{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T11:44:39Z","timestamp":1725795879953},"publisher-location":"Cham","reference-count":55,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319085081"},{"type":"electronic","value":"9783319085098"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-08509-8_5","type":"book-chapter","created":{"date-parts":[[2014,6,13]],"date-time":"2014-06-13T07:04:32Z","timestamp":1402643072000},"page":"72-91","source":"Crossref","is-referenced-by-count":15,"title":["Attacks on Android Clipboard"],"prefix":"10.1007","author":[{"given":"Xiao","family":"Zhang","sequence":"first","affiliation":[]},{"given":"Wenliang","family":"Du","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"About the Clipboard, http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms649012v=vs.85.aspx"},{"key":"5_CR2","unstructured":"AndroGuard, http:\/\/code.google.com\/p\/androguard\/"},{"key":"5_CR3","unstructured":"Android Malware Genome Project, http:\/\/www.malgenomeproject.org\/"},{"key":"5_CR4","unstructured":"Android Scheme, http:\/\/developer.android.com\/reference\/org\/apache\/http\/conn\/scheme\/Scheme.html"},{"key":"5_CR5","unstructured":"Android Terminal, https:\/\/play.google.com\/store\/apps\/details?id=com.linxmap.androidterminal&hl=en"},{"key":"5_CR6","unstructured":"Clipboard Hijack Attack, http:\/\/whatis.techtarget.com\/definition\/clipboard-hijack-attack"},{"key":"5_CR7","unstructured":"Firefox Disallows javascript in its URL Bar, https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=656433"},{"key":"5_CR8","unstructured":"Get It Done Task List, https:\/\/play.google.com\/store\/apps\/details?id=com.marcucio.getitdone&hl=en"},{"key":"5_CR9","unstructured":"HttpOnly, https:\/\/www.owasp.org\/index.php\/HttpOnly"},{"key":"5_CR10","unstructured":"iOS SDK: Working with URL Schemes, http:\/\/mobile.tutsplus.com\/tutorials\/iphone\/ios-sdk-working-with-url-schemes\/"},{"key":"5_CR11","unstructured":"JSLint, http:\/\/www.jslint.com\/"},{"key":"5_CR12","unstructured":"JSure, https:\/\/github.com\/berke\/jsure"},{"key":"5_CR13","unstructured":"Marine Martial Arts MCRP 3-02B, https:\/\/play.google.com\/store\/apps\/details?id=com.appopus.MCRP_3_02B&hl=en"},{"key":"5_CR14","unstructured":"Pasting a javascript: url from the omnibar removes the protocol, http:\/\/code.google.com\/p\/chromium\/issues\/detail?id=85232"},{"key":"5_CR15","unstructured":"Phishing, http:\/\/en.wikipedia.org\/wiki\/Phishing"},{"key":"5_CR16","unstructured":"Phishing Techniques, http:\/\/www.phishing.org\/phishing-techniques\/"},{"key":"5_CR17","unstructured":"PhoneGap: Easily create apps using the web technologies you know and love: HTML, CSS and JavaScript, http:\/\/phonegap.com"},{"key":"5_CR18","unstructured":"phpBB, https:\/\/www.phpbb.com\/"},{"key":"5_CR19","unstructured":"RSA\u2019s October Online Fraud Report, including summary of Phishing and Social Networking (2012), http:\/\/brianpennington.co.uk\/2012\/10\/25\/rsas-october-online-fraud-report-2012-including-summary-of-phishing-and-social-networking\/"},{"key":"5_CR20","unstructured":"Same-origin policy, http:\/\/en.wikipedia.org\/wiki\/Same-origin_policy"},{"key":"5_CR21","unstructured":"Samsung Smart TV Now, https:\/\/play.google.com\/store\/apps\/details?id=com.samsung.videocloud"},{"key":"5_CR22","unstructured":"Self-XSS Attack Explained, https:\/\/www.facebook.com\/photo.php?v=956977232793"},{"key":"5_CR23","unstructured":"Self XSS protection bypass to paste and execute Javascript in the address-bar, https:\/\/code.google.com\/p\/chromium\/issues\/detail?id=123213"},{"key":"5_CR24","unstructured":"Statistics and Facts about Android, http:\/\/www.statista.com\/topics\/876\/android\/"},{"key":"5_CR25","series-title":"LNICST","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-319-04283-1_6","volume-title":"Security and Privacy in Communication Networks","author":"Y. Aafer","year":"2013","unstructured":"Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol.\u00a0127, pp. 86\u2013103. Springer, Heidelberg (2013)"},{"key":"5_CR26","unstructured":"Android-Team. WebView Class Reference, http:\/\/developer.android.com\/reference\/android\/webkit\/WebView.html"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (2012)","DOI":"10.1145\/2382196.2382222"},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-540-70542-0_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"P. Bisht","year":"2008","unstructured":"Bisht, P., Venkatakrishnan, V.N.: XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 23\u201343. Springer, Heidelberg (2008)"},{"key":"5_CR29","unstructured":"Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universit\u00e4t Darmstadt (April 2011)"},{"key":"5_CR30","unstructured":"Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards Taming Privilege-Escalation Attacks on Android. