Mediums: Visual integrity preserving framework

Tongbo Luo, Xing Jin, Wenliang Du

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

The UI redressing attack and its variations have spread across several platforms, from web browsers to mobile systems. We study the fundamental problem underneath such attacks, and formulate a generic model called the container threat model. We believe that the attacks are caused by the system's failure to preserve visual integrity. From this angle, we study the existing countermeasures and propose a generic approach, Mediums framework, to develop a Trusted Display Base (TDB) to address this type of problems. We use the side channel to convey the lost visual information to users. From the access control perspective, we use the dynamic binding policy model to allow the server to enforce different restrictions based on different client-side scenarios.

Original languageEnglish (US)
Title of host publicationCODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
Pages309-316
Number of pages8
DOIs
StatePublished - Mar 18 2013
Event3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013 - San Antonio, TX, United States
Duration: Feb 18 2013Feb 20 2013

Publication series

NameCODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

Other

Other3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013
CountryUnited States
CitySan Antonio, TX
Period2/18/132/20/13

Keywords

  • Touchjacking
  • Visual integrity
  • Web container model

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'Mediums: Visual integrity preserving framework'. Together they form a unique fingerprint.

  • Cite this

    Luo, T., Jin, X., & Du, W. (2013). Mediums: Visual integrity preserving framework. In CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (pp. 309-316). (CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy). https://doi.org/10.1145/2435349.2435394