{"id":"https://openalex.org/W3201072051","doi":"https://doi.org/10.13016/zniq-0oud","title":"Measuring and Mitigating Potential Risks of Third-party Resource Inclusions","display_name":"Measuring and Mitigating Potential Risks of Third-party Resource Inclusions","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3201072051","doi":"https://doi.org/10.13016/zniq-0oud","mag":"3201072051"},"language":"en","primary_location":{"id":"mag:3201072051","is_oa":false,"landing_page_url":"https://drum.lib.umd.edu/handle/1903/27947","pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},"type":"dissertation","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.13016/zniq-0oud","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049715396","display_name":"Soumya Indela","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Indela, Soumya","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5049715396"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5192000269889832,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5192000269889832,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.22390000522136688,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.06830000132322311,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.4964514374732971},{"id":"https://openalex.org/keywords/natural-resource-economics","display_name":"Natural resource economics","score":0.38935017585754395},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.35770490765571594},{"id":"https://openalex.org/keywords/environmental-planning","display_name":"Environmental planning","score":0.3434961438179016},{"id":"https://openalex.org/keywords/environmental-resource-management","display_name":"Environmental resource management","score":0.32160377502441406},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.3197247087955475},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.26633530855178833},{"id":"https://openalex.org/keywords/environmental-science","display_name":"Environmental science","score":0.2370251715183258},{"id":"https://openalex.org/keywords/economics","display_name":"Economics","score":0.1842900514602661}],"concepts":[{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.4964514374732971},{"id":"https://openalex.org/C175605778","wikidata":"https://www.wikidata.org/wiki/Q3299701","display_name":"Natural resource economics","level":1,"score":0.38935017585754395},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.35770490765571594},{"id":"https://openalex.org/C91375879","wikidata":"https://www.wikidata.org/wiki/Q15473274","display_name":"Environmental planning","level":1,"score":0.3434961438179016},{"id":"https://openalex.org/C107826830","wikidata":"https://www.wikidata.org/wiki/Q929380","display_name":"Environmental resource management","level":1,"score":0.32160377502441406},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.3197247087955475},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.26633530855178833},{"id":"https://openalex.org/C39432304","wikidata":"https://www.wikidata.org/wiki/Q188847","display_name":"Environmental science","level":0,"score":0.2370251715183258},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.1842900514602661},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"mag:3201072051","is_oa":false,"landing_page_url":"https://drum.lib.umd.edu/handle/1903/27947","pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":null},{"id":"doi:10.13016/zniq-0oud","is_oa":true,"landing_page_url":"https://doi.org/10.13016/zniq-0oud","pdf_url":null,"source":{"id":"https://openalex.org/S4306402644","display_name":"Digital Repository at the University of Maryland (University of Maryland College Park)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I66946132","host_organization_name":"University of Maryland, College