Sciweavers

SP
2007
IEEE

A Systematic Approach to Uncover Security Flaws in GUI Logic

14 years 5 months ago
A Systematic Approach to Uncover Security Flaws in GUI Logic
To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the human-computer interface is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic bugs in GUI design/implementation. Visual spoofing attacks that exploit these flaws can lure even securityconscious users to perform unintended actions. The focus of this paper is to formulate the problem of GUI logic flaws and to develop a methodology for uncovering them in software implementations. Specifically, based on an in-depth study of key subsets of Internet Explorer (IE) browser source code, we have developed a formal model for the browser GUI logic and have applied formal reasoning to uncover new spoofing scenarios, including nine for status bar spoofing and four for address bar spoofing. The IE development team has confirmed all these scenarios and has fixed most of them in their latest build. Through this work, we demonstrate that ...
José Meseguer, Ralf Sasse, Helen J. Wang, Y
Added 04 Jun 2010
Updated 04 Jun 2010
Type Conference
Year 2007
Where SP
Authors José Meseguer, Ralf Sasse, Helen J. Wang, Yi-Min Wang
Comments (0)