TY - GEN
T1 - Mediums
T2 - 3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013
AU - Luo, Tongbo
AU - Jin, Xing
AU - Du, Wenliang
N1 - Copyright:
Copyright 2013 Elsevier B.V., All rights reserved.
PY - 2013
Y1 - 2013
N2 - The UI redressing attack and its variations have spread across several platforms, from web browsers to mobile systems. We study the fundamental problem underneath such attacks, and formulate a generic model called the container threat model. We believe that the attacks are caused by the system's failure to preserve visual integrity. From this angle, we study the existing countermeasures and propose a generic approach, Mediums framework, to develop a Trusted Display Base (TDB) to address this type of problems. We use the side channel to convey the lost visual information to users. From the access control perspective, we use the dynamic binding policy model to allow the server to enforce different restrictions based on different client-side scenarios.
AB - The UI redressing attack and its variations have spread across several platforms, from web browsers to mobile systems. We study the fundamental problem underneath such attacks, and formulate a generic model called the container threat model. We believe that the attacks are caused by the system's failure to preserve visual integrity. From this angle, we study the existing countermeasures and propose a generic approach, Mediums framework, to develop a Trusted Display Base (TDB) to address this type of problems. We use the side channel to convey the lost visual information to users. From the access control perspective, we use the dynamic binding policy model to allow the server to enforce different restrictions based on different client-side scenarios.
KW - Touchjacking
KW - Visual integrity
KW - Web container model
UR - http://www.scopus.com/inward/record.url?scp=84874872503&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84874872503&partnerID=8YFLogxK
U2 - 10.1145/2435349.2435394
DO - 10.1145/2435349.2435394
M3 - Conference contribution
AN - SCOPUS:84874872503
SN - 9781450318907
T3 - CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
SP - 309
EP - 316
BT - CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy
Y2 - 18 February 2013 through 20 February 2013
ER -