| Publisher | Microsoft | ||
|---|---|---|---|
| Format | 645.6KB PDF | Date added | 25 Mar 2007 |
| Topics | GUI, Security Management | ||
| Downloads | 12 | ||
To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the human-computer interface is compromised. GUI logic flaws are category of software vulnerabilities that result from logic bugs in GUI design/implementation. Visual spoofing attacks that exploit these flaws can lure even security-conscious users to perform unintended actions. The focus of this paper is to formulate the problem of GUI logic flaws and to develop a methodology for uncovering them in software implementations. Specifically, based on an in-depth study of key subsets of Internet Explorer (IE) browser source code, it have developed a formal model for the browser GUI logic and have applied formal reasoning to uncover new spoofing scenarios, including nine for status bar spoofing and four for address bar spoofing.
Did you find this white paper useful?
21 out of 50 users found this white paper useful
Related white papers
JDA MMS: Maximizing ROI and Getting More From the Same
With renewed focus on its MMS offering, JDA has demonstrated its commitment to the product and has announced the availability of a GUI version of MMS in the near future....
Yacht Maker Transforms Customer Experience With Revolutionary Computing Platform
Luxury yacht maker Lazzara Yachts prides itself on its unique approach to building and selling the industry's finest boats. Since its founding in 1990, the family-owned company has emphasized quality...
Cisco UCS Manager Architecture
The Cisco UCS Manager model-driven framework separates the Cisco UCS Manager logic from platform implementation, making the software cleaner and easier to maintain. The Cisco UCS Manager's information model is...
ODS Graphics Designer: An Interactive Tool for Creating Batchable Graphs
The SAS/GRAPH ODS Graphics Designer is a GUI based interactive tool for users who want to create custom graph quickly without any programming. This paper will show how one can...
SCL Is Gone: How Do I Get Variables From My Users Into SAS Enterprise Guide?
SAS Enterprise Guide is the GUI interface beginning with SAS 9. The GUI concept may take some getting used to for those of who have been coding SAS for a...
MSDN Webcast: Enterprise Build Automation With Team System and Team Build (Level 300)
There are five key characteristics of every enterprise build automation solution. The presenter of this webcast explains each of them and examines how Microsoft Visual Studio Team System 2008 provides...
Web Presence Is Now Crucial and Cheap Web Design Companies Facilitate the Perfect Way Out
This is the age of online communication and electronic commerce, with communication convergence the dynamics of information delivery has taken a new shape. Now World Wide Web is the major...
