Baskaran et al., 2023 - Google Patents
Measuring the leakage and exploitability of authentication secrets in super-apps: The wechat caseBaskaran et al., 2023
View PDF- Document ID
- 1825824693493117452
- Author
- Baskaran S
- Zhao L
- Mannan M
- Youssef A
- Publication year
- Publication venue
- Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses
External Links
Snippet
Super-apps such as WeChat and Baidu host millions of mini-apps, which are very popular among users and developers because of the mini-apps' convenience, lightweight, ease of sharing, and not requiring explicit installation. Such ecosystems involve several entities …
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9582668B2 (en) | Quantifying the risks of applications for mobile devices | |
| US10482260B1 (en) | In-line filtering of insecure or unwanted mobile device software components or communications | |
| US9438631B2 (en) | Off-device anti-malware protection for mobile devices | |
| Lu et al. | Demystifying resource management risks in emerging mobile app-in-app ecosystems | |
| Bianchi et al. | Exploitation and mitigation of authentication schemes based on device-public information | |
| Zhang et al. | App in the middle: Demystify application virtualization in Android and its security threats | |
| Baskaran et al. | Measuring the leakage and exploitability of authentication secrets in super-apps: The wechat case | |
| Mahmud et al. | Cardpliance:{PCI}{DSS} Compliance of Android Applications | |
| Wang et al. | Uncovering and exploiting hidden apis in mobile super apps | |
| Kuchhal et al. | Evaluating the Security Posture of Real-World FIDO2 Deployments | |
| Deverashetti et al. | Security analysis of menstruation cycle tracking applications using static, dynamic and machine learning techniques | |
| Guo et al. | An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives | |
| Lee et al. | A study on realtime detecting smishing on cloud computing environments | |
| Sentana et al. | An empirical analysis of security and privacy risks in android cryptocurrency wallet apps | |
| Sharma et al. | Smartphone security and forensic analysis | |
| AL-Aufi et al. | Security Testing of Android Applications Using Drozer | |
| Yıldırım et al. | A research on software security vulnerabilities of new generation smart mobile phones | |
| Shi et al. | An empirical study on mobile payment credential leaks and their exploits | |
| Verma | A security analysis of smartphones | |
| Zuo | Multi-Dimensional Identification of Vulnerable Access Control in Mobile Applications | |
| Keys | Smartphone financial transactions: Security risks and control options | |
| Kumar | Exploiting App Differences for Security Analysis of Multi-Geo Mobile Ecosystems | |
| Wang et al. | A trusted mobile payment environment based on trusted computing and virtualization technology | |
| Huo et al. | Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow | |
| Shi | Security Analyses of Multi-Party Authentication and Authorization Protocols in Mobile Applications |