Android系统点击劫持攻防技术研究
Android계통점격겁지공방기술연구
Study of Clickjacking Technology on Android
  • 万方数据
    计算机技术与发展 계산궤기술여발전
    Computer Technology and Development
    2015年 10期 135-139 ,共5页

    钱正旸%施勇%薛质

    전정양%시용%설질

    Android安全%点击劫持%Tapjacking%Web View Android安全%點擊劫持%Tapjacking%Web View
    Android안전%점격겁지%Tapjacking%Web View
    Android security%Clickjacking%Tapjacking%WebView
    点击劫持攻击是近年来出现的一种新型Web攻击手段,使用多层透明或不透明的界面欺骗用户点击实现攻击。随着移动互联网的发展和普及,此类攻击逐渐在移动平台中出现,并具有更强的隐蔽性和危害性。文中在总结传统Web点击劫持攻击方法的基础上,深入研究了Android系统中点击劫持攻击的原理,重点分析了基于通知视图( Toast)的点击劫持攻击( Tapjacking)与基于网页视图( WebView)的点击劫持攻击两种攻击方式的实现方法。由于X-FRAME-OPTIONS与Frame Busting代码等传统Web点击劫持防御方法存在一定局限性,无法有效地防御Android系统点击劫持攻击,文中研究了几种针对Android系统点击劫持攻击的防御手段,能在一定程度上减缓该类攻击的危害。
    점격겁지공격시근년래출현적일충신형Web공격수단,사용다층투명혹불투명적계면기편용호점격실현공격。수착이동호련망적발전화보급,차류공격축점재이동평태중출현,병구유경강적은폐성화위해성。문중재총결전통Web점격겁지공격방법적기출상,심입연구료Android계통중점격겁지공격적원리,중점분석료기우통지시도( Toast)적점격겁지공격( Tapjacking)여기우망혈시도( WebView)적점격겁지공격량충공격방식적실현방법。유우X-FRAME-OPTIONS여Frame Busting대마등전통Web점격겁지방어방법존재일정국한성,무법유효지방어Android계통점격겁지공격,문중연구료궤충침대Android계통점격겁지공격적방어수단,능재일정정도상감완해류공격적위해。
    Clickjacking is a new type of Web attack in recent years. It uses transparent or overlapping interfaces spoofing user clicks. With the development and popularization of Mobile Internet,such attack appears on the mobile platforms,and is more harmful and indetect-able. In this paper,based on summarizing the traditional Clickjacking attack on the web,research the theories in depth on Android,mainly analyze Tapjacking and WebView-based Clickjacking. Because the traditional Clickjacking has certain limitations such as X-FRAME-OPTIONS and Frame Busting code,cannot effectively defense Android Clickjacking attack,in this paper study several defense way a-gainst Clickjacking,which can slow down the dangers of this kind of attack to a certain extent.
    원문보기 원문다운로드 사이트로이동
저자의 최근 논문