Logo des Repositoriums
 

On the misuse of graphical user interface elements to implement security controls

dc.contributor.authorMulliner, Collin
dc.contributor.authorRobertson, William
dc.contributor.authorKirda, Engin
dc.date.accessioned2018-04-13T09:16:44Z
dc.date.available2018-04-13T09:16:44Z
dc.date.issued2017
dc.description.abstractGUIs are the predominant means by which users interact with modern programs. GUIs contain a number of common visual elements widgets such as buttons, textfields, and lists, and GUIs typically provide the ability to change attributes on these widgets to control their visibility and behavior. While these attributes are extremely useful to provide visual cues to users to guide them through an application's GUI, they can also be misused for purposes they were not intended. In particular, in the context of GUI-based applications that include multiple privilege levels within the application, GUI element attributes may be misused as a mechanism for enforcing access control policies. This work presents a method to detect misuse of user interface elements to implement access control, it is based on our earlier work1 that introduced the vulnerability class the we refer to as GEMs, or instances of GUI element misuse. Using our GEM detection method we discovered unknown vulnerabilities in several applications.en
dc.identifier.doi10.1515/itit-2016-0036
dc.identifier.pissn1611-2776
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/16402
dc.language.isoen
dc.publisherDe Gruyter
dc.relation.ispartofit - Information Technology: Vol. 59, No. 5
dc.subjectVulnerability analysis
dc.subject graphical user interfaces
dc.subject access control
dc.titleOn the misuse of graphical user interface elements to implement security controlsen
dc.typeText/Journal Article
gi.citation.publisherPlaceBerlin
gi.citation.startPage59
gi.conference.sessiontitleThematic Issue: Vulnerability Analysis

Dateien