ccs2018.zip

  • q9_399821
    了解作者
  • 99.8MB
    文件大小
  • zip
    文件格式
  • 0
    收藏次数
  • VIP专享
    资源类型
  • 0
    下载次数
  • 2022-05-26 07:17
    上传日期
CCS 论文,分类整理
ccs2018.zip
  • ccs2018
  • Mobile Security 2
  • 112.pdf
    2.7MB
  • 110.pdf
    1.9MB
  • 111.pdf
    1.2MB
  • 113.pdf
    1.9MB
  • Key Exchanges
  • 130.pdf
    3.4MB
  • 131.pdf
    7.2MB
  • Mobile Security 1
  • 73.pdf
    1.4MB
  • 70.pdf
    21.6MB
  • 71.pdf
    1.9MB
  • 72.pdf
    2MB
  • IoT Security
  • 66.pdf
    1.7MB
  • 69.pdf
    1.4MB
  • 68.pdf
    12MB
  • 67.pdf
    3.9MB
  • Protocols
  • Privacy
  • 4.pdf
    1.4MB
  • 3.pdf
    1.6MB
  • Information_Flow
  • 100.pdf
    1.4MB
  • 101.pdf
    1.6MB
  • 102.pdf
    1.6MB
  • ML 2
  • 38.pdf
    2.4MB
  • 37.pdf
    2.3MB
  • 41.pdf
    883.5KB
  • 39.pdf
    1.6MB
  • 40.pdf
    1.5MB
  • ML 1
  • 24.pdf
    1.8MB
  • 23.pdf
    2.3MB
  • 21.pdf
    2.9MB
  • 22.pdf
    1.9MB
  • ML for Deanonymization
  • 8.pdf
    2.8MB
  • 7.pdf
    827.8KB
  • Fuzzing, Exploitation, and Side Channels
  • 133.pdf
    1.2MB
  • 136.pdf
    2.1MB
  • 134.pdf
    1.6MB
  • 140.pdf
    754.2KB
  • 137.pdf
    894.2KB
  • 145.pdf
    727.7KB
  • 144.pdf
    791.7KB
  • 135.pdf
    1MB
  • 147.pdf
    718.6KB
  • 141.pdf
    1014.4KB
  • 143.pdf
    773.3KB
  • 146.pdf
    749.2KB
  • 148.pdf
    748KB
  • 142.pdf
    750KB
  • 150.pdf
    526.5KB
  • 149.pdf
    729.8KB
  • 138.pdf
    834.6KB
  • 139.pdf
    2.2MB
内容介绍
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta charset="utf-8"><meta name="generator" content="pdf2htmlEX"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><link rel="stylesheet" href="https://csdnimg.cn/release/download_crawler_static/css/base.min.css"><link rel="stylesheet" href="https://csdnimg.cn/release/download_crawler_static/css/fancy.min.css"><link rel="stylesheet" href="https://csdnimg.cn/release/download_crawler_static/12728047/raw.css"><script src="https://csdnimg.cn/release/download_crawler_static/js/compatibility.min.js"></script><script src="https://csdnimg.cn/release/download_crawler_static/js/pdf2htmlEX.min.js"></script><script>try{pdf2htmlEX.defaultViewer = new pdf2htmlEX.Viewer({});}catch(e){}</script><title></title></head><body><div id="sidebar" style="display: none"><div id="outline"></div></div><div id="pf1" class="pf w0 h0" data-page-no="1"><div class="pc pc1 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://csdnimg.cn/release/download_crawler_static/12728047/bg1.jpg"><div class="t m0 x1 h2 y1 ff1 fs0 fc0 sc0 ls0 ws0">ClickShield:<span class="_"> </span>Are<span class="_"> </span>Y<span class="_ _0"></span>ou<span class="_"> </span>Hiding<span class="_"> </span>Something?</div><div class="t m0 x2 h2 y2 ff1 fs0 fc0 sc0 ls0 ws0">T<span class="_ _1"></span>owar<span class="_ _2"></span>ds<span class="_"> </span>Eradicating<span class="_"> </span>Clickjacking<span class="_"> </span>on<span class="_"> </span>Android</div><div class="t m0 x3 h3 y3 ff2 fs1 fc0 sc0 ls0 ws0">Andrea<span class="_"> </span>Possemato</div><div class="t m0 x4 h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">EURECOM,<span class="_"> </span>France</div><div class="t m0 x5 h4 y5 ff2 fs2 fc0 sc0 ls0 ws0">andrea.possemato@gmail.com</div><div class="t m0 x6 h3 y3 ff2 fs1 fc0 sc0 ls0 ws0">Andrea<span class="_"> </span>Lanzi</div><div class="t m1 x7 h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">Universita&#8217;<span class="_"> </span>degli<span class="_"> </span>Studi<span class="_"> </span>di<span class="_"> </span>Milano,<span class="_"> </span>Italy</div><div class="t m0 x8 h4 y5 ff2 fs2 fc0 sc0 ls0 ws0">andrea.lanzi@unimi.it</div><div class="t m0 x9 h3 y3 ff2 fs1 fc0 sc0 ls0 ws0">Simon<span class="_"> </span>Pak<span class="_"> </span>Ho<span class="_"> </span>Chung</div><div class="t m0 xa h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">Georgia<span class="_"> </span>Institute<span class="_"> </span>of<span class="_"> </span>T<span class="_ _3"></span>echnology<span class="_ _3"></span>,<span class="_"> </span>USA</div><div class="t m0 xb h4 y5 ff2 fs2 fc0 sc0 ls0 ws0">pchung34@mail.gatech.edu</div><div class="t m0 xc h3 y6 ff2 fs1 fc0 sc0 ls0 ws0">W<span class="_ _1"></span>enke<span class="_"> </span>Lee</div><div class="t m0 x1 h4 y7 ff2 fs2 fc0 sc0 ls0 ws0">Georgia<span class="_"> </span>Institute<span class="_"> </span>of<span class="_"> </span>T<span class="_ _3"></span>echnology<span class="_ _3"></span>,<span class="_"> </span>USA</div><div class="t m0 xd h4 y8 ff2 fs2 fc0 sc0 ls0 ws0">wenke.lee@gmail.com</div><div class="t m0 xe h3 y6 ff2 fs1 fc0 sc0 ls0 ws0">Y<span class="_ _3"></span>anick<span class="_"> </span>Fratantonio</div><div class="t m0 xf h4 y7 ff2 fs2 fc0 sc0 ls0 ws0">EURECOM,<span class="_"> </span>France</div><div class="t m0 x10 h4 y8 