{"id":"https://openalex.org/W2091747079","doi":"https://doi.org/10.1145/2810103.2813710","title":"The SICILIAN Defense","display_name":"The SICILIAN Defense","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W2091747079","doi":"https://doi.org/10.1145/2810103.2813710","mag":"2091747079"},"language":"en","primary_location":{"id":"doi:10.1145/2810103.2813710","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813710","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031319542","display_name":"Pratik Soni","orcid":"https://orcid.org/0000-0002-3225-3323"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Pratik Soni","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000784380","display_name":"Enrico Budianto","orcid":null},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Enrico Budianto","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034054081","display_name":"Prateek Saxena","orcid":"https://orcid.org/0000-0002-1875-8675"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Prateek Saxena","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5031319542"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":5.5622,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.95789483,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1542","last_page":"1557"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9865000247955322,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.790046215057373},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.7017374038696289},{"id":"https://openalex.org/keywords/sicilian","display_name":"Sicilian","score":0.6659563779830933},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5781274437904358},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5428857803344727},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.522158145904541},{"id":"https://openalex.org/keywords/digital-signature","display_name":"Digital signature","score":0.4974391758441925},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4324916899204254},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.41270744800567627},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.4119730293750763},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4101124405860901},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.35198748111724854},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.29605865478515625},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.23779264092445374},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.18903395533561707},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.17432284355163574},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.17208239436149597},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.12973076105117798}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.790046215057373},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.7017374038696289},{"id":"https://openalex.org/C2781122314","wikidata":"https://www.wikidata.org/wiki/Q33973","display_name":"Sicilian","level":2,"score":0.6659563779830933},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5781274437904358},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5428857803344727},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.522158145904541},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.4974391758441925},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4324916899204254},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.41270744800567627},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.4119730293750763},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4101124405860901},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35198748111724854},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.29605865478515625},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.23779264092445374},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.18903395533561707},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.17432284355163574},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.17208239436149597},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.12973076105117798},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2810103.2813710","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813710","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6700000166893005,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320307102","display_name":"Intel Corporation","ror":"https://ror.org/01ek73717"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":50,"referenced_works":["https://openalex.org/W20500501","https://openalex.org/W200873936","https://openalex.org/W1222699389","https://openalex.org/W1429964360","https://openalex.org/W1492437080","https://openalex.org/W1543478129","https://openalex.org/W1566345534","https://openalex.org/W1588861238","https://openalex.org/W1693301795","https://openalex.org/W1917555234","https://openalex.org/W1976371754","https://openalex.org/W1988111369","https://openalex.org/W1990421186","https://openalex.org/W1991074244","https://openalex.org/W2002447170","https://openalex.org/W2025874281","https://openalex.org/W2039244047","https://openalex.org/W2049214202","https://openalex.org/W2059725703","https://openalex.org/W2092215304","https://openalex.org/W2092816424","https://openalex.org/W2101678831","https://openalex.org/W2104152314","https://openalex.org/W2107466081","https://openalex.org/W2111487235","https://openalex.org/W2135143063","https://openalex.org/W2146595241","https://openalex.org/W2146717998","https://openalex.org/W2151619740","https://openalex.org/W2155690458","https://openalex.org/W2161954933","https://openalex.org/W2162671156","https://openalex.org/W2168563136","https://openalex.org/W2169868363","https://openalex.org/W2170920217","https://openalex.org/W2174441577","https://openalex.org/W2177614278","https://openalex.org/W2283491998","https://openalex.org/W2287844176","https://openalex.org/W2401831929","https://openalex.org/W2403526004","https://openalex.org/W2405282478","https://openalex.org/W2482685667","https://openalex.org/W4232617898","https://openalex.org/W4240246683","https://openalex.org/W4242584083","https://openalex.org/W4285719527","https://openalex.org/W4299301436","https://openalex.org/W6633819675","https://openalex.org/W6640222889"],"related_works":["https://openalex.org/W2150889667","https://openalex.org/W4392079573","https://openalex.org/W4233984944","https://openalex.org/W3190536237","https://openalex.org/W195300121","https://openalex.org/W2017602249","https://openalex.org/W2149234266","https://openalex.org/W2390942931","https://openalex.org/W1932157736","https://openalex.org/W1981680180"],"abstract_inverted_index":{"Whitelisting":[0],"has":[1,22],"become":[2],"a":[3,47,86,107,174],"common":[4],"practice":[5],"to":[6,32,155,167],"ensure":[7],"the":[8,34,101,117,121,126,129,133,158,162,168],"execution":[9],"of":[10,36,62,131,157,181],"trusted":[11],"applications.":[12],"However,":[13],"its":[14],"effectiveness":[15],"in":[16,40,97,119,173],"protecting":[17],"client-side":[18],"web":[19],"application":[20],"code":[21],"not":[23],"yet":[24],"been":[25],"established.":[26],"In":[27],"this":[28],"paper,":[29],"we":[30],"seek":[31],"study":[33,68],"efficacy":[35],"signature-based":[37,134],"whitelisting":[38,91],"approach":[39,89],"preventing":[41],"script":[42],"injection":[43],"attacks.":[44],"This":[45],"includes":[46],"recently-proposed":[48],"W3C":[49],"recommendation":[50],"called":[51,110],"Subresource":[52],"Integrity":[53],"(SRI),":[54],"which":[55,113],"is":[56],"based":[57],"on":[58,138],"raw":[59,73],"text":[60],"signatures":[61,74],"scripts.":[63],"Our":[64,103,136],"3-month":[65],"long":[66],"measurement":[67],"shows":[69,148],"that":[70,93,149],"applying":[71],"such":[72],"require":[75],"signature":[76],"updates":[77,166],"at":[78],"an":[79,177],"impractical":[80],"rate.":[81],"We":[82],"then":[83],"present":[84],"SICILIAN,":[85],"novel":[87],"multi-layered":[88],"for":[90],"scripts":[92],"can":[94,151],"tolerate":[95],"changes":[96],"them":[98],"without":[99],"sacrificing":[100],"security.":[102],"solution":[104],"comes":[105],"with":[106,165],"deployment":[108],"model":[109],"progressive":[111],"lockdown,":[112],"lets":[114],"browsers":[115],"assist":[116],"server":[118],"composing":[120],"whitelist.":[122,135],"Such":[123],"assistance":[124],"from":[125],"browser":[127],"minimizes":[128],"burden":[130],"building":[132],"evaluation":[137],"Alexa's":[139],"top":[140],"500":[141],"sites":[142,159],"and":[143,160],"15":[144],"popular":[145],"PHP":[146,163],"applications":[147,164],"SICILIAN":[150],"be":[152],"fully":[153],"applied":[154],"84.7%":[156],"all":[161],"whitelist":[169],"required":[170],"roughly":[171],"once":[172],"month.SICILIAN":[175],"incurs":[176],"average":[178],"performance":[179],"overhead":[180],"7.02%.":[182]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}