Works (19)

Updated: August 8th, 2024 05:01

2023 journal article

WRIT: Web Request Integrity and Attestation Against Malicious Browser Extensions

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 21(4), 3082–3095.

By: G. Vasiliadis*, A. Karampelas*, A. Shevtsov*, P. Papadopoulos*, S. Ioannidis* & A. Kapravelos n

author keywords: Remote attestation; trust and provenance; web integrity; Remote attestation; trust and provenance; web integrity
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: August 5, 2024

2022 article

Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking

PROCEEDINGS OF THE ACM WEB CONFERENCE 2022 (WWW'22), pp. 710–720.

By: J. Jueckstock n, P. Snyder, S. Sarker n, A. Kapravelos n & B. Livshits*

author keywords: browsers; cookies; compatibility; breakage; tracking; privacy; measurement; crawling
TL;DR: It is found that making third-party storage partitioned by first-party, and lifetimes by site-session achieves the best privacy and compatibility trade-off. (via Semantic Scholar)
Source: Web Of Science
Added: October 31, 2022

2022 article

SoK: Workerounds - Categorizing Service Worker Attacks and Mitigations

2022 IEEE 7TH EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P 2022), pp. 555–571.

By: K. Subramani, J. Jueckstock n, A. Kapravelos n & R. Perdisci*

TL;DR: Measurements show that it should be feasible to implement and enforce stricter SW security policies without a significant impact on most legitimate production SWs and explore new abuse paths that have not previously been considered. (via Semantic Scholar)
Source: Web Of Science
Added: September 26, 2022

2022 article

yoU aRe a Liar://A Unified Framework for Cross-Testing URL Parsers

2022 43RD IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2022), pp. 51–58.

By: D. Ajmani n, I. Koishybayev n & A. Kapravelos n

author keywords: URL; parser; spoofing; web security; SSRF
TL;DR: A framework that unifies the testing suites of 8 URL parsers from popular web-related projects and highlights the inconsistencies between them is designed, identifying categories of inconsistencies and highlighting the need for a comprehensive implementation standard to be developed and enforced at the earliest. (via Semantic Scholar)
Source: Web Of Science
Added: September 26, 2022

2021 article

Browserprint: An Analysis of the Impact of Browser Features on Fingerprintability and Web Privacy

INFORMATION SECURITY (ISC 2021), Vol. 13118, pp. 161–176.

By: S. Akhavani*, J. Jueckstock n, J. Su n, A. Kapravelos n, E. Kirda* & L. Lu*

author keywords: Browser security; Fingerprinting; Privacy; Web security
TL;DR: The results show an alarming trend that browsers are becoming more fingerprintable over time because newer versions contain more fingerprintable APIs compared to older ones. (via Semantic Scholar)
Source: Web Of Science
Added: March 28, 2022

2021 article

Cookie Swap Party: Abusing First-PartyCookies for Web Tracking

PROCEEDINGS OF THE WORLD WIDE WEB CONFERENCE 2021 (WWW 2021), pp. 2117–2129.

By: Q. Chen n, P. Ilia*, M. Polychronakis* & A. Kapravelos n

TL;DR: A dynamic data flow tracking system based on Chromium is proposed to track the leakage of first-party cookies to third parties, and a large-scale study of the Alexa top 10K websites finds that 97.72% of the websites have first- party cookies that are set by third-party JavaScript, and that on 57.66% of these websites there is at least one such cookie that contains a unique user identifier that is diffused to multiple third parties. (via Semantic Scholar)
Source: Web Of Science
Added: March 14, 2022

2021 article

CrawlPhish: Large-Scale Analysis of Client-Side Cloaking Techniques in Phishing

Zhang, P., Oest, A., Cho, H., Sun, Z., Johnson, R. C., Wardman, B., … Ahn, G.-J. (2021, December 10). IEEE SECURITY & PRIVACY.

By: P. Zhang*, A. Oest*, H. Cho*, Z. Sun*, R. Johnson*, B. Wardman*, S. Sarker n, A. Kapravelos n ...

author keywords: Phishing; Codes; Browsers; Security; Crawlers; Visualization; Internet
Source: Web Of Science
Added: January 3, 2022

2021 article

Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases

28TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2021).

By: S. Dinh*, H. Cho*, K. Martin n, A. Oest*, K. Zeng*, A. Kapravelos n, G. Ahn*, T. Bao* ...

TL;DR: Favocado is proposed, a novel fuzzing approach that focuses on fuzzing binding layers of JavaScript runtime systems and can generate syntactically and semantically correct JavaScript test cases through the use of extracted semantic information and careful maintaining of execution states. (via Semantic Scholar)
Source: Web Of Science
Added: August 30, 2021

2021 article

Towards Realistic and Reproducible Web Crawl Measurements

PROCEEDINGS OF THE WORLD WIDE WEB CONFERENCE 2021 (WWW 2021), pp. 80–91.

By: J. Jueckstock n, S. Sarker n, P. Snyder, A. Beggs n, P. Papadopoulos*, M. Varvello*, B. Livshits*, A. Kapravelos n

TL;DR: This work improves the state of web privacy and security by investigating how key measurements differ when using naive crawling tool defaults vs. careful attempts to match “real” users across the Tranco top 25k web domains. (via Semantic Scholar)
Source: Web Of Science
Added: January 10, 2022

2019 article

Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat

WEB CONFERENCE 2019: PROCEEDINGS OF THE WORLD WIDE WEB CONFERENCE (WWW 2019), pp. 3244–3250.

