66123 Saarbrücken (Germany)
USENIX Security SymposiumUSENIX Security Symposium
ACM AsiaCCSAsiaCCS 2021
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021)IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021)
Proceedings of the 2021 Network and Distributed Systems Security SymposiumNetwork and Distributed Systems Security (NDSS) Symposium 2021
Network and Distributed Systems Security (NDSS) Symposium 2021Network and Distributed Systems Security (NDSS) Symposium 2021
The Web is arguably the most popular platform for information exchange today. To allow for a better user experience, much functionality is shifted towards the client. This shift also increases the complexity of client-side code and hence the attack surface (Stock et al. 2017). This can be exhibited in increased vulnerabilities such as Client-Side Cross-Site Scripting (Lekies, Stock, and Johns 2013). We therefore try to better understand these issues (Stock et al. 2015; Steffens et al. 2019) and develop and evaluate potential solutions (Stock et al. 2014; Musch et al. 2019). In general, our research investigates all types of client-side Web security, including areas such as CSP (Roth et al. 2020; Roth, Backes, and Stock 2020) and framing control (Calzavara et al. 2020).
Although detection of many types of web-based flaws has been in the focus of researchers over the previous years, notifying affected parties barely got any attention. For this project, we try to identify potential channels for notification and evaluate their effectiveness (Stock et al. 2016). Also, we try to improve not only on technical measures like avoiding spam filters, but also try to understand the human aspects of a notification, such as how different wording might influence the success of a notification. (Stock et al. 2018)