Park","host_organization_lineage":["https://openalex.org/I66946132"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.13016/zniq-0oud","is_oa":true,"landing_page_url":"https://doi.org/10.13016/zniq-0oud","pdf_url":null,"source":{"id":"https://openalex.org/S4306402644","display_name":"Digital Repository at the University of Maryland (University of Maryland College Park)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I66946132","host_organization_name":"University of Maryland, College Park","host_organization_lineage":["https://openalex.org/I66946132"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.7599999904632568,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2513214319","https://openalex.org/W2494226736","https://openalex.org/W3095143656","https://openalex.org/W3199139932","https://openalex.org/W2479759072"],"abstract_inverted_index":{"In":[0],"today's":[1],"computer":[2],"services,":[3],"developers":[4,44,204],"commonly":[5],"use":[6,176,386,423,442],"third-party":[7,16,32,90,127,147,168,297,522,602,613],"resources":[8,33,91,523],"like":[9],"libraries,":[10],"hosting":[11],"infrastructure":[12],"and":[13,21,92,114,180,202,209,225,268,272,286,327,350,364,431,439,474,528,596],"advertisements.":[14],"Using":[15],"components":[17],"improves":[18],"the":[19,23,48,55,84,87,102,120,126,131,141,146,162,199,213,284,291,374,394,451,456,497,506,536,585,593],"efficiency":[20],"enhances":[22],"quality":[24],"of":[25,53,67,89,97,217,263,313,320,387,403,424,499,540,559,576,589,629],"developing":[26],"custom":[27],"applications.":[28],"However,":[29],"while":[30],"using":[31,266,390],"adopts":[34,38],"their":[35,39,354,369,422],"benefits,":[36],"it":[37,156],"vulnerabilities,":[40],"as":[41,50,193,344],"well.":[42],"Unfortunately,":[43],"are":[45,57,247,383,418,465,487,615],"uninformed":[46],"about":[47],"risks,":[49,453],"a":[51,65,229,310,317,400,404,407,501,532,541,556,560,573,636],"result":[52],"which,":[54],"services":[56],"susceptible":[58],"to":[59,71,205,357,360,377,398,429,433,445,481,510,545,583,599,606,635],"various":[60],"attacks.":[61],"There":[62],"has":[63],"been":[64],"lot":[66],"work":[68,553],"on":[69,101,240,261,393],"how":[70,254],"develop":[72],"first-hand":[73],"secure":[74],"services.":[75],"The":[76,477],"key":[77],"focus":[78],"in":[79,86,151,167,296,303,316,353,368,410,421,496],"my":[80,581],"thesis":[81],"is":[82,119,134,140,185,548],"quantifying":[83],"risks":[85,106,166,295],"inclusion":[88],"looking":[93],"into":[94,112],"possible":[95],"ways":[96,104],"mitigating":[98],"them.":[99],"Based":[100],"fundamental":[103],"that":[105,122,143,228,246,414,534,570,611,626],"arise,":[107],"we":[108,170,220,226,243,273,299,396,454,479,518],"broadly":[109],"classify":[110],"them":[111,598],"Direct":[113,117],"Indirect":[115],"Risks.":[116],"risk":[118,121,139,142],"comes":[123,144],"with":[124,145,468],"invoking":[125],"resource":[128,148,301,341,365,376,388,425,443,586,603],"incorrectly\u2014even":[129],"if":[130,155],"third":[132,631],"party":[133],"otherwise":[135],"trustworthy":[136],"whereas":[137],"indirect":[138,452],"potentially":[149],"acting":[150],"an":[152,332],"untrustworthy":[153],"manner\u2014even":[154],"were":[157],"invoked":[158],"correctly.":[159],"To":[160,289,449,514],"understand":[161,206,290,520,600],"security":[163,182,207,280],"related":[164,293],"direct":[165,294],"inclusions,":[169,298],"study":[171,300,455],"cryptographic":[172,188,218],"frameworks.":[173],"Developers":[174],"often":[175],"these":[177,235,255,335,516,612,630],"frameworks":[178,189,265],"incorrectly":[179],"introduce":[181],"vulnerabilities.":[183],"This":[184,547],"because":[186],"current":[187],"erode":[190],"abstraction":[191],"boundaries,":[192],"they":[194],"do":[195],"not":[196,616],"encapsulate":[197],"all":[198],"framework-specific":[200