Proceedings on Privacy Enhancing TechnologiesPETS 2023
2023 IEEE Symposium on Security and Privacy (SP)44th IEEE Symposium on Security and Privacy
Proceedings on Privacy Enhancing Technologies (PoPETs)PETS 2023
ACM CCS 2022The 29th ACM Conference on Computer and Communications Security (CCS)
The Web is arguably the most popular platform for information exchange today. To allow for a better user experience, much functionality is shifted towards the client. This shift also increases the complexity of client-side code and hence the attack surface. This can be exhibited in increased vulnerabilities such as Client-Side Cross-Site Scripting. We therefore try to better understand these issues and develop and evaluate potential solutions In general, our research investigates all types of client-side Web security, including areas such as CSP and framing control.
Although detection of many types of web-based flaws has been in the focus of researchers over the previous years, notifying affected parties barely got any attention. For this project, we try to identify potential channels for notification and evaluate their effectiveness. Also, we try to improve not only on technical measures like avoiding spam filters, but also try to understand the human aspects of a notification, such as how different wording might influence the success of a notification.