ff2 fs2 fc0 sc0 ls0 ws0">yanick.fratantonio@eurecom.fr</div><div class="t m0 x11 h5 y9 ff3 fs3 fc0 sc0 ls0 ws0">ABSTRA<span class="_ _3"></span>CT</div><div class="t m2 x11 h6 ya ff2 fs4 fc0 sc0 ls0 ws0">In<span class="_"> </span>the<span class="_"> </span>context<span class="_"> </span>of<span class="_"> </span>mobile-based<span class="_"> </span>user-interface<span class="_"> </span>(<span class="_ _4"></span>UI)<span class="_"> </span>attacks,<span class="_"> </span>the<span class="_"> </span>com-</div><div class="t m3 x11 h6 yb ff2 fs4 fc0 sc0 ls0 ws0">mon<span class="_"> </span>belief<span class="_"> </span>is<span class="_"> </span>that<span class="_ _5"> </span><span class="ff4">clickjacking<span class="_ _5"> </span></span>is<span class="_"> </span>a<span class="_"> </span>solved<span class="_ _5"> </span>problem.<span class="_"> </span>On<span class="_"> </span>the<span class="_"> </span>contrary<span class="_ _3"></span>,</div><div class="t m4 x11 h6 yc ff2 fs4 fc0 sc0 ls0 ws0">this<span class="_"> </span>paper<span class="_"> </span>shows<span class="_"> </span>that<span class="_"> </span>clickjacking<span class="_"> </span>is<span class="_"> </span>still<span class="_"> </span>an<span class="_"> </span>open<span class="_"> </span>problem<span class="_"> </span>for<span class="_"> </span>mo-</div><div class="t m3 x11 h6 yd ff2 fs4 fc0 sc0 ls0 ws0">bile<span class="_"> </span>devices.<span class="_"> </span>In<span class="_"> </span>fact,<span class="_"> </span>all<span class="_"> </span>known<span class="_"> </span>academic<span class="_"> </span>and<span class="_"> </span>industr<span class="_ _4"></span>y<span class="_"> </span>solutions<span class="_"> </span>are</div><div class="t m3 x11 h6 ye ff2 fs4 fc0 sc0 ls0 ws0">either<span class="_"> </span>not<span class="_ _6"> </span>e&#58909;ective<span class="_"> </span>or<span class="_ _6"> </span>not<span class="_"> </span>applicable<span class="_ _6"> </span>in<span class="_"> </span>the<span class="_ _6"> </span>real-world<span class="_ _6"> </span>for<span class="_"> </span>backward</div><div class="t m5 x11 h6 yf ff2 fs4 fc0 sc0 ls0 ws0">compatibility<span class="_ _7"> </span>reasons.<span class="_ _7"> </span>This<span class="_ _7"> </span>work<span class="_ _7"> </span>shows<span class="_ _5"> </span>that,<span class="_ _7"> </span>as<span class="_ _7"> </span>a<span class="_ _7"> </span>conse<span class="_ _4"></span>quence,</div><div class="t m6 x11 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">even<span class="_"> </span>popular<span class="_"> </span>and<span class="_"> </span>sensitive<span class="_"> </span>apps<span class="_"> </span>like<span class="_"> </span>Google<span class="_"> </span>Play<span class="_"> </span>Store<span class="_"> </span>remain,<span class="_"> </span>to</div><div class="t m0 x11 h6 y11 ff2 fs4 fc0 sc0 ls0 ws0">date,<span class="_"> </span>completely<span class="_"> </span>unprotected<span class="_"> </span>from<span class="_"> </span>clickjacking<span class="_"> </span>attacks.</div><div class="t m3 x12 h6 y12 ff2 fs4 fc0 sc0 ls0 ws0">After<span class="_ _6"> </span>gathering<span class="_ _8"> </span>insights<span class="_ _8"> </span>into<span class="_ _6"> </span>how<span class="_ _8"> </span>apps<span class="_ _6"> </span>use<span class="_ _8"> </span>the<span class="_ _6"> </span>user<span class="_ _8"> </span>interface,<span class="_ _8"> </span>this</div><div class="t m7 x11 h6 y13 ff2 fs4 fc0 sc0 ls0 ws0">work<span class="_"> </span>performs<span class="_"> </span>a<span class="_"> </span>systematic<span class="_"> </span>exploration<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>design<span class="_"> </span>space<span class="_"> </span>for<span class="_"> </span>an</div><div class="t m8 x11 h6 y14 ff2 fs4 fc0 sc0 ls0 ws0">e&#58909;ective<span class="_"> </span>and<span class="_"> </span>practical<span class="_"> </span>protection<span class="_"> </span>against<span class="_"> </span>clickjacking<span class="_"> </span>attacks.<span class="_"> </span>W<span class="_ _1"></span>e</div><div class="t m3 x11 h6 y15 ff2 fs4 fc0 sc0 ls0 ws0">then<span class="_ _6"> </span>use<span class="_ _6"> </span>this<span class="_ _6"> </span>exploration<span class="_ _6"> </span>to<span class="_"> </span>guide<span class="_ _8"> </span>the<span class="_"> </span>design<span class="_ _8"> </span>of<span class="_ _7"> </span><span class="ff5">ClickShield</span>,<span class="_ _6"> </span>a<span class="_ _6"> </span>new</div><div class="t m5 x11 h6 y16 ff2 fs4 fc0 sc0 ls0 ws0">defensive<span class="_"> </span>mechanism.