以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：12

、訪客IP：3.145.119.199

姓名	張嘉顯(Jia-Sian Jhang)  查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	(TCGM: An Automatic Solution to Browserless Tapjacking Attacks)
相關論文	★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm ★ Discoverer- Rootkit即時偵測系統 ★ 一項Android手機上詐騙簡訊的偵測與防禦機制 ★ SRA系統防禦ARP欺騙劫持路由器 ★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines ★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統 ★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統 ★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection ★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks ★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection ★ Shark: Phishing Information Recycling from Spam Mails ★ FFRTD: Beat Fast-Flux by Response Time Differences ★ Antivirus Software Shield against Antivirus Terminators ★ MAC-YURI : My ACcount, YoUr ResponsIbility ★ KKBB: Kernel Keylogger Bye-Bye ★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載] 本電子論文使用權限為同意立即開放。 已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。 請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。
摘要(中)	Clickjacking是一個新型的網路攻擊，又稱做UI redress attack。Clickjacking通常發生在使用者嘗試點擊網頁上面的元素，但是這些元素上方覆蓋一層透明的元素，導致使用者不小心點擊到這些透明的元素。這些透明的元素，通常就是攻擊者想要使用者點擊的元素。 當這類Clickjacking攻擊發生在智慧型手機上時，這類攻擊又稱為Tapjacking攻擊。Tapjacking攻擊又可分為兩種，分為在瀏覽器上和非瀏覽器上的攻擊。這篇論文著重在非瀏覽器上的攻擊，因為這類攻擊造成比較嚴重的影響。我們重新還原了實際的攻擊情況，來證明Android提供的解決方法還是有缺陷。因此，這篇論文提供了一個新的防禦方法TCGM，來對抗非瀏覽器上的Tapjacking攻擊。 TCGM可以自動化阻擋非瀏覽器上的Tapjacking攻擊，而且非常有效果。不只如此，TCGM可以很輕鬆地整合進現有的Android framework。現有的手機廠商，甚至Google都可以很輕鬆的採用TCGM。
摘要(英)	Clickjacking is a kind of cyber attacks, also known as UI redress attack. Clickjacking happens when the user clicks on the element, which is set to be transparent and put on top of the other visible element. When the user wants to click on the visible element, he actually clicks on the transparent element without his attention. When clickjacking occurred on smartphones, there is a new term called “Tapjacking”. Tapjacking can be divided into two types, desktop-based UI redress attack and browserless UI redress attack. We focus on browserless tapjacking attack and construct a real world browserless tapjacking attack to prove that there are still some problems on the existing tapjacking solution provided by Android. Besides, this thesis also proposes a new solution “TCGM” against browserless tapjacking attack. Our solution “TCGM” can stop browserless tapjacking attack automatically and effectively unlike existing Android solution, which needs to be enabled manually. Moreover, our solution can be integrated into existing Android framework with ease and only a few lines of code need to be inserted.
關鍵字(中)	★ 觸控劫持	關鍵字(英)	★ Tapjacking
論文目次	中文摘要 i ABSTRACT ii 誌謝 iii CONTENTS iv LIST OF FIGURES vii LIST OF TABLES ix Chapter 1 Introduction 1 Chapter 2 Related Work 4 2.1 Tapjacking 4 2.2 Get Outside Touch Coordinates 5 2.3 New Type of Tapjacking 6 Chapter 3 Deep into Browserless Tapjacking Attack 8 3.1 Understand Type Feature 8 3.2 Case Study for Normal Apps 10 3.2.1 Facebook App 10 3.2.2 Bluelight Filter App 11 3.3 Construct a Browserless Tapjacking Attack 13 Chapter 4 TCGM: A Tapjacking Controlled Global Method 16 4.1 Normal Flow of Adding An Overlay View 16 4.2 Adopt TCGM 18 Chapter 5 Evaluation 22 5.1 Test Environment 22 5.2 Effectiveness 22 5.3 Performance 25 5.3.1 AnTuTu Benchmark Test 25 5.3.2 Average Time of Starting Normal App 26 5.3.3 Average Time of Creating Semitransparent and Nontransparent Overlay View 27 5.4 Limitation 28 Chapter 6 Conclusion 29 REFERENCES 31
參考文獻	[1] Jesse Ruderman, Bug 154957 - iframe content background defaults to transparent, https://bugzilla.mozilla.org/show_bug.cgi?id=154957, 2002. [2] Robert Hansen and Jeremiah Grossman, Clickjacking attack, http://www.sectheory.com/clickjacking.htm, 2008. [3] OSWAP, Clickjacking, https://www.owasp.org/index.php/Clickjacking. [4] IDC Worldwide Mobile Phone Tracker, https://www.idc.com/getdoc.jsp?containerId=prUS24701614, 2014. [5] Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein and Dan Boneh, “Framing Attacks on Smart Phones and Dumb Routers: Tap-jacking and Geo-localization Attacks”, http://seclab.stanford.edu/websec/framebusting/tapjacking.pdf, 2010. [6] David Richardson, LOOK-10-007 – TapJacking, https://blog.lookout.com/look-10-007-tapjacking/, 2010. [7] David Richardson, Tapjacking DEMO, https://www.youtube.com/watch?v=gCLU7YUXUAY [8] Android Developer Reference, View, https://developer.android.com/reference/android/view/View.html [9] Nick Pozoulakis, Sensing All Touch Events in Android OS, https://www.youtube.com/watch?v=TKcC3Q9Ss6o [10] Android Developer Reference, WindowManager.LayoutParams, https://developer.android.com/reference/android/view/WindowManager.LayoutParams.html [11] Marcus Niemietz and Jörg Schwenk, “UI Redressing Attacks on Android Devices”, Black Hat 2012. [12] Android Developer Reference, Manifest.permission, https://developer.android.com/reference/android/Manifest.permission.html
指導教授	許富皓(Fu-Hau Hsu)	審核日期	2014-7-29
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare