TWC: Small: Collaborative: Characterizing the Security Limitations of Accessing the Mobile Web

TWC：小型：协作：描述访问移动网络的安全限制

• 批准号: 1222680
• 负责人: William Enck
• 金额: $ 16.7万
• 依托单位: North Carolina State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-10-01 至 2016-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1222680&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Characterizing; Security

Mobile browsers are beginning to serve as critical enablers of modern computing. With a combination of rich features that rival their desktop counterparts and strong security mechanisms such as TLS/SSL, these mobile browsers are becoming the basis of many other mobile apps. Unfortunately, the security guarantees provided by mobile browsers and the risks associated with today?s mobile web have not been evaluated in great detail. This project investigates the security of mobile browsers, the applications that build on them through APIs such as WebViews and the mobile specific websites they access. This research differs significantly from prior work; whereas previous research has focused largely on stand-alone, third-party applications, our work focuses on mobile browsers and the increasing number of applications using them as their basis for delivering content. Moreover, our work measures the extent to which the mobile web itself is vulnerable. The combination of these efforts aims to create the first longitudinal and principled study of the mobile web ecosystem.

移动的浏览器开始成为现代计算的关键推动者。这些移动的浏览器结合了与桌面浏览器相媲美的丰富功能和强大的安全机制（如TLS/SSL），正在成为许多其他移动的应用程序的基础。不幸的是，移动的浏览器提供的安全保证和与之相关的风险今天？的移动的web还没有被详细评估。该项目调查了移动的浏览器的安全性，通过API（如WebViews）构建的应用程序以及它们访问的移动的特定网站。这项研究与以前的工作有很大的不同，而以前的研究主要集中在独立的第三方应用程序，我们的工作重点是移动的浏览器和越来越多的应用程序使用它们作为提供内容的基础。此外，我们的工作衡量了移动的网络本身的脆弱程度。这些努力的结合旨在创建对移动的网络生态系统的第一个纵向和原则性研究。