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_"> </span>address<span class="_"> </span>backward<span class="_"> </span>compatibility<span class="_"> </span>issues,</div><div class="t m9 x11 h6 y17 ff2 fs4 fc0 sc0 ls0 ws0">our<span class="_"> </span>design<span class="_"> </span>allows<span class="_"> </span>for<span class="_"> </span>overlays<span class="_"> </span>to<span class="_"> </span>cov<span class="_ _2"></span>er<span class="_"> </span>the<span class="_"> </span>screen,<span class="_"> </span>and<span class="_"> </span>we<span class="_"> </span>employ</div><div class="t ma x11 h6 y18 ff2 fs4 fc0 sc0 ls0 ws0">image<span class="_"> </span>analysis<span class="_"> </span>techniques<span class="_"> </span>to<span class="_"> </span>determine<span class="_"> </span>whether<span class="_"> </span>the<span class="_ _5"> </span>user<span class="_"> </span>could<span class="_"> </span>be</div><div class="t m5 x11 h6 y19 ff2 fs4 fc0 sc0 ls0 ws0">confused.<span class="_"> </span>W<span class="_ _3"></span>e<span class="_"> </span>have<span class="_"> </span>implemented<span class="_"> </span>a<span class="_"> </span>prototype<span class="_"> </span>and<span class="_"> </span>we<span class="_"> </span>have<span class="_"> </span>tested</div><div class="t mb x11 h6 y1a ff2 fs4 fc0 sc0 ls0 ws0">it<span class="_"> </span>against<span class="_"> </span><span class="ff5">ClickBench</span>,<span class="_"> </span>a<span class="_"> </span>newly<span class="_"> </span>developed<span class="_"> </span>benchmark<span class="_"> </span>spe<span class="_ _4"></span>ci&#58907;cally</div><div class="t m3 x11 h6 y1b ff2 fs4 fc0 sc0 ls0 ws0">tailored<span class="_ _6"> </span>to<span class="_"> </span>stress-test<span class="_ _6"> </span>clickjacking<span class="_ _6"> </span>protection<span class="_"> </span>solutions.<span class="_ _6"> </span>This<span class="_"> </span>dataset</div><div class="t m5 x11 h6 y1c ff2 fs4 fc0 sc0 ls0 ws0">is<span class="_ _9"> </span>constituted<span class="_ _9"> </span>by<span class="_ _9"> </span>104<span class="_ _9"> </span>test<span class="_ _9"> </span>cases,<span class="_ _9"> </span>and<span class="_ _9"> </span>it<span class="_ _9"> </span>includes<span class="_ _9"> </span>real-world<span class="_ _7"> </span>and</div><div class="t m2 x11 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">simulated<span class="_"> </span>benign<span class="_"> </span>and<span class="_"> </span>malicious<span class="_ _5"> </span>examples<span class="_"> </span>that<span class="_"> </span>evaluate<span class="_"> </span>the<span class="_"> </span>system</div><div class="t m7 x11 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">across<span class="_"> </span>a<span class="_"> </span>wide<span class="_"> </span>range<span class="_"> </span>of<span class="_"> </span>legitimate<span class="_"> </span>and<span class="_"> </span>attack<span class="_"> </span>scenarios.<span class="_"> </span>The<span class="_"> </span>results</div><div class="t m5 x11 h6 y1f ff2 fs4 fc0 sc0 ls0 ws0">show<span class="_ _5"> </span>that<span class="_ _7"> </span>our<span class="_ _5"> </span>system<span class="_ _5"> </span>is<span class="_ _7"> </span>able<span class="_ _5"> </span>to<span class="_ _5"> </span>address<span class="_ _7"> </span>backward<span class="_"> </span>compatibility</div><div class="t m3 x11 h6 y20 ff2 fs4 fc0 sc0 ls0 ws0">concerns,<span class="_ _8"> </span>to<span class="_ _6"> </span>detect<span class="_ _8"> </span>all<span class="_ _6"> </span>known<span class="_ _8"> </span>attacks<span class="_ _6"> </span>(including<span class="_ _8"> </span>a<span class="_ _6"> </span>never-seen-before</div><div class="t m5 x11 h6 y21 ff2 fs4 fc0 sc0 ls0 ws0">real-world<span class="_"> </span>malware<span class="_"> </span>that<span class="_ _5"> </span>was<span class="_"> </span>publishe<span class="_ _4"></span>d<span class="_"> </span>after<span class="_ _5"> </span>we<span class="_"> </span>have<span class="_"> </span>developed</div><div class="t m0 x11 h6 y22 ff2 fs4 fc0 sc0 ls0 ws0">our<span class="_"> </span>solution),<span class="_"> </span>and<span class="_"> </span>it<span class="_"> </span>introduces<span class="_"> </span>a<span class="_"> </span>negligible<span class="_"> </span>overhead.</div><div class="t m0 x11 h7 y23 ff3 fs5 fc0 sc0 ls0 ws0">A<span class="_ _2"></span>CM<span class="_ _6"> </span>Reference<span class="_ _6"> </span>Format:</div><div class="t m3 x11 h8 y24 ff2 fs5 fc0 sc0 ls0 ws0">Andrea<span class="_ _8"> </span>Possemato<span class="_ _3"></span>,<span class="_ _8"> </span>Andrea<span class="_ _8"> </span>Lanzi,<span class="_ _a"> </span>Simon<span class="_ _a"> </span>Pak<span class="_ _8"> </span>Ho<span class="_ _a"> </span>Chung,<span class="_ _8"> </span>W<span class="_ _3"></span>enke<span class="_ _a"> </span>Lee,<span class="_ _8"> </span>and<span class="_ _a"> </span>Y<span class="_ _3"></span>an-</div><div class="t m5 x11 h8 y25 ff2 fs5 fc0 sc0 ls0 ws0">ick<span class="_"> </span>Fratantonio.