start-ver=1.4
cd-journal=joma
no-vol=E98D
cd-vols=
no-issue=4
article-no=
start-page=807
end-page=811
dt-received=
dt-revised=
dt-accepted=
dt-pub-year=2015
dt-pub=2015
dt-online=
en-article=
kn-article=
en-subject=
kn-subject=
en-title=
kn-title=Access Control to Prevent Malicious JavaScript Code Exploiting Vulnerabilities of WebView in Android OS
en-subtitle=
kn-subtitle=
en-abstract=
kn-abstract=Android applications that using WebView can load and display web pages. Interaction with web pages allows JavaScript code within the web pages to access resources on the Android device by using the Java object, which is registered into WebView. If this WebView feature were exploited by an attacker, JavaScript code could be used to launch attacks, such as stealing from or tampering personal information in the device. To address these threats, we propose an access control on the security-sensitive APIs at the Java object level. The proposed access control uses static analysis to identify these security-sensitive APIs, detects threats at runtime, and notifies the user if threats are detected, thereby preventing attacks from web pages.
en-copyright=
kn-copyright=

en-aut-name=YuJing
en-aut-sei=Yu
en-aut-mei=Jing
kn-aut-name=
kn-aut-sei=
kn-aut-mei=
aut-affil-num=1
ORCID=

en-aut-name=YamauchiToshihiro
en-aut-sei=Yamauchi
en-aut-mei=Toshihiro
kn-aut-name=
kn-aut-sei=
kn-aut-mei=
aut-affil-num=2
ORCID=

affil-num=1
en-affil=Graduate School of Natural Science and Technology, Okayama University
kn-affil=

affil-num=2
en-affil=Graduate School of Natural Science and Technology, Okayama University
kn-affil=
en-keyword=Android
kn-keyword=Android
en-keyword=WebView
kn-keyword=WebView
en-keyword=static analysis
kn-keyword=static analysis
en-keyword=access control
kn-keyword=access control
END