20
edits
Firefox OS/Research: Difference between revisions
Jump to navigation
Jump to search
→Security
| Line 51: | Line 51: | ||
===[http://www.franziroesner.com/pdf/udac-oakland2012.pdf User-Driven Access Control] === | ===[http://www.franziroesner.com/pdf/udac-oakland2012.pdf User-Driven Access Control] === | ||
A more natural way of granting application | A more natural way of granting application permissions: (Roesner et al) | ||
Build permission granting into normal user application workflow patterns with access control gadgets. Protected UI gadgets allow users to naturally give access to e.g. the camera by pressing a button with a camera on it. | Build permission granting into normal user application workflow patterns with access control gadgets. Protected UI gadgets allow users to naturally give access to e.g. the camera by pressing a button with a camera on it. | ||
| Line 60: | Line 60: | ||
=== Malware/Spyware Detection === | === Malware/Spyware Detection === | ||
Use systematical | Use systematical approaches to ensure a secure environment of the application market. We can use program analysis methods to statically or dynamically detect possible malware/spyware. | ||
=== Possible Privilege Escalation Problems === | === Possible Privilege Escalation Problems === | ||
Inter-component communication via Intent in Android produces tons of privilege escalation attacks, such as permission re-delegation, component hijacking, etc. It would be interesting to see whether the web activity in Firefox OS, the equivalence of Intent, | Inter-component communication via Intent in Android produces tons of privilege escalation attacks, such as permission re-delegation, component hijacking, etc. It would be interesting to see whether the web activity in Firefox OS, the equivalence of Intent, can enable the same attacks. If so, it is a good chance to build a defense system at this early age of B2G OS. | ||