User interface toolkit mechanisms for securing interface elements

UIST'12 - Proceedings of the 25th Annual ACM Symposium on User Interface Software and Technology

Volumn , Issue , 2012, Pages 239-249

  Roesner, Franziska ^a   Fogarty, James ^a   Kohno, Tadayoshi ^a  

^a UNIVERSITY OF WASHINGTON   (United States)

Author keywords

Security; User interface toolkits

Indexed keywords

ANDROID APPLICATIONS; INTERFACE ELEMENTS; INTERFACE LEVEL; SECURITY; SECURITY-AWARE; THIRD PARTIES; TRUST ASSUMPTIONS; USER INTERFACE TOOLKIT;

USER INTERFACES;

EID: 84869005592     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2380116.2380147     Document Type: Conference Paper

References (36)

1. R. B. Arthur and D. R. Olsen. Privacy-aware shared UI toolkit for nomadic environments. In Software Practice and Experience, 2011.
2. E. A. Bier, M. C. Stone, K. Pier, W. Buxton, and T. D. DeRose. Toolglass and Magic Lenses: The See-Through Interface. In ACM Conference on Computer Graphics (SIGGRAPH), 1993.
3. Chromium. Security Issues, Issue 52868. https://code.google.com/p/ chromium/issues/list?q=label:Security
4. R. Cox, J. Hansen, S. D. Gribble, and H. M. Levy. A Safety- Oriented Platform for Web Applications. In IEEE Symposium on Security & Privacy, 2006.
5. M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. Wallach. Quire: Lightweight Provenance for Smart Phone Operating Systems. In USENIX Security Symposium, 2011.
6. M. Dixon and J. Fogarty. Prefab: Implementing Advanced Behaviors Using Pixel-based Reverse Engineering of Interface Structure. In ACM Conference on Human Factors in Computing Systems (CHI), 2010.
7. J. R. Eagan, M. Beaudouin-Lafon, and W. E. Mackay. Cracking the Cocoa Nut: User Interface Programming at Runtime. In ACM Symposium on User Interface Software and Technology (UIST), 2011.
8. W. K. Edwards, S. Hudson, J. Marinacci, R. Rodenstein, T. Rodriguez, and I. Smith. Systematic Output Modification in a 2D User Interface Toolkit. In ACM Symposium on User Interface Software and Technology (UIST), 1997.
9. S. Egelman, L. F. Cranor, and J. Hong. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In ACM Conference on Human Factors in Computing Systems (CHI), 2008.
10. W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.
11. Facebook. Like button requires confirm step. http://developers.facebook. com/bugs/169544703153617
12. Google. AdMob. http://developers.google.com/mobile-ads-sdk/
13. M. Grace, W. Zhou, X. Jiang, and A. Sadeghi. Unsafe Exposure Analysis of Mobile In-App Advertisements. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2012.
14. R. Hansen and J. Grossman. Clickjacking. http://www.sectheory.com/ clickjacking.htm
15. I. Hickson (ed). HTML5 Web Messaging. W3C Working Draft, 2012. http://www.w3.org/TR/webmessaging/
16. B. Hartmann, L. Wu, K. Collins, S. R. Klemmer. Programming by a Sample: Rapidly Creating Web Applications with d.mix. In ACM Symposium on User Interface Software and Technology (UIST), 2007.
17. S. Hudson, J. Mankoff, and I. Smith. Extensible Input Handling in the subArctic Toolkit. In ACM Conference on Human Factors in Computing Systems (CHI), 2005.
18. H. M. Levy. Capability-Based Computer Systems. Digital Press, 1984.
19. J. Lin, J. Wong, J. Nichols, A. Cypher, and T. A. Lau. End-User Programming of Mashups with Vegemite. In ACM Conference on Intelligent User Interfaces (IUI), 2009.
20. H. R. Lipford, J. Watson, M. Whitney, K. Froiland, and R. W. Reeder. Visual vs. Compact: A Comparison of Privacy Policy Interfaces. In ACM Conference on Human Factors in Computing Systems (CHI), 2010.
21. Microsoft. User Account Control. http://msdn.microsoft.com/en-us/library/ windows/desktop/aa511445.aspx
22. S. Motiee, K. Hawkey, and K. Beznosov. Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices. In ACM Symposium on Usable Privacy and Security (SOUPS), 2010.
23. Mozilla Foundation. Known Vulnerabilities, Advisory 2008-08.http://www. mozilla.org/security/known-vulnerabilities/
24. B. Myers, S. Hudson, and R. Pausch. Past, Present, and Future of User Interface Software Tools. In ACM Transactions on Computer-Human Inteaaction (TOCHI), 2000.
25. D. R. Olsen, Jr. Evaluating User Interface Systems Research. In ACM Symposium on User Interface Software and Technology (UIST), 2007.
26. Oracle. Sealing Packages within a JAR File. http://docs.oracle.com/ javase/tutorial/deployment/jar/sealman.html
27. B. Parno, J. M. McCune, and A. Perrig. Bootstrapping Trust in Commodity Computers. In IEEE Symposium on Security & Privacy, 2010.
28. C. Reis and S. D. Gribble. Isolating Web Programs in Modern Browser Architectures. In ACM Eurosys, 2009.
29. F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and C. Cowan. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems. In IEEE Symposium Security & Privacy, 2012.
30. G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In IEEE Web 2.0 Security and Privacy (W2SP), 2010.
31. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The Emperor's New Security Indicators. In IEEE Symposium on Security & Privacy, 2007.
32. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In USENIX Security Symposium, 2009.
33. W3C. Same Origin Policy. http://www.w3.org/Security/wiki/Same-Origin- Policy
34. H. J. Wang, C. Grier, A. Moshchuk, S. King, P. Choudhury, and H. Venter. The Multi-Principal OS Construction of the Gazelle Web Browser. In USENIX Security Symposium, 2009.
35. H. J. Wang, A. Moshchuk, and A. Bush. Convergence of Desktop and Web Applications on a Multi-Service OS. In USENIX Hot Topics in Security, 2009.
36. J. Wong and J. Hong. Making Mashups with Marmite: Towards End-User Programming for the Web. In ACM Conference on Human Factors in Computing Systems (CHI), 2007.