<span class="_ _5"> </span>2018.<span class="_"> </span>ClickShield:<span class="_ _5"> </span>Are<span class="_"> </span>Y<span class="_ _3"></span>ou<span class="_"> </span>Hiding<span class="_ _5"> </span>Something?<span class="_"> </span>T<span class="_ _3"></span>owards</div><div class="t m5 x11 h8 y26 ff2 fs5 fc0 sc0 ls0 ws0">Eradicating<span class="_ _7"> </span>Clickjacking<span class="_ _7"> </span>on<span class="_ _9"> </span>Android.<span class="_ _7"> </span>In<span class="_ _7"> </span><span class="ff4">2018<span class="_ _7"> </span>ACM<span class="_ _7"> </span>SIGSA<span class="_ _3"></span>C<span class="_ _9"> </span>Conference</span></div><div class="t mc x11 h9 y27 ff4 fs5 fc0 sc0 ls0 ws0">on<span class="_ _6"> </span>Computer<span class="_ _6"> </span>and<span class="_ _b"> </span>Communications<span class="_ _6"> </span>Security<span class="_ _b"> </span>(CCS<span class="_ _6"> </span>&#8217;18),<span class="_ _6"> </span>October<span class="_ _b"> </span>15&#8211;19,<span class="_ _6"> </span>2018,</div><div class="t md x11 h8 y28 ff4 fs5 fc0 sc0 ls0 ws0">T<span class="_ _3"></span>oronto,<span class="_ _6"> </span>ON,<span class="_ _6"> </span>Canada<span class="_"> </span>.<span class="_ _b"> </span><span class="ff2">ACM,<span class="_"> </span>Ne<span class="_ _2"></span>w<span class="_"> </span>Y<span class="_ _3"></span>ork,<span class="_"> </span>NY,<span class="_"> </span>USA,<span class="_"> </span>17<span class="_"> </span>pages.<span class="_"> </span>https://doi.org/</span></div><div class="t m0 x11 h8 y29 ff2 fs5 fc0 sc0 ls0 ws0">10.1145/3243734.3243785</div><div class="t m5 x11 ha y2a ff2 fs6 fc0 sc0 ls0 ws0">Permission<span class="_"> </span>to<span class="_"> </span>make<span class="_"> </span>digital<span class="_"> </span>or<span class="_"> </span>hard<span class="_"> </span>copies<span class="_"> </span>of<span class="_"> </span>all<span class="_"> </span>or<span class="_"> </span>part<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>work<span class="_"> </span>for<span class="_"> </span>personal<span class="_"> </span>or</div><div class="t me x11 ha y2b ff2 fs6 fc0 sc0 ls0 ws0">classroom<span class="_"> </span>use<span class="_"> </span>is<span class="_"> </span>granted<span class="_"> </span>without<span class="_"> </span>fee<span class="_ _6"> </span>provided<span class="_"> </span>that<span class="_"> </span>copies<span class="_"> </span>are<span class="_"> </span>not<span class="_"> </span>made<span class="_"> </span>or<span class="_"> </span>distribute<span class="_ _4"></span>d</div><div class="t m3 x11 ha y2c ff2 fs6 fc0 sc0 ls0 ws0">for<span class="_"> </span>pro&#58907;t<span class="_ _a"> </span>or<span class="_"> </span>commercial<span class="_ _a"> </span>advantage<span class="_"> </span>and<span class="_"> </span>that<span class="_ _a"> </span>copies<span class="_"> </span>bear<span class="_"> </span>this<span class="_"> </span>notice<span class="_ _a"> </span>and<span class="_"> </span>the<span class="_"> </span>full<span class="_ _a"> </span>citation</div><div class="t m3 x11 ha y2d ff2 fs6 fc0 sc0 ls0 ws0">on<span class="_"> </span>the<span class="_"> </span>&#58907;rst<span class="_"> </span>page.<span class="_"> </span>Copyrights<span class="_"> </span>for<span class="_"> </span>components<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>work<span class="_"> </span>owned<span class="_"> </span>by<span class="_"> </span>others<span class="_"> </span>than<span class="_"> </span>ACM</div><div class="t m3 x11 ha y2e ff2 fs6 fc0 sc0 ls0 ws0">must<span class="_"> </span>be<span class="_ _a"> </span>honored.<span class="_"> </span>Abstracting<span class="_ _8"> </span>with<span class="_ _8"> </span>credit<span class="_ _8"> </span>is<span class="_ _8"> </span>permitted.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_ _a"> </span>copy<span class="_"> </span>otherwise,<span class="_"> </span>or<span class="_ _a"> </span>republish,</div><div class="t m3 x11 ha y2f ff2 fs6 fc0 sc0 ls0 ws0">to<span class="_"> </span>post<span class="_"> </span>on<span class="_"> </span>servers<span class="_"> </span>or<span class="_"> </span>to<span class="_ _8"> </span>redistribute<span class="_"> </span>to<span class="_"> </span>lists,<span class="_"> </span>r<span class="_ _3"></span>e<span class="_ _4"></span>quires<span class="_"> </span>prior<span class="_"> </span>speci&#58907;c<span class="_"> </span>permission<span class="_"> </span>and<span class="_ _4"></span>/or<span class="_"> </span>a</div><div class="t m0 x11 ha y30 ff2 fs6 fc0 sc0 ls0 ws0">fee.<span class="_"> </span>Request<span class="_"> </span>permissions<span class="_"> </span>from<span class="_"> </span>permissions@acm.org.