Visual Integrity, Touchjacking, Web Container Model
Electrical and Computer Engineering
The UI redressing attack and its variations have spread across several platforms, from web browsers to mobile systems. We study the fundamental problem underneath such attacks, and formulate a generic model called the containerthreat model. We believe that the attacks are caused by the system’s failure to preserve visual integrity. From this angle, we study the existing countermeasures and propose a generic approach, Mediums framework, to develop a Trusted DisplayBase (TDB) to address this type of problems. We use the side channel to convey the lost visual information to users. From the access control perspective, we use the dynamic binding policy model to allow the server to enforce different restrictions based on different client-side scenarios.
T. Luo, X. Jin, and W. Du, "Mediums: Visual integrity preserving framework," in 3rd ACM Conference on Data and Application Security and Privacy, CODASPY 2013, February 18, 2013 - February 20, 2013, San Antonio, TX, United states, 2013, pp. 309-316.