期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Android系统点击劫持攻防技术研究

Study of Clickjacking Technology on Android
下载PDF
导出
摘要 点击劫持攻击是近年来出现的一种新型Web攻击手段,使用多层透明或不透明的界面欺骗用户点击实现攻击。随着移动互联网的发展和普及,此类攻击逐渐在移动平台中出现,并具有更强的隐蔽性和危害性。文中在总结传统Web点击劫持攻击方法的基础上,深入研究了Android系统中点击劫持攻击的原理,重点分析了基于通知视图(Toast)的点击劫持攻击(Tapjacking)与基于网页视图(Web View)的点击劫持攻击两种攻击方式的实现方法。由于X-FRAME-OPTIONS与Frame Busting代码等传统Web点击劫持防御方法存在一定局限性,无法有效地防御Android系统点击劫持攻击,文中研究了几种针对Android系统点击劫持攻击的防御手段,能在一定程度上减缓该类攻击的危害。 Clickjacking is a new type of Web attack in recent years. It uses transparent or overlapping interfaces spoofing user clicks. With the development and popularization of Mobile Internet, such attack appears on the mobile platforms, and is more harmful and indetect- able. In this paper, based on summarizing the traditional Clickjacking attack on the web, research the theories in depth on Android, mainly analyze Tapjacking and WebView-based Clickjacking. Because the traditional Clickjacking has certain limitations such as X-FRAME- OPTIONS and Frame Busting code, cannot effectively defense Android Clickjacking attack, in this paper study several defense way a- gainst Clickjacking, which can slow down the dangers of this kind of attack to a certain extent.
作者 钱正旸 施勇 薛质
机构地区 上海交通大学信息安全工程学院 上海市信息安全综合管理技术研究重点实验室
出处 《计算机技术与发展》 2015年第10期135-139,共5页 Computer Technology and Development
基金 国家自然科学基金资助项目(61332010)
关键词 Android安全 点击劫持 Tapjacking WEBVIEW Android security Clickjacking Tapjacking WebView
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Top 8operating systems from Nov 2013 to Nov 2014 [ EB/ OL ]. [ 2013 ]. http ://gs. statcounter, corn/# all - os - ww - monthly-201311-201411.
  • 2Clickjacking [ EB/OL ]. [ 2014 ]. https ://www. owasp, org,/in- dex. php/Clickjacking.
  • 3Iframe content background defaults to transparent[ EB/OL]. [2013 ]. https ://bugzilla. mozilla, org/show_bug, cgi? id = 154957.
  • 4SecTheory. Clickjacking[ EB/OL]. [ 2013 ]. http ://www. sec- theory, com/clickjacking, htm.
  • 5Stone P. Next generation clickjacking [ R/OL ]. 2010. http :// www. contextis, com/documents/5/Context - Clickjacking_ white_paper, pdf.
  • 6Niemietz M. Ui redressing:attacks and countermeasures revisi- ted[ R/OL]. 2011. http ://ui-redressing. mniemietz, de/uiRe- dressing, pdf.
  • 7Huang L S, Moshchuk A, Wang H J, et al. Clickjacking: at- tacks and defenses[ C]//Proc of USENIX security symposi- um. [ s. 1. ] :USENIX Association,2012:413-428.
  • 8Rydstedt G,Gourdin B, Bursztein E, et al. Framing attacks on smart phones and dumb routers:tap-jacking and geo-localiza- tion attacks[ C ]//Proceedings of the 4th USENIX conference on offensive technologies. [ s. 1. ] : USENIX Association ,2010 : 1-8.
  • 9Luo T,Jin X, Ananthanarayanan A, et al. Touchjacking attacks on web in Android, IOS, and windows phone [ M ]//Founda- tions and practice of security. Berlin: Springer,2013: 227- 243.
  • 10Android. webkit I Android developers [ EB/OL]. [ 2014 ]. ht- tp ://developer. android, com/reference/android/webkit/ package-summary, html.
计算机技术与发展
2015年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部