ID | 62355 |
フルテキストURL | |
著者 |
Kudo, Naoki
Graduate School of Natural Science and Technology, Okayama University
Yamauchi, Toshihiro
Graduate School of Natural Science and Technology, Okayama University
ORCID
Kaken ID
publons
researchmap
Austin, Thomas H.
San Jose State University
|
抄録 | Hybrid application frameworks such as Cordova allow mobile application (app) developers to create platformindependent apps. The code is written in JavaScript, with special APIs to access device resources in a platform-agnostic way. In this paper, we present a novel app-repackaging attack that repackages hybrid apps with malicious code; this code can exploit Cordova’s plugin interface to tamper with device resources. We further demonstrate a defense against this attack through the use of a novel runtime access control mechanism that restricts access based on the mobile user’s judgement. Our mechanism is easy to introduce to existing Cordova apps, and allows developers to produce apps that are resistant to app-repackaging attacks.
|
備考 | © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
The 31st IEEE International Conference on Advanced Information Networking and Applications (AINA-2017) Tamkang University, Taipei, Taiwan, March 27 to March 29, 2017
|
発行日 | 2017-3
|
出版物タイトル |
2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA)
|
出版者 | IEEE
|
開始ページ | 1063
|
終了ページ | 1069
|
ISSN | 1550-445X
|
資料タイプ |
会議発表論文
|
言語 |
日本語
|
OAI-PMH Set |
岡山大学
|
著作権者 | © 2017 IEEE
|
論文のバージョン | author
|
DOI | |
Web of Science KeyUT | |
関連URL | isVersionOf https://doi.org/10.1109/aina.2017.61
|