</div><div class="t m0 x11 hb y31 ff4 fs6 fc0 sc0 ls0 ws0">CCS<span class="_ _8"> </span>&#8217;18,<span class="_ _6"> </span>October<span class="_ _6"> </span>15&#8211;19,<span class="_ _6"> </span>2018,<span class="_ _8"> </span>Tor<span class="_ _2"></span>onto,<span class="_ _8"> </span>ON,<span class="_ _6"> </span>Canada</div><div class="t m0 x11 ha y32 ff6 fs6 fc0 sc0 ls0 ws0">&#169;<span class="_ _8"> </span><span class="ff2">2018<span class="_"> </span>Association<span class="_"> </span>for<span class="_"> </span>Computing<span class="_"> </span>Machiner<span class="_ _4"></span>y<span class="_ _3"></span>.</span></div><div class="t m0 x11 ha y33 ff2 fs6 fc0 sc0 ls0 ws0">ACM<span class="_"> </span>ISBN<span class="_"> </span>978-1-4503-5693-0/18/10.<span class="_ _c"></span>.<span class="_ _c"> </span>.<span class="_ _a"> </span>$15.00</div><div class="t m0 x11 ha y34 ff2 fs6 fc0 sc0 ls0 ws0">https://doi.org/10.1145/3243734.3243785</div><div class="t m0 x13 h5 y9 ff3 fs3 fc0 sc0 ls0 ws0">1<span class="_ _d"> </span>IN<span class="_ _4"></span>TRODUCTION</div><div class="t m5 x13 h6 ya ff2 fs4 fc0 sc0 ls0 ws0">Mobile<span class="_ _7"> </span>devices<span class="_ _7"> </span>are<span class="_ _5"> </span>widespread<span class="_ _7"> </span>and<span class="_ _7"> </span>they<span class="_ _7"> </span>have<span class="_ _7"> </span>been<span class="_ _7"> </span>subject<span class="_ _7"> </span>to<span class="_ _7"> </span>a</div><div class="t m5 x13 h6 yb ff2 fs4 fc0 sc0 ls0 ws0">signi&#58907;cant<span class="_ _5"> </span>corpus<span class="_ _7"> </span>of<span class="_ _5"> </span>research.<span class="_ _5"> </span>One<span class="_ _7"> </span>main<span class="_ _5"> </span>area<span class="_ _7"> </span>of<span class="_ _5"> </span>works<span class="_ _7"> </span>is<span class="_ _5"> </span>about</div><div class="t m5 x13 h6 yc ff2 fs4 fc0 sc0 ls0 ws0">o&#58909;ensive<span class="_ _7"> </span>research,<span class="_ _7"> </span>which<span class="_ _7"> </span>focuses<span class="_ _7"> </span>on<span class="_ _7"> </span>attacking<span class="_ _7"> </span>these<span class="_ _7"> </span>devices<span class="_ _7"> </span>to</div><div class="t mf x13 h6 yd ff2 fs4 fc0 sc0 ls0 ws0">highlight<span class="_"> </span>vulnerabilities.<span class="_"> </span>Within<span class="_"> </span>this<span class="_"> </span>context,<span class="_"> </span>a<span class="_ _6"> </span>number<span class="_"> </span>of<span class="_"> </span>recent</div><div class="t m5 x13 h6 ye ff2 fs4 fc0 sc0 ls0 ws0">works<span class="_ _5"> </span>has<span class="_ _5"> </span>speci&#58907;cally<span class="_ _7"> </span>focused<span class="_ _5"> </span>on<span class="_ _5"> </span>the<span class="_ _7"> </span>mobile<span class="_"> </span>user-interface<span class="_ _7"> </span>(UI).</div><div class="t m1 x13 h6 yf ff2 fs4 fc0 sc0 ls0 ws0">Many<span class="_"> </span>of<span class="_"> </span>these<span class="_"> </span>works<span class="_"> </span>have<span class="_"> </span>focused<span class="_"> </span>on<span class="_"> </span>the<span class="_ _5"> </span>problem<span class="_"> </span>of<span class="_"> </span><span class="ff4">mobile<span class="_ _b"> </span>phish-</span></div><div class="t m6 x13 h6 y10 ff4 fs4 fc0 sc0 ls0 ws0">ing<span class="_ _b"> </span>attacks<span class="_ _5"> </span><span class="ff2">[</span></div><div class="t m0 x14 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">4</div><div class="t m6 x15 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x16 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">6</div><div class="t m6 x17 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x18 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">9</div><div class="t m6 x19 h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x1a h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">14</div><div class="t m6 x1b h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x1c h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">20</div><div class="t m6 x1d h6 y10 ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_"> </span>In<span class="_"> </span>such<span class="_"> </span>attacks,<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>is<span class="_"> </span>tricked<span class="_"> </span>by<span class="_"> </span>a</div><div class="t m10 x13 h6 y11 ff2 fs4 fc0 sc0 ls0 ws0">malicious<span class="_"> </span>app<span class="_"> </span>into<span class="_"> </span>inserting<span class="_"> </span>sensitive<span class="_"> </span>input<span class="_"> </span>(e<span class="_ _2"></span>.g.,<span class="_"> </span>usernames,<span class="_"> </span>pass-</div><div class="t m5 x13 h6 y12 ff2 fs4 fc0 sc0 ls0 ws0">words)<span class="_"> </span>into<span class="_ _7"> </span>a<span class="_ _5"> </span>window<span class="_ _5"> </span>that<span class="_ _7"> </span>the<span class="_"> </span>malicious<span class="_ _7"> </span>app<span class="_ _5"> </span>controls.