Paper Info
Title
Access Control to Prevent Attacks Exploiting Vulnerabilities of WebView in Android OS
Abstract
Android applications that using WebView can load and display web pages. Furthermore, by using the APIs provided in WebView, Android applications can interact with web pages. The interaction allows JavaScript code within the web pages to access resources on the Android device by using the Java object, which is registered into WebView. If this WebView feature were exploited by an attacker, JavaScript code could be used to launch attacks, such as stealing from or tampering personal information in the device. To address these threats, we propose a method that performs access control on the security-sensitive APIs at the Java object level. The proposed method uses static analysis to identify these security-sensitive APIs, detects threats at runtime, and notifies the user if threats are detected, thereby preventing attacks from web pages.
Year
DOI
Venue
2013
10.1109/HPCC.and.EUC.2013.229
HPCC/EUC
Keywords
Field
DocType
attack prevention,threat identification,android os,java object level,webview vulnerability,web services,web pages,operating systems (computers),javascript code,android device,static analysis,authorisation,program diagnostics,resource access,android applications,security sensitive api,java,android (operating system),access control,assembly,humanoid robots
Android (operating system),Web page,Computer security,Computer science,Static analysis,Personally identifiable information,Access control,Java,Operating system,JavaScript,Distributed computing,Vulnerability
Conference
Citations 
PageRank 
References 
2
0.38
0
Authors
2
Name
Order
Citations
PageRank
Jing Yu150.86
Toshihiro Yamauchi2179.39