Data

Tools

Indexes

Applications

Experiments

Open Source Science

xs-observations

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"

https://github.com/cispa/xs-observations

Science Score: 57.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 3 DOI reference(s) in README
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (7.3%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"

Basic Info
Statistics
  • Stars: 14
  • Watchers: 3
  • Forks: 2
  • Open Issues: 0
  • Releases: 0
Created about 3 years ago · Last pushed about 1 year ago
Metadata Files
Readme License Citation

README.md

XS-Observations

This repository contains the code for our paper: "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web" IEEE S&P 2023.

The code is split up in the Test Browser Framework (TBF; Chapter III) and the Does-it-leak Pipeline (DIL; Chapter IV).

Test Browser Framework

Automatically discover observation channels in browsers that leak information cross-site and create decision trees to visualize the leak capabilities of the observation channels. More details and explanations on how to run and extend the framework are in the TBF Readme.

Does-it-leak Pipeline

Scan websites for XS-Leaks in a fully automatic manner (visit inference, cookie acceptance inference, and custom states such as login). More details in the DIL Readme.

Contact

If there are questions about our tools or paper, please either file an issue or contact jannis.rautenstrauch (AT) cispa.de.

Research Paper

The paper is available at the IEEE Computer Society Digital Library.

You can cite our work with the following BibTeX entry: latex @inproceedings{rautenstrauch2024xsleaks, author = {Rautenstrauch, Jannis and Pellegrino, Giancarlo and Stock, Ben}, booktitle = {IEEE Symposium on Security and Privacy}, title = {{The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web}}, year = {2023}, doi = {10.1109/SP46215.2023.10179311}, }

Owner

  • Name: CISPA
  • Login: cispa
  • Kind: organization
  • Email: front-office@cispa.de
  • Location: Saarbrücken, Saarland, Germany

Citation (CITATION.cff) 

cff-version: 1.2.0
message: If you use this software, please cite both the article from preferred-citation and the software itself.
authors:
  - family-names: Rautenstrauch
    given-names: Jannis
  - family-names: Pellegrino
    given-names: Giancarlo
  - family-names: Stock
    given-names: Ben
title: 'The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web'
version: 1.0.0
doi: 10.1109/SP46215.2023.10179311
date-released: '2023-09-26'
preferred-citation:
  authors:
    - family-names: Rautenstrauch
      given-names: Jannis
    - family-names: Pellegrino
      given-names: Giancarlo
    - family-names: Stock
      given-names: Ben
  title: 'The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web'
  doi: 10.1109/SP46215.2023.10179311
  type: conference-paper
  year: '2023'
  collection-title: IEEE Symposium on Security and Privacy
  conference: {}
  publisher: {}

GitHub Events

Total
  • Issues event: 2
  • Watch event: 2
  • Issue comment event: 2
  • Push event: 1
  • Fork event: 1
Last Year
  • Issues event: 2
  • Watch event: 2
  • Issue comment event: 2
  • Push event: 1
  • Fork event: 1