May 5, 2017
Access control for plugins in cordova-based hybrid applications
Proceedings - International Conference on Advanced Information Networking and Applications, AINA
- ,
- ,
- First page
- 1063
- Last page
- 1069
- Language
- English
- Publishing type
- Research paper (international conference proceedings)
- DOI
- 10.1109/AINA.2017.61
- Publisher
- IEEE
© 2017 IEEE. Hybrid application frameworks such as Cordovaallow mobile application (app) developers to create platformindependent apps. The code is written in JavaScript, with special APIs to access device resources in a platform-agnostic way. In this paper, we present a novel app-repackaging attack that repackages hybrid apps with malicious code, this code can exploit Cordova's plugin interface to tamper with device resources. We further demonstrate a defense against this attack through the use of a novel runtime access control mechanism that restricts access based on the mobile user's judgement. Our mechanism is easy to introduce to existing Cordova apps, and allows developers to produce apps that are resistant to app-repackaging attacks.
- Link information
-
- DOI
- https://doi.org/10.1109/AINA.2017.61
- DBLP
- https://dblp.uni-trier.de/rec/conf/aina/KudoYA17
- Web of Science
- https://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcAuth=JSTA_CEL&SrcApp=J_Gate_JST&DestLinkType=FullRecord&KeyUT=WOS:000403329000143&DestApp=WOS_CPL
- Scopus
- https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85019698044&origin=inward
- Scopus Citedby
- https://www.scopus.com/inward/citedby.uri?partnerID=HzOxMe3b&scp=85019698044&origin=inward
- URL
- https://dblp.uni-trier.de/conf/aina/2017
- URL
- https://dblp.uni-trier.de/db/conf/aina/aina2017.html#KudoYA17
- ID information
-
- DOI : 10.1109/AINA.2017.61
- ISSN : 1550-445X
- ISBN : 9781509060290
- DBLP ID : conf/aina/KudoYA17
- SCOPUS ID : 85019698044
- Web of Science ID : WOS:000403329000143