| Summary: | 碩士 === 國立臺灣大學 === 電機工程學研究所 === 103 === Hybrid mobile applications have been widely used in the modern smartphones. These applications are implemented in HTML5 and the native language of the operating system. The developers use WebView components to wrap the part of HTML5 and register the communication channel between WebView and the part of native language. However, the communication channel is vulnerable. Malicious web pages may be loaded in the WebView and attack the device through the communication channel. In this thesis, we proposed a framework to protect the communication channel. This framework includes two parts. The first one is fined-grained access control which protects the communication channel. The second is malicious bridge API call detection which detects the malicious usage of the communication channel. According to the experimental result, the proposed framework blocks malicious access efficiently. Moreover, the second approach achieves high accuracy and reduces the labeled training data at the same time.
|
|---|
