Abstract
Abstract GUIs are the predominant means by which users interact with modern programs. GUIs contain a number of common visual elements widgets such as buttons, textfields, and lists, and GUIs typically provide the ability to change attributes on these widgets to control their visibility and behavior. While these attributes are extremely useful to provide visual cues to users to guide them through an application's GUI, they can also be misused for purposes they were not intended. In particular, in the context of GUI-based applications that include multiple privilege levels within the application, GUI element attributes may be misused as a mechanism for enforcing access control policies. This work presents a method to detect misuse of user interface elements to implement access control, it is based on our earlier work C. Mulliner, W. Robertson, and E. Kirda, “Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces”, in Proceedings of the IEEE Symposium on Security and Privacy, 2014. that introduced the vulnerability class the we refer to as GEMs, or instances of GUI element misuse. Using our GEM detection method we discovered unknown vulnerabilities in several applications.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.