<span class="_ _5"> </span>The<span class="_ _7"> </span>core</div><div class="t m3 x13 h6 y13 ff2 fs4 fc0 sc0 ls0 ws0">issue<span class="_ _8"> </span>enabling<span class="_ _8"> </span>these<span class="_ _8"> </span>attacks<span class="_ _8"> </span>is<span class="_ _6"> </span>that<span class="_ _8"> </span>users<span class="_ _8"> </span>cannot<span class="_ _8"> </span>understand<span class="_ _8"> </span>whether</div><div class="t m2 x13 h6 y14 ff2 fs4 fc0 sc0 ls0 ws0">they<span class="_"> </span>are<span class="_"> </span>interacting<span class="_"> </span>with<span class="_"> </span>a<span class="_"> </span>legitimate<span class="_"> </span>app<span class="_"> </span>(<span class="_ _4"></span>like<span class="_"> </span>a<span class="_"> </span>banking<span class="_"> </span>app)<span class="_"> </span>or<span class="_"> </span>a</div><div class="t m0 x13 h6 y15 ff2 fs4 fc0 sc0 ls0 ws0">malicious<span class="_"> </span>one<span class="_"> </span>that<span class="_"> </span>is<span class="_"> </span>spoo&#58907;ng<span class="_"> </span>the<span class="_"> </span>legitimate<span class="_"> </span>UI.</div><div class="t ma x1e h6 y16 ff2 fs4 fc0 sc0 ls0 ws0">Another<span class="_"> </span>class<span class="_"> </span>of<span class="_"> </span>attacks<span class="_"> </span>against<span class="_"> </span>user-interfaces<span class="_"> </span>(UI)<span class="_"> </span>is<span class="_"> </span><span class="ff4">clickjack-</span></div><div class="t m3 x13 h6 y17 ff4 fs4 fc0 sc0 ls0 ws0">ing<span class="ff2">,<span class="_"> </span>which<span class="_"> </span>is<span class="_"> </span>the<span class="_"> </span>fo<span class="_ _4"></span>cus<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>paper<span class="_ _3"></span>.<span class="_"> </span>Such<span class="_ _5"> </span>attacks<span class="_"> </span>work<span class="_"> </span>by<span class="_"> </span>creating</span></div><div class="t m4 x13 h6 y18 ff2 fs4 fc0 sc0 ls0 ws0">an<span class="_"> </span>opaque<span class="_"> </span>overlay<span class="_"> </span>that<span class="_"> </span>completely<span class="_"> </span>cov<span class="_ _2"></span>ers<span class="_"> </span>a<span class="_"> </span>security-sensitive<span class="_"> </span>app</div><div class="t m3 x13 h6 y19 ff2 fs4 fc0 sc0 ls0 ws0">(such<span class="_"> </span>as<span class="_"> </span>the<span class="_"> </span>Settings<span class="_ _6"> </span>app):<span class="_"> </span>while<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>believes<span class="_"> </span>she<span class="_"> </span>is<span class="_"> </span>interacting</div><div class="t m3 x13 h6 y1a ff2 fs4 fc0 sc0 ls0 ws0">with<span class="_"> </span>an<span class="_"> </span>innocuous<span class="_"> </span>ov<span class="_ _2"></span>erlay<span class="_ _3"></span>,<span class="_"> </span>she<span class="_"> </span>is<span class="_ _6"> </span>in<span class="_"> </span>fact<span class="_"> </span>interacting<span class="_"> </span>with<span class="_"> </span>the<span class="_ _6"> </span>target</div><div class="t m5 x13 h6 y1b ff2 fs4 fc0 sc0 ls0 ws0">app<span class="_ _7"> </span>on<span class="_ _5"> </span>the<span class="_ _7"> </span>bottom<span class="_ _7"> </span>(and<span class="_ _5"> </span>she<span class="_ _7"> </span>could<span class="_ _5"> </span>unknowingly<span class="_ _7"> </span>grant<span class="_ _5"> </span>p<span class="_ _4"></span>owerful</div><div class="t m0 x13 h6 y1c ff2 fs4 fc0 sc0 ls0 ws0">permissions<span class="_"> </span>to<span class="_"> </span>a<span class="_"> </span>malicious<span class="_"> </span>app).</div><div class="t m5 x1e h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">These<span class="_ _5"> </span>attacks<span class="_ _5"> </span>have<span class="_ _5"> </span>been<span class="_ _5"> </span>known<span class="_ _5"> </span>for<span class="_ _5"> </span>several<span class="_ _5"> </span>years<span class="_"> </span>[</div><div class="t m0 x1f h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">1</div><div class="t m5 x20 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x21 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">2</div><div class="t m5 x22 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x23 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">17</div><div class="t m5 x24 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x25 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">24</div><div class="t m5 x26 h6 y1d ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x13 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">26</div><div class="t m5 x27 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x28 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">30</div><div class="t m5 x29 h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">,</div><div class="t m0 x2a h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">31</div><div class="t m5 x2b h6 y1e ff2 fs4 fc0 sc0 ls0 ws0">]<span class="_ _5"> </span>and,<span class="_ _7"> </span>in<span class="_ _7"> </span>response,<span class="_"> </span>Go<span class="_ _4"></span>ogle<span class="_ _5"> </span>has<span class="_ _7"> </span>implemented<span class="_ _7"> </span>a<span class="_ _5"> </span>security</div><div class="t m5 x13 h6 y1f ff2 fs4 fc0 sc0 ls0 ws0">mechanism<span class="_ _9"> </span>called<span class="_ _9"> </span>&#8220;obscured<span class="_ _9"> </span>&#58910;ag.