«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

[1]钱正旸,施勇,薛质. Android系统点击劫持攻防技术研究[J].计算机技术与发展,2015,25(10):135-139.
　QIAN Zheng-yang,SHI Yong,XUE Zhi. Study of Clickjacking Technology on Android[J].,2015,25(10):135-139.
点击复制

Android系统点击劫持攻防技术研究()

分享到：

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:: 25
期数:: 2015年10期

页码:: 135-139

栏目:: 安全与防范

出版日期:: 2015-10-10

文章信息/Info

Title:: Study of Clickjacking Technology on Android

文章编号:: 1673-629X（2015)10-0135-05

作者:: 钱正旸; 施勇; 薛质; 1.上海交通大学信息安全工程学院；2.上海市信息安全综合管理技术研究重点实验室

Author(s):: QIAN Zheng-yang; SHI Yong; XUE Zhi

关键词:: ; Android安全; 点击劫持; Tapjacking ; Web View

Keywords:: ; Android security; Clickjacking; Tapjacking; WebView

分类号:: TP393

文献标志码:: A

摘要:: 点击劫持攻击是近年来出现的一种新型Web攻击手段，使用多层透明或不透明的界面欺骗用户点击实现攻击。随着移动互联网的发展和普及，此类攻击逐渐在移动平台中出现，并具有更强的隐蔽性和危害性。文中在总结传统Web点击劫持攻击方法的基础上，深入研究了Android系统中点击劫持攻击的原理，重点分析了基于通知视图( Toast)的点击劫持攻击( Tapjacking)与基于网页视图( WebView)的点击劫持攻击两种攻击方式的实现方法。由于X-FRAME-OPTIONS与Frame Busting代码等传统Web点击劫持防御方法存在一定局限性，无法有效地防御Android系统点击劫持攻击，文中研究了几种针对Android系统点击劫持攻击的防御手段，能在一定程度上减缓该类攻击的危害。

Abstract:: Clickjacking is a new type of Web attack in recent years. It uses transparent or overlapping interfaces spoofing user clicks. With the development and popularization of Mobile Internet,such attack appears on the mobile platforms,and is more harmful and indetect-able. In this paper,based on summarizing the traditional Clickjacking attack on the web,research the theories in depth on Android,mainly analyze Tapjacking and WebView-based Clickjacking. Because the traditional Clickjacking has certain limitations such as X-FRAME-OPTIONS and Frame Busting code,cannot effectively defense Android Clickjacking attack,in this paper study several defense way a-gainst Clickjacking,which can slow down the dangers of this kind of attack to a certain extent.

相似文献/References:

[1]冯博,戴航,慕德俊.Android恶意软件检测方法研究[J].计算机技术与发展,2014,24(02):149.
　FENG Bo,DAI Hang,MU De-jun.Research of Malware Detection Approach for Android[J].,2014,24(10):149.
[2]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
　ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(10):1.
[3]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
　LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(10):5.
[4]黄静,王枫,谢志新,等. EAST文档管理系统的设计与实现[J].计算机技术与发展,2014,24(07):13.
　HUANG Jing,WANG Feng,XIE Zhi-xin,et al. Design and Implementation of EAST Document Management System[J].,2014,24(10):13.
[5]侯善江[],张代远[][][]. 基于样条权函数神经网络P2P流量识别方法[J].计算机技术与发展,2014,24(07):21.
　HOU Shan-jiang[],ZHANG Dai-yuan[][][]. P2P Traffic Identification Based on Spline Weight Function Neural Network[J].,2014,24(10):21.
[6]李璨,耿国华,李康,等. 一种基于三维模型的文物碎片线图生成方法[J].计算机技术与发展,2014,24(07):25.
　LI Can,GENG Guo-hua,LI Kang,et al. A Method of Obtaining Cultural Debris’ s Line Chart Based on Three-dimensional Model[J].,2014,24(10):25.
[7]翁鹤,皮德常. 混沌RBF神经网络异常检测算法[J].计算机技术与发展,2014,24(07):29.
　WENG He,PI De-chang. Chaotic RBF Neural Network Anomaly Detection Algorithm[J].,2014,24(10):29.
[8]刘茜[],荆晓远[],李文倩[],等. 基于流形学习的正交稀疏保留投影[J].计算机技术与发展,2014,24(07):34.
　LIU Qian[],JING Xiao-yuan[,LI Wen-qian[],et al. Orthogonal Sparsity Preserving Projections Based on Manifold Learning[J].,2014,24(10):34.
[9]尚福华,李想,巩淼. 基于模糊框架-产生式知识表示及推理研究[J].计算机技术与发展,2014,24(07):38.
　SHANG Fu-hua,LI Xiang,GONG Miao. Research on Knowledge Representation and Inference Based on Fuzzy Framework-production[J].,2014,24(10):38.
[10]叶偲,李良福,肖樟树. 一种去除运动目标重影的图像镶嵌方法研究[J].计算机技术与发展,2014,24(07):43.
　YE Si,LI Liang-fu,XIAO Zhang-shu. Research of an Image Mosaic Method for Removing Ghost of Moving Targets[J].,2014,24(10):43.

常用功能

工具/Tools

统计/Statistics

摘要浏览/Viewed989
全文下载/Downloads551
评论/Comments