20
edits
Firefox OS/Research: Difference between revisions
Jump to navigation
Jump to search
→Security
| Line 37: | Line 37: | ||
== Security == | == Security == | ||
===[http://www.franziroesner.com/pdf/udac-oakland2012.pdf User-Driven Access Control] === | ===[http://www.franziroesner.com/pdf/udac-oakland2012.pdf User-Driven Access Control] === | ||
(Roesner et al) | |||
A more natural way of granting application permission: (Roesner et al) | |||
Build permission granting into normal user application workflow patterns with access control gadgets. Protected UI gadgets allow users to naturally give access to e.g. the camera by pressing a button with a camera on it. | Build permission granting into normal user application workflow patterns with access control gadgets. Protected UI gadgets allow users to naturally give access to e.g. the camera by pressing a button with a camera on it. | ||
=== Side Channel Attack Research (Shared Public Resource Privacy Leakage) === | |||
Study user privacy leakage from application/system public accessible resources. For FireFox OS, we can study the API design to find out possible leakage interfaces. | |||
=== Malware/Spyware Detection === | |||
Use systematical approach to ensure a secure environment of the application market. We can use program analysis method to statically or dynamically detect possible malware/spyware. | |||
=== Possible Privilege Escalation Problems === | |||
Inter-component communication via Intent in Android produces tons of privilege escalation attacks, such as permission re-delegation, component hijacking, etc. It would be interesting to see whether the web activity in Firefox OS, the equivalence of Intent, will enable the same attacks. If so, it is a good chance to build a defense system at this early age of B2G OS. | |||