<span class="_ _1"></span>&#8221;<span class="_ _9"> </span>Such<span class="_ _9"> </span>protection<span class="_ _9"> </span>allows<span class="_ _9"> </span>apps</div><div class="t m5 x13 h6 y20 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>detect<span class="_ _5"> </span>whether<span class="_ _3"></span>,<span class="_"> </span>at<span class="_ _5"> </span>the<span class="_"> </span>moment<span class="_ _5"> </span>of<span class="_"> </span>the<span class="_ _5"> </span>click,<span class="_"> </span>a<span class="_ _5"> </span>sensitive<span class="_"> </span>widget</div><div class="t m3 x13 h6 y21 ff2 fs4 fc0 sc0 ls0 ws0">button<span class="_ _8"> </span>was<span class="_ _6"> </span>covered<span class="_ _8"> </span>by<span class="_ _6"> </span>an<span class="_ _6"> </span>overlay<span class="_ _8"> </span>and,<span class="_ _8"> </span>if<span class="_ _6"> </span>that<span class="_ _6"> </span>is<span class="_ _8"> </span>the<span class="_ _6"> </span>case,<span class="_ _6"> </span>apps<span class="_ _8"> </span>have<span class="_ _6"> </span>a</div><div class="t m3 x13 h6 y22 ff2 fs4 fc0 sc0 ls0 ws0">chance<span class="_"> </span>to<span class="_"> </span>r<span class="_ _2"></span>efuse<span class="_"> </span>the<span class="_"> </span>click.<span class="_ _6"> </span>Google<span class="_"> </span>adopted<span class="_"> </span>this<span class="_"> </span>security<span class="_"> </span>mechanism</div><div class="t m11 x13 h6 y35 ff2 fs4 fc0 sc0 ls0 ws0">to<span class="_"> </span>protect<span class="_"> </span>the<span class="_"> </span>most<span class="_"> </span>security-sensitive<span class="_"> </span>of<span class="_"> </span>its<span class="_"> </span>Android<span class="_"> </span>apps,<span class="_"> </span>such<span class="_"> </span>as</div><div class="t m0 x13 h6 y36 ff2 fs4 fc0 sc0 ls0 ws0">the<span class="_"> </span>Settings<span class="_"> </span>app.</div><div class="t me x1e h6 y37 ff2 fs4 fc0 sc0 ls0 ws0">Howev<span class="_ _2"></span>er<span class="_ _3"></span>,<span class="_"> </span>a<span class="_"> </span>recent<span class="_"> </span>work<span class="_"> </span>called<span class="_"> </span>Cloak<span class="_"> </span>&amp;<span class="_ _5"> </span>Dagger<span class="_"> </span>(C&amp;D<span class="_"> </span>from<span class="_"> </span>now</div><div class="t m3 x13 h6 y38 ff2 fs4 fc0 sc0 ls0 ws0">on)<span class="_"> </span>sho<span class="_ _2"></span>wed<span class="_"> </span>ho<span class="_ _2"></span>w<span class="_ _6"> </span>this<span class="_"> </span>defense<span class="_ _6"> </span>mechanism<span class="_"> </span>can<span class="_ _6"> </span>be<span class="_"> </span>bypassed<span class="_"> </span>[</div><div class="t m0 x2c h6 y38 ff2 fs4 fc0 sc0 ls0 ws0">10</div><div class="t m3 x2d h6 y38 ff2 fs4 fc0 sc0 ls0 ws0">].<span class="_"> </span>The</div><div class="t m9 x13 h6 y39 ff2 fs4 fc0 sc0 ls0 ws0">authors<span class="_"> </span>of<span class="_"> </span>this<span class="_"> </span>work<span class="_"> </span>developed<span class="_"> </span>a<span class="_"> </span>new<span class="_"> </span>attack,<span class="_"> </span>called<span class="_"> </span><span class="ff4">context-hiding</span></div><div class="t m3 x13 h6 y3a ff4 fs4 fc0 sc0 ls0 ws0">attack<span class="ff2">,<span class="_ _6"> </span>which<span class="_ _8"> </span>consists<span class="_"> </span>in<span class="_ _8"> </span>covering<span class="_ _8"> </span>the<span class="_"> </span>entir<span class="_ _2"></span>e<span class="_ _6"> </span>screen<span class="_ _8"> </span><span class="ff4">except<span class="_ _5"> </span></span>the<span class="_ _6"> </span>target</span></div><div class="t m12 x13 h6 y3b ff2 fs4 fc0 sc0 ls0 ws0">button:<span class="_"> </span>In<span class="_"> </span>this<span class="_"> </span>way<span class="_ _3"></span>,<span class="_"> </span>the<span class="_"> </span>obscured<span class="_"> </span>&#58910;ag<span class="_"> </span>pr<span class="_ _2"></span>otection<span class="_"> </span>does<span class="_"> </span>not<span class="_"> </span>trigger</div><div