Reducing Attack Surface on Cordova-based Hybrid Mobile Apps
作者: Mohamed Shehab , Abeer AlJarrah
关键词:
摘要: Hybrid mobile application development is increasingly being adopted by the community since it provides answer to challenge of having right mix accessibility native features at an affordable cost. Apache Cordova library example a middle-ware that enables developers different operating systems access through web frameworks, such as HTML and JavaScript, which same time introduces several security challenges. In this paper, we highlight current setting limitations hybrid frameworks propose policy based approach provide limited pages/states app mitigate effect possible attacks. addition, downloaded analyzed 622 real apps, presented settings statistics.
acm.org
sci-hub.se 参考文章(10)
Erika Chin, David Wagner, Bifocals: Analyzing WebView Vulnerabilities in Android Applications workshop on information security applications. pp. 138- 159 ,(2013) , 10.1007/978-3-319-05149-9_9
Kapil Singh, Practical Context-Aware Permission Control for Hybrid Mobile Applications recent advances in intrusion detection. pp. 307- 327 ,(2013) , 10.1007/978-3-642-41284-4_16
Spyros Xanthopoulos, Stelios Xinogalos, A comparative analysis of cross-platform development approaches for mobile applications balkan conference in informatics. pp. 213- 220 ,(2013) , 10.1145/2490257.2490292
Shruthi Adappa, Vikas Agarwal, Sunil Goyal, Ponnurangam Kumaraguru, Sumit Mittal, User controllable security and privacy for mobile mashups Proceedings of the 12th Workshop on Mobile Computing Systems and Applications - HotMobile '11. pp. 35- 40 ,(2011) , 10.1145/2184489.2184498
Babu R Mahesh, M Balaji Kumar, Rakesh Manoharan, M Somasundaram, SP Karthikeyan, None, Portability of mobile applications using phonegap: a case study international conference on software engineering. pp. 1- 6 ,(2012) , 10.1049/IC.2012.0156
Martin Georgiev, Suman Jana, Vitaly Shmatikov, Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks. network and distributed system security symposium. ,vol. 2014, pp. 1- 15 ,(2014) , 10.14722/NDSS.2014.23323
J.H. Saltzer, M.D. Schroeder, The protection of information in computer systems Proceedings of the IEEE. ,vol. 63, pp. 1278- 1308 ,(1975) , 10.1109/PROC.1975.9939
Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, Heng Yin, Attacks on WebView in the Android system annual computer security applications conference. pp. 343- 352 ,(2011) , 10.1145/2076732.2076781
A. B. Bhavani, Cross-site Scripting Attacks on Android WebView arXiv: Cryptography and Security. ,(2013)
Xing Jin, Lusha Wang, Tongbo Luo, Wenliang Du, Fine-Grained Access Control for HTML5-Based Mobile Applications in Android international conference on information security. pp. 309- 318 ,(2013) , 10.1007/978-3-319-27659-5_22