透過您的圖書館登入 IP:3.149.229.253
透過您的圖書館登入
IP:3.149.229.253
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

混合式Android應用程式安全機制之研究

A Security Mechanism for Android HTML5 Web Applications

張崴(Wei Chang)
指導教授 : 王勝德
國立臺灣大學/電機資訊學院/電機工程學研究所/碩士(2015年)
https://doi.org/10.6342/NTU.2015.01810
全文下載

摘要

現今混合式的手機應用程式已經被大量地在智慧型手機中使用,這些應用程式已經是使用HTML5與手機作業系統的原生語言來設計的。這些程式設計師利用WebView這一個元件載入HTML5的網頁並且利用addJavavscriptInterface這一個API註冊WebView與原生語言的溝通管道。然而,這些溝通管道有可能發生安全性的危害。惡意網頁有可能會被WebView載入並且利用這些溝通管道攻擊手機。 在這一篇論文中,我們提出了一個framework來保護這一個溝通管道。這個framework包含了兩個部分,第一部分利用fined-grained access control來防止惡意網頁存取這個溝通管道,第二部分利用機器學習來偵測溝通管道的使用是否正常。根據實驗結果,這一個framework可以有效的防止溝通管道的惡意存取。

關鍵字

智慧型手機 資訊安全 機器學習

並列摘要

Hybrid mobile applications have been widely used in the modern smartphones. These applications are implemented in HTML5 and the native language of the operating system. The developers use WebView components to wrap the part of HTML5 and register the communication channel between WebView and the part of native language. However, the communication channel is vulnerable. Malicious web pages may be loaded in the WebView and attack the device through the communication channel. In this thesis, we proposed a framework to protect the communication channel. This framework includes two parts. The first one is fined-grained access control which protects the communication channel. The second is malicious bridge API call detection which detects the malicious usage of the communication channel. According to the experimental result, the proposed framework blocks malicious access efficiently. Moreover, the second approach achieves high accuracy and reduces the labeled training data at the same time.

並列關鍵字

Android Security HTML5 WebView Tokenization Active Learning Machine Learning

參考文獻

[3] M. L. Polla, F. Martinelli, and D. Sgandurra, A Survey on Security for Mobile Devices, in IEEE Commun. Surveys & Tutorials, 2012.
[4] X. Jin, T. Luo, D. G. Tsui, and W. Du, Code Injection Attacks on HTML5-based Mobile Apps, in Mobile Security Technologies (MoST), 2014.
[5] X. Jin, X. Hu, K. Ying, W. Du, Y. Heng, and G. Peri, Code injection attacks on HTML5-based mobile apps: Characterization, detection and mitigation, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014.
[6] M. Georgiev, S. Jana, and V. Shmatikov., Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks, in Proceeding of the Network and Distributed System Security Symposium (NDSS), 2014.
[8] D. Jaramillo, R. Smart, B. Furht, A. Agarwal, A secure extensible container for hybrid mobile applications, in Proceedings of IEEE.pp.1,5, 2013.

延伸閱讀

全文下載