[193],"affected":[196],"Single":[198],"Sign-On":[199],"(SSO)":[200],"breakage.":[201],"Our":[202],"highlights":[204],"posed":[207],"isolation":[214],"current":[217],"model":[220],"offers":[222],"deployable":[224],"path":[225],"toward":[226],"stronger":[227],"protection.":[228]},"counts_by_year":[],"updated_date":"2025-11-28T15:57:10.994950","created_date":"2025-11-23T00:00:00"}