start-ver=1.4 cd-journal=joma no-vol=26 cd-vols= no-issue= article-no= start-page=396 end-page=405 dt-received= dt-revised= dt-accepted= dt-pub-year=2018 dt-pub=2018 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Access Control Mechanism to Mitigate Cordova Plugin Attacks in Hybrid Applications en-subtitle= kn-subtitle= en-abstract= kn-abstract=Hybrid application frameworks such as Cordova are more and more popular to create platform-independent applications (apps) because they provide special APIs to access device resources in a platform-agonistic way. By using these APIs, hybrid apps can access device resources through JavaScript. In this paper, we present a novel app-repackaging attack that repackages hybrid apps with malicious code; this code can exploit Cordova's plugin interface to steal and tamper with device resources. We address this attack and cross-site scripting attacks against hybrid apps. Since these attacks need to use plugins to access device resources, we refer to both of these attacks as Cordova plugin attacks. We further demonstrate a defense against Cordova plugin attacks through the use of a novel runtime access control mechanism that restricts access based on the mobile user's judgement. Our mechanism is easy to introduce to existing Cordova apps, and allows developers to produce apps that are resistant to Cordova plugin attacks. Moreover, we evaluate the effectiveness and performance of our mechanism. en-copyright= kn-copyright= en-aut-name=KudoNaoki en-aut-sei=Kudo en-aut-mei=Naoki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=AustinThomas H. en-aut-sei=Austin en-aut-mei=Thomas H. kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=San Jose State University kn-affil= en-keyword=hybrid Application kn-keyword=hybrid Application en-keyword=Android kn-keyword=Android en-keyword=Access Control kn-keyword=Access Control END start-ver=1.4 cd-journal=joma no-vol=24 cd-vols= no-issue=5 article-no= start-page=781 end-page=792 dt-received= dt-revised= dt-accepted= dt-pub-year=2016 dt-pub=20160915 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Design of Function for Tracing Diffusion of Classified Information for IPC on KVM en-subtitle= kn-subtitle= en-abstract= kn-abstract=The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by the file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause an information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function. en-copyright= kn-copyright= en-aut-name=FujiiShota en-aut-sei=Fujii en-aut-mei=Shota kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=4 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=Information Leakage Prevention kn-keyword=Information Leakage Prevention en-keyword=Inter-Process Communication kn-keyword=Inter-Process Communication en-keyword=Virtualization kn-keyword=Virtualization END