English  |  正體中文  |  简体中文  |  Items with full text/Total items : 66984/66984 (100%)
Visitors : 22916184      Online Users : 1300
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/65695


    Title: TCGM: An Automatic Solution to Browserless Tapjacking Attacks
    Authors: 張嘉顯;Jhang,Jia-Sian
    Contributors: 資訊工程學系
    Keywords: 觸控劫持;Tapjacking
    Date: 2014-07-29
    Issue Date: 2014-10-15 17:08:25 (UTC+8)
    Publisher: 國立中央大學
    Abstract: Clickjacking是一個新型的網路攻擊,又稱做UI redress attack。Clickjacking通常發生在使用者嘗試點擊網頁上面的元素,但是這些元素上方覆蓋一層透明的元素,導致使用者不小心點擊到這些透明的元素。這些透明的元素,通常就是攻擊者想要使用者點擊的元素。
    當這類Clickjacking攻擊發生在智慧型手機上時,這類攻擊又稱為Tapjacking攻擊。Tapjacking攻擊又可分為兩種,分為在瀏覽器上和非瀏覽器上的攻擊。這篇論文著重在非瀏覽器上的攻擊,因為這類攻擊造成比較嚴重的影響。我們重新還原了實際的攻擊情況,來證明Android提供的解決方法還是有缺陷。因此,這篇論文提供了一個新的防禦方法TCGM,來對抗非瀏覽器上的Tapjacking攻擊。
    TCGM可以自動化阻擋非瀏覽器上的Tapjacking攻擊,而且非常有效果。不只如此,TCGM可以很輕鬆地整合進現有的Android framework。現有的手機廠商,甚至Google都可以很輕鬆的採用TCGM。
    ;Clickjacking is a kind of cyber attacks, also known as UI redress attack. Clickjacking happens when the user clicks on the element, which is set to be transparent and put on top of the other visible element. When the user wants to click on the visible element, he actually clicks on the transparent element without his attention.
    When clickjacking occurred on smartphones, there is a new term called “Tapjacking”. Tapjacking can be divided into two types, desktop-based UI redress attack and browserless UI redress attack. We focus on browserless tapjacking attack and construct a real world browserless tapjacking attack to prove that there are still some problems on the existing tapjacking solution provided by Android. Besides, this thesis also proposes a new solution “TCGM” against browserless tapjacking attack.
    Our solution “TCGM” can stop browserless tapjacking attack automatically and effectively unlike existing Android solution, which needs to be enabled manually. Moreover, our solution can be integrated into existing Android framework with ease and only a few lines of code need to be inserted.
    Appears in Collections:[資訊工程研究所] 博碩士論文

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML248View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明