class="t m13 x13 h6 y3c ff2 fs4 fc0 sc0 ls0 ws0">and,<span class="_"> </span>at<span class="_"> </span>the<span class="_"> </span>same<span class="_"> </span>time<span class="_ _2"></span>,<span class="_"> </span>the<span class="_"> </span>attacker<span class="_"> </span>is<span class="_"> </span>still<span class="_"> </span>able<span class="_ _6"> </span>to<span class="_"> </span><span class="ff4">confuse<span class="_ _5"> </span></span>the<span class="_"> </span>user</div><div class="t m0 x13 h6 y3d ff2 fs4 fc0 sc0 ls0 ws0">by<span class="_"> </span>hiding<span class="_"> </span>all<span class="_"> </span>the<span class="_"> </span>relevant<span class="_"> </span>security-sensitive<span class="_"> </span>context<span class="_"> </span>information.</div><div class="t m5 x1e h6 y3e ff2 fs4 fc0 sc0 ls0 ws0">In<span class="_ _5"> </span>response<span class="_ _7"> </span>to<span class="_"> </span>this<span class="_ _7"> </span>attack,<span class="_ _5"> </span>Google<span class="_ _7"> </span>implemented<span class="_ _5"> </span>an<span class="_ _5"> </span>additional</div><div class="t m12 x13 h6 y3f ff2 fs4 fc0 sc0 ls0 ws0">defensive<span class="_"> </span>mechanism:<span class="_"> </span>in<span class="_"> </span>recent<span class="_"> </span>v<span class="_ _2"></span>ersions<span class="_"> </span>of<span class="_"> </span>Android,<span class="_ _6"> </span>when<span class="_"> </span>users</div><div class="t m5 x13 h6 y40 ff2 fs4 fc0 sc0 ls0 ws0">browse<span class="_"> </span>to<span class="_ _7"> </span>the<span class="_ _5"> </span>accessibility<span class="_ _5"> </span>ser<span class="_ _4"></span>vice<span class="_ _5"> </span>menu<span class="_ _5"> </span>(the<span class="_ _7"> </span>main<span class="_ _5"> </span>target<span class="_ _5"> </span>of<span class="_ _7"> </span>the</div><div class="t m3 x13 h6 y41 ff2 fs4 fc0 sc0 ls0 ws0">C&amp;D<span class="_"> </span>work),<span class="_"> </span>all<span class="_ _6"> </span>overlays<span class="_"> </span>drawn<span class="_"> </span>on<span class="_"> </span>top<span class="_"> </span>disappear<span class="_ _3"></span>.<span class="_"> </span>T<span class="_ _3"></span>o<span class="_ _6"> </span>the<span class="_"> </span>best<span class="_"> </span>of<span class="_"> </span>our</div><div class="t m13 x13 h6 y42 ff2 fs4 fc0 sc0 ls0 ws0">knowledge,<span class="_"> </span>this<span class="_"> </span>hide<span class="_"> </span>ov<span class="_ _2"></span>erlays<span class="_"> </span>defense<span class="_"> </span>mechanism<span class="_"> </span>is<span class="_"> </span>su&#58908;cient<span class="_"> </span>to</div><div class="t m5 x13 h6 y43 ff2 fs4 fc0 sc0 ls0 ws0">defeat<span class="_ _5"> </span>clickjacking<span class="_ _5"> </span>attacks<span class="_ _5"> </span>(including<span class="_ _5"> </span>C&amp;D),<span class="_ _5"> </span>mainly<span class="_ _5"> </span>because<span class="_ _5"> </span>the</div><div class="t m3 x13 h6 y44 ff2 fs4 fc0 sc0 ls0 ws0">attacker<span class="_"> </span>does<span class="_"> </span>not<span class="_"> </span>have<span class="_"> </span>any<span class="_"> </span>possibility<span class="_"> </span>to<span class="_"> </span>confuse<span class="_"> </span>the<span class="_"> </span>user<span class="_"> </span>anymore<span class="_ _2"></span>.</div><div class="t m5 x13 h6 y45 ff2 fs4 fc0 sc0 ls0 ws0">The<span class="_ _7"> </span>common<span class="_ _9"> </span>belief<span class="_ _9"> </span>is<span class="_ _7"> </span>thus<span class="_ _9"> </span>that<span class="_ _9"> </span>clickjacking<span class="_ _7"> </span>is<span class="_ _9"> </span>overall<span class="_ _7"> </span>a<span class="_ _9"> </span>solved</div><div class="c x11 y46 w2 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">Session 6B: Mobile 1</div></div><div class="c x2e y46 w3 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">CCS&#8217;18, October 15-19, 2018, Toronto, ON, Canada</div></div><div class="c x2f y48 w4 hc"><div class="t m0 x0 hd y47 ff7 fs7 fc0 sc0 ls0 ws0">1120</div></div><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a><a class="l" rel='nofollow' onclick='return false;'><div class="d m14"></div></a></div><div class="pi" data-data='{"ctm":[1.568627,0.000000,0.000000,1.568627,0.000000,0.000000]}'></div></div></body></html>
评论
    相关推荐
    • 文字分类
      文字分类
    • 天气分类
      天气分类
    • 推文分类
      推文分类
    • 推特分类
      推特分类
    • 分类
      分类
    • 分类
      分类
    • DogBreed分类
      狗的品种分类 描述 该项目可以对120个不同的犬种进行分类。 我将转移学习用于图像分类和来自Tensorhub的预训练模型-mobilenetv2 使用Streamlit将模型部署到Web 演示版 执照
    • 昆虫分类
      三百六十行,行行出状元,但状元也是需要查找和学习昆虫分类的,欢迎大家下载昆虫分类参考使用。PS:可下...该文档为昆虫分类,是一份很不错的参考资料,具有较高参考价值,感兴趣的可以下载看看
    • 分类
      分类
    • 商品分类
      这是一款整理发布的商品分类,适用于公司企业营销人员学习参考商品分类,进而更好提升自己。P...该文档为商品分类,是一份很不错的参考资料,具有较高参考价值,感兴趣的可以下载看看