Securing embedded user interfaces: Android and beyond

Proceedings of the 22nd USENIX Security Symposium

Volumn , Issue , 2013, Pages 97-111

  Roesner, Franziska ^a   Kohno, Tadayoshi ^a  

^a UNIVERSITY OF WASHINGTON   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; ANDROID (OPERATING SYSTEM); EMBEDDED SYSTEMS; EMBEDDINGS; MOBILE SECURITY; SMARTPHONES; SOCIAL NETWORKING (ONLINE);

APPLICATION INTERFACES; EMBEDDED INTERFACE; EXISTING SYSTEMS; MOBILE SYSTEMS; OR APPLICATIONS; RESEARCH SYSTEM; SECURITY IMPLICATIONS; SMART-PHONE APPLICATIONS;

USER INTERFACES;

EID: 85076323421     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (31)

1. BARTH, A. Security in Depth: HTML5's @sand-box, 2010. http://blog.chromium.org/2010/05/security-in-depth-html5s-sandbox.html.
2. BEGEMANN, O. Remote View Controllers in iOS 6, Oct. 2012. http://oleb.net/blog/2012/02/what-ios-should-learn-from-android-and-windows-8/.
3. DIETZ, M., SHEKHAR, S., PISETSKY, Y., SHU, A., AND WALLACH, D. S. Quire: Lightweight Provenance for Smart Phone Operating Systems. In 20th USENIX Security Symposium (2011).
4. EPSTEIN, J., MCHUGH, J., and PASCALE, R. Evolution of a Trusted B3 Window System Prototype. In IEEE Symposium on Security and Privacy (1992).
5. ETTRICH, M., and TAYLOR, O. XEmbed Protocol Specification, 2002. http://standards.freedesktop.org/xembed-spec/xembed-spec-latest.html.
6. FACEBOOK. Social Plugins. https://developers.facebook.com/docs/plugins/.
7. FACEBOOK. Like button requires confirm step, 2012. https://developers.facebook.com/bugs/412902132095994/.
8. FELT, A. P., HA, E., EGELMAN, S., HANEY, A., CHIN, E., and WAGNER, D. Android permissions: user attention, comprehension, and behavior. In 8th Symposium on Usable Privacy and Security (2012).
9. GETTYS, J., and PACKARD, K. The X Window System. ACM Transactions on Graphics 5 (1986), 79-109.
10. GOOGLE. AdMob Ads SDK. https://developers.google.com/mobile-ads-sdk/.
11. HUANG, L.-S., MOSHCHUK, A., and WANG., H. J., SCHECHTER, S., and JACKSON, C. Clickjacking: Attacks and Defenses. In 21st USENIX Security Symposium (2012).
12. LUO, T., HAO, H., DU, W., WANG, Y., and YIN, H. Attacks on WebView in the Android system. In 27th Annual Computer Security Applications Conference (2011).
13. LUO, T., JIN, X., ANANTHANARAYANAN, A., and DU, W. Touchjacking Attacks on Web in Android, iOS, and Windows Phone. In 5th International Symposium on Foundations and Practice of Security (2012).
14. MICROSOFT. User Account Control. microsoft.com/en-us/library/windows/desktop/aa511445.aspx.
15. MOSHCHUK, A., BRAGIN, T., DEVILLE, D., GRIBBLE, S. D., and LEVY, H. M. SpyProxy: Execution-Based Detection of Malicious Web Content. In 16th USENIX Security Symposium (2007).
16. MOTIEE, S., HAWKEY, K., and BEZNOSOV, K. Do Windows Users Follow the Principle of Least Privilege?: Investigating User Account Control Practices. In Symposium on Usable Privacy and Security (2010).
17. PEARCE, P., and FELT., A. P., NUNEZ, G., and WAGNER, D. Ad-Droid: Privilege Separation for Applications and Advertisers in Android. In ACM Symposium on Information, Computer and Communications Security (AsiaCCS) (2012).
18. ROESNER, F., FOGARTY, J., and KOHNO, T. User InterfaceToolkit Mechanisms for Securing Interface Elements. In 25th ACM Symposium on User Interface Software and Technology (2012).
19. ROESNER, F., KOHNO, T., MOSHCHUK, A., PARNO, B., and WANG., H. J., and COWAN, C. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems. In IEEE Symposium on Security and Privacy (2012).
20. RYDSTEDT, G., BURSZTEIN, E., BONEH, D., and JACKSON, C. Busting Frame Busting: A Study of Clickjacking Vulnerabilities on Popular Sites. In IEEE Workshop on Web 2.0 Security and Privacy (2010).
21. SCHECHTER, S., DHAMIJA, R., OZMENT, A., and FISCHER, I. The Emperor's New Security Indicators. In IEEE Symposium on Security and Privacy (2007).
22. SHAPIRO, J. S., VANDERBURGH, J., NORTHUP, E., and CHIZ-MADIA, D. Design of the EROS Trusted Window System. In 13th USENIX Security Symposium (2004).
23. SHEKHAR, S., DIETZ, M., and WALLACH, D. S. AdSplit: Separating Smartphone Advertising from Applications. In 21st USENIX Security Symposium (2012).
24. SOPHOS LABS. Facebook Worm: Likejacking, 2010. http://nakedsecurity.sophos.com/2010/05/31/facebook-likejacking-worm/.
25. TANG, S., MAI, H., and KING, S. T. Trust and Protection in the Illinois Browser Operating System. In USENIX Symposium on Operating Systems Design and Implementation (2010).
26. TEMPLEMAN, R., RAHMAN, Z., CRANDALL, D. J., and KA-PADIA, A. Placeraider: Virtual theft in physical spaces with smartphones. CoRR abs/1209.5982 (2012).
27. W3C. Same Origin Policy. http://www.w3.org/Security/wiki/Same_Origin_Policy.
28. W3C. Device API Working Group, 2011. http://www.w3.org/2009/dap/.
29. WANG, H. J., GRIER, C., MOSHCHUK, A., KING, S. T., CHOUDHURY, P., and VENTER, H. The Multi-Principal OS Construction of the Gazelle Web Browser. In 18th USENIX Security Symposium (2009).
30. WOODWARD, J. P. L. Security Requirements for System High and Compartmented Mode Workstations. Tech. Rep. MTR 9992, Revision 1 (also published by the Defense Intelligence Agency as DDS-2600-5502-87), The MITRE Corporation, Nov. 1987.
31. YEE, K.-P. Aligning Security and Usability. IEEE Security and Privacy 2(5) (Sept. 2004), 48-55.