No escape from reality: Security and privacy of augmented reality browsers

WWW 2015 - Proceedings of the 24th International Conference on World Wide Web

Volumn , Issue , 2015, Pages 743-753

  McPherson, Richard ^a   Jana, Suman ^a   Shmatikov, Vitaly ^a  

^a UNIVERSITY OF TEXAS AT AUSTIN   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUGMENTED REALITY; MOBILE DEVICES; MOBILE TELECOMMUNICATION SYSTEMS;

ENGINEERING GUIDELINES; FIRST SYSTEMS; FUNCTIONAL REQUIREMENT; MOBILE APPLICATIONS; PHYSICAL WORLD; SECURITY AND PRIVACY; SECURITY ARCHITECTURE; VIRTUAL OBJECTS;

WORLD WIDE WEB;

EID: 84968784388     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2736277.2741657     Document Type: Conference Paper

References (31)

1. G. Abowd, C. Atkeson, J. Hong, S. Long, R. Kooper, and M. Pinkerton. Cyberguide: A mobile context-Aware tour guide. Wireless Networks, 3(5), 1997.
2. R. T. Azuma. A survey of augmented reality. Presence: Teleoperators and Virtual Environments, 6(4):355-385, 1997.
3. R. T. Azuma, Y. Baillot, R. Behringer, S. Feiner, S. Julier, and B. MacIntyre. Recent advances in augmented reality.computer Graphics and Applications, 21(6):34-47, 2001.
4. D. Bates, A. Barth, and C. Jackson. Regular expressions considered harmful in client-side XSS filters. In WWW, 2010.
5. A. Dabrowski, K. Krombholz, J. Ullrich, and E. Weippl. QR inception: Barcode-in-barcode attacks. In SPSM, 2014.
6. L. DAntoni, A. Dunn, S. Jana, T. Kohno, B. Livshits, D. Molnar, A. Moshchuk, E. Ofek, F. Roesner, S. Saponas, M. Veanes, and H. J. Wang. Operating system support for augmented reality applications. In HotOS, 2013.
7. Layar launches "worlds first augmented reality store". http://eurodroid.com/2010/04/28/layarlaunches-worlds-first-Augmented-reality-store, 2010.
8. S. Feiner, B. MacIntyre, T. Höllerer, and A. Webster. A touring machine: Prototyping 3D mobile augmented reality systems for exploring the urban environment. Personal Technologies, 1(4), 1997.
9. M. Georgiev, S. Jana, and V. Shmatikov. Breaking and fixing origin-based access control in hybrid Web/mobile application frameworks. In NDSS, 2014.
10. B. Henne, M. Harbach, and M. Smith. Location privacy revisited: Factors of privacy decisions. In CHI, 2013.
11. L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schechter, and C. Jackson. Clickjacking: Attacks and defenses. In USENIX Security, 2012.
12. S. Jana, D. Molnar, A. Moshchuk, A. Dunn, B. Livshits, H. J. Wang, and E. Ofek. Enabling fine-grained permissions for augmented reality applications with recognizers. In USENIX Security, 2013.
13. S. Jana, A. Narayanan, and V. Shmatikov. A scanner Darkly: Protecting user privacy from perceptual applications. In S&P, 2013.
14. Become a Junaio developer. http://www.slideshare.net/metaio-AR/why-Tobecome-A-junaio-developer, 2013.
15. A. Kharraz, E. Kirda, W. Robertson, D. Balzarotti, and A. Francillon. Optical delusions: A study of malicious QR codes in the wild. In DSN, 2014.
16. R. Kooper and B. B. MacIntyre. Browsing the real-world wide web: Maintaining awareness of virtual information in an AR information space. International Journal of Human-Computer Interaction, 16(3), 2003.
17. K. Krombholz, P. Fröhwirt, P. Kieseberg, I. Kapsalis, M. Huber, and E. Weippl. QR code security: A survey of attacks and challenges for usable security. In HCI, 2014.
18. Layar introduction for developers. http://www.slideshare.net/layarmobile/layarintroduction-for-developers, 2011.
19. Open Geospatial Consortium. OGC augmented reality markup language 2.0 (ARML 2.0) [candidate standard]. http://www.opengeospatial.org/projects/groups/arml2.0swg, 2013.
20. M. Osadchy, B. Pinkas, A. Jarrous, and B. Moskovich. SCiFI-A system for secure face identification. In S&P, 2010.
21. C. Perey. A proposal for AR browser interoperability. http://www.perey.com/ARStandards/AR-Browser-Interoperability-Architecture-Jan-21-2014-v1-2.pdf, 2014.
22. F. Roesner, T. Kohno, T. Denning, R. Calo, and B. C. Newell. Augmented reality: Hard problems of law and policy. In UPSIDE, 2014.
23. F. Roesner, T. Kohno, and D. Molnar. Security and privacy for augmented reality systems. In Communications of the ACM, volume 57, pages 88-96, 2014.
24. G. Rydstedt, E. Bursztein, and D. Boneh. Framing attacks on smart phones and dumb routers: Tap-jacking and geo-localization. In WOOT, 2010.
25. G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting frame busting: A study of clickjacking vulnerabilities at popular sites. In W2SP, 2010.
26. S. Son and V. Shmatikov. The postman always rings twice: Attacking and defending postMessage in HTML5 websites. In NDSS, 2013.
27. Same origin policy. http://www.w3.org/Security/wiki/Same-Origin-Policy.
28. J. Spohrer. Information in places. IBM Systems Journal, 38(4):602-628, 1999.
29. Wikitude for agencies. http://www.slideshare.net/wikitude/wikitudemedia-portfolio-presentation, 2012.
30. Z. Wu, Q. Ke, M. Isard, and J. Sun. Bundling features for large scale partial-duplicate web image search. In CVPR, 2009.
31. The X-Frame-Options response header. https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.