Document Type

Conference Document

Date

2012

Embargo Period

6-11-2013

Keywords

Visual Integrity, Touchjacking, Web Container Model

Language

English

Disciplines

Electrical and Computer Engineering

Description/Abstract

The UI redressing attack and its variations have spread across several platforms, from web browsers to mobile systems. We study the fundamental problem underneath such attacks, and formulate a generic model called the containerthreat model. We believe that the attacks are caused by the system’s failure to preserve visual integrity. From this angle, we study the existing countermeasures and propose a generic approach, Mediums framework, to develop a Trusted DisplayBase (TDB) to address this type of problems. We use the side channel to convey the lost visual information to users. From the access control perspective, we use the dynamic binding policy model to allow the server to enforce different restrictions based on different client-side scenarios.

Share

COinS