],"knowledge":[201],"expect":[203],"attacks":[208],"defenses.":[210],"Starting":[211],"from":[212,592],"documented":[214],"misuse":[215],"cases":[216],"APIs,":[219],"infer":[221],"five":[222],"developer":[223],"needs":[224,236],"show":[227,253,569],"good":[230],"API":[231],"design":[232,270],"would":[233],"address":[234,482],"only":[237,555],"partially.":[238],"Building":[239],"this":[241,571],"observation,":[242],"propose":[244,274],"APIs":[245],"semantically":[248],"meaningful":[249],"for":[250,278,329,334,489],"developers.":[251],"We":[252,379,412,624],"interfaces":[256],"can":[257,633],"be":[258],"implemented":[259],"consistently":[260],"top":[262],"existing":[264,622],"novel":[267],"known":[269],"patterns,":[271],"build":[275],"management":[276],"hooks":[277],"isolating":[279],"workarounds":[281],"needed":[282],"during":[283],"development":[285],"test":[287],"phases.":[288],"performance":[292],"hints":[302,389,444],"webpage":[304,405],"HTML.":[305],"Today's":[306],"websites":[307,338,382,417,464,524,591],"involve":[308],"loading":[309,472,500,511],"large":[311],"number":[312],"resources,":[314,326],"resulting":[315],"considerable":[318],"amount":[319],"time":[321,336],"issuing":[322],"DNS":[323,345,362],"requests,":[324],"requesting":[325],"waiting":[328],"responses.":[330],"As":[331],"optimization":[333],"sinks,":[337],"may":[339,440],"load":[340,525],"hints,":[342,426],"such":[343,490],"prefetch,":[346],"preconnect,":[347],"preload,":[348],"pre-render,":[349],"prefetch":[351],"tags":[352],"HTML":[355],"files":[356],"cause":[358],"clients":[359,428],"initiate":[361],"queries":[363],"fetches":[366],"early":[367],"web-page":[370],"downloads":[371],"before":[372],"encountering":[373],"precise":[375],"download.":[378],"explore":[380],"whether":[381],"making":[384],"effective":[385],"techniques":[391],"based":[392],"tool":[395,533,562,582],"developed":[397],"obtain":[399],"complete":[401,538],"snapshot":[402],"at":[406],"given":[408],"point":[409,495],"time.":[411],"find":[413],"many":[415],"popular":[416,463],"highly":[419],"ineffective":[420],"causing":[427],"query":[430],"connect":[432],"extraneous":[434],"domains,":[435],"download":[436],"unnecessary":[437],"data,":[438],"even":[441],"bypass":[446],"ad":[447],"blockers.":[448],"evaluate":[450],"web":[457],"topology.":[458],"Users":[459],"who":[460],"visit":[461],"benign,":[462],"unfortunately":[466],"bombarded":[467],"malicious":[469,491,607],"popups,":[470],"malware-":[471],"sites,":[473],"phishing":[475],"sites.":[476],"questions":[478],"want":[480],"here":[483],"are:":[484],"Which":[485],"domains":[486],"responsible":[488],"activity?":[492],"At":[493],"what":[494,521],"process":[498],"popular,":[502],"trusted":[503],"website":[504],"does":[505],"trust":[507],"break":[508],"down":[509],"dangerous":[512],"content?":[513],"answer":[515],"questions,":[517],"first":[519],"(both":[526],"directly":[527],"indirectly).":[529],"I":[530,568,578,609],"present":[531],"constructs":[535],"most":[537,551],"map":[539],"website\u2019s":[542],"resource-level":[543],"topology":[544,587],"date.":[546],"surprisingly":[549],"nontrivial;":[550],"prior":[552],"used":[554],"single":[557,561],"run":[558],"(e.g.,":[563],"Puppeteer":[564],"or":[565,619],"Selenium),":[566],"but":[567],"misses":[572],"significant":[574],"fraction":[575],"resources.":[577,608],"then":[579],"apply":[580],"collect":[584],"graphs":[588],"20,000":[590],"Alexa":[594],"ranking,":[595],"analyze":[597],"which":[601],"inclusions":[604,614],"lead":[605,634],"believe":[610],"always":[617],"constant":[618],"blocked":[620],"by":[621],"Ad-blockers.":[623],"argue":[625],"greater":[627],"accountability":[628],"parties":[632],"safer":[637],"web.":[638]},"counts_by_year":[],"updated_date":"2026-03-03T08:47:05.690250","created_date":"2025-10-10T00:00:00"}