TL;DR: To protect users against unnecessary extension fingerprinting due to bloat, the design and implementation of an in-browser mechanism that provides coarse-grained access control for extensions on all websites are described. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: September 30, 2019

2019 article

VisibleV8: In-browser Monitoring of JavaScript in the Wild

IMC'19: PROCEEDINGS OF THE 2019 ACM INTERNET MEASUREMENT CONFERENCE, pp. 393–405.

By: J. Jueckstock n & A. Kapravelos n

TL;DR: VisibleV8 is a dynamic analysis framework hosted inside V8, the JS engine of the Chrome browser, that logs native function or property accesses during any JS execution and consistently outperforms equivalent inline instrumentation, and it intercepts accesses impossible to instrument inline. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: March 30, 2020

2019 article

Wild Extensions: Discovering and Analyzing Unlisted Chrome Extensions

DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT (DIMVA 2019), Vol. 11543, pp. 3–22.

By: A. Beggs n & A. Kapravelos n

author keywords: Browser extensions; Javascript; Browser security
TL;DR: The abuse of browser extensions that achieve installations via suspicious methods is explored and 1,097 unlisted browser extensions ranging from internal directory lookup tools to hidden Google Docs extensions that pose a serious threat to their 127 million users are found. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: January 6, 2020

2018 article

Mystique: Uncovering Information Leakage from Browser Extensions

PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), pp. 1687–1700.

By: Q. Chen n & A. Kapravelos n

author keywords: Privacy; Browser Extensions; JavaScript; Taint Analysis; Information Flow
TL;DR: A taint analysis framework for browser extensions is developed and used to perform a large scale study of extensions in regard to their privacy practices, and the need for countermeasures to safeguard against misbehaving extensions that abuse their privileges is emphasized. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: April 9, 2019

2016 article

Cloak of Visibility: Detecting When Machines Browse A Different Web

2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), pp. 743–758.

By: L. Invernizzi*, K. Thomas*, A. Kapravelos n, O. Comanescu*, J. Picod* & E. Bursztein*

TL;DR: This study provides the first broad perspective of cloaking as it affects Google Search and Google Ads and underscores the minimum capabilities necessary of security crawlers to bypass the state of the art in mobile, rDNS, and IP cloaking. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2014 chapter

PExy: The Other Side of Exploit Kits

In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 132–151).

By: G. De Maio*, A. Kapravelos*, Y. Shoshitaishvili*, C. Kruegel* & G. Vigna*

TL;DR: The drive-by download scene has changed dramatically in the last few years and what was a disorganized ad-hoc generation of malicious pages by individuals has evolved into sophisticated, easily extensible frameworks that incorporate multiple exploits at the same time and are highly configurable. (via Semantic Scholar)
Source: Crossref
Added: August 28, 2020

2011 chapter

Escape from Monkey Island: Evading High-Interaction Honeyclients

In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 124–143).

By: A. Kapravelos*, M. Cova*, C. Kruegel* & G. Vigna*

TL;DR: This paper examines the security model that high-interaction honeyclients use and evaluates their weaknesses in practice, and presents a number of possible attacks that evade the detection of these tools, while successfully attacking regular visitors of malicious web pages. (via Semantic Scholar)
Source: Crossref
Added: August 28, 2020

2010 chapter

D(e|i)aling with VoIP: Robust Prevention of DIAL Attacks

In Computer Security – ESORICS 2010 (pp. 663–678).

By: A. Kapravelos*, I. Polakis*, E. Athanasopoulos, S. Ioannidis* & E. Markatos*

TL;DR: The nature of the attack is such that anyone can launch a Dial attack towards any telephone device, and the attack has zero financial cost, requires negligible computational resources and cannot be traced back to the attacker. (via Semantic Scholar)
Source: Crossref
Added: August 28, 2020

2009 chapter

FleXConf: A Flexible Conference Assistant Using Context-Aware Notification Services

In Lecture Notes in Computer Science (pp. 108–117).

By: N. Armenatzoglou*, Y. Marketakis*, L. Kriara*, E. Apostolopoulos*, V. Papavasiliou*, D. Kampas*, A. Kapravelos*, E. Kartsonakis* ...

TL;DR: FlexConf is presented, a semantics-based system that supports location-based, personalized notification services for the assistance of conference attendees and its special features include an ontology-based representation model, rule-based context-aware reasoning, and a novel positioning system for indoor environments. (via Semantic Scholar)
Source: Crossref
Added: August 28, 2020

2009 chapter

Realistic Passive Packet Loss Measurement for High-Speed Networks

In Traffic Monitoring and Analysis (pp. 1–7).

By: A. Friedl*, S. Ubik*, A. Kapravelos*, M. Polychronakis* & E. Markatos*

TL;DR: Experimental results suggest that the proposed approach measures packet loss with 100% accuracy for network speeds as high as 12 Gbit/s, while traditional ICMP-based approaches were usually much less accurate. (via Semantic Scholar)
Source: Crossref
Added: August 28, 2020

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.