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), San Diego, California, USA (February 2012)"},{"key":"5_CR31","unstructured":"Bugiel, S., Heuser, S., Sadeghi, A.R.: Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In: 22nd USENIX Security Symposium (USENIX Security 2013), USENIX (August 2013)"},{"key":"5_CR32","doi-asserted-by":"crossref","unstructured":"Chan, P.P.F., Hui, L.C.K., Yiu, S.M.: DroidChecker: analyzing Android applications for capability. In: Proceedings of the Fifth ACM conference on Security and Privacy in Wireless and Mobile Networks (2012)","DOI":"10.1145\/2185448.2185466"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing Inter-Application Communication in Android (June 2011)","DOI":"10.1145\/1999995.2000018"},{"key":"5_CR34","doi-asserted-by":"crossref","unstructured":"Davi, L., Dmitrienko, A., Sadeghi, A., Winandy, M.: Privilege Escalation Attacks on Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA (October 2010)","DOI":"10.1007\/978-3-642-18178-8_30"},{"key":"5_CR35","unstructured":"Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: Proceedings of the 20th USENIX Conference on Security Symposium (2011)"},{"key":"5_CR36","unstructured":"Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (2010)"},{"key":"5_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-39884-1_12","volume-title":"Financial Cryptography and Data Security","author":"S. Fahl","year":"2013","unstructured":"Fahl, S., Harbach, M., Oltrogge, M., Muders, T., Smith, M.: Hey, you, get off of my clipboard - on how usability trumps security in android password managers. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol.\u00a07859, pp. 144\u2013161. Springer, Heidelberg (2013)"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"5_CR39","unstructured":"Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: Proceedings of the 20th USENIX Conference on Security Symposium (2011)"},{"key":"5_CR40","unstructured":"Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic Detection of Capability Leaks in Stock Android Smartphones. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium (2012)"},{"key":"5_CR41","doi-asserted-by":"crossref","unstructured":"Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren\u2019t the droids you\u2019re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (2011)","DOI":"10.1145\/2046707.2046780"},{"key":"5_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/11863908_27","volume-title":"Computer Security \u2013 ESORICS 2006","author":"M. Johns","year":"2006","unstructured":"Johns, M.: SessionSafe: Implementing XSS Immune Session Handling. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol.\u00a04189, pp. 444\u2013460. Springer, Heidelberg (2006)"},{"key":"5_CR43","doi-asserted-by":"crossref","unstructured":"Luo, T., Hao, H., Du, W., Wang, Y., Yin, H.: Attacks on WebView in the Android System. In: Annual Computer Security Applications Conference, ACSAC (2011)","DOI":"10.1145\/2076732.2076781"},{"key":"5_CR44","unstructured":"Martin, M., Lam, M.S.: Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking. In: USENIX-SS (2008)"},{"key":"5_CR45","doi-asserted-by":"crossref","unstructured":"Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (2010)","DOI":"10.1145\/1755688.1755732"},{"key":"5_CR46","doi-asserted-by":"crossref","unstructured":"Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically Rich Application-Centric Security in Android. In: Proceedings of the 2009 Annual Computer Security Applications Conference (2009)","DOI":"10.1109\/ACSAC.2009.39"},{"key":"5_CR47","doi-asserted-by":"crossref","unstructured":"Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: Privilege Separation for Applications and Advertisers in Android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (2012)","DOI":"10.1145\/2414456.2414498"},{"key":"5_CR48","unstructured":"Shekhar, S., Dietz, M., Wallach, D.S.: AdSplit: Separating Smartphone Advertising from Applications. In: Proceedings of the 21st USENIX Conference on Security Symposium (2012)"},{"key":"5_CR49","unstructured":"Smalley, S., Craig, R.: Security Enhanced (SE) Android: Bringing Flexible MAC to Android. In: 20th Annual Network and Distributed System Security Symposium (NDSS 2013), San Diego, CA (February 2013)"},{"key":"5_CR50","unstructured":"Ter Louw, M., Bisht, P., Venkatakrishnan, V.N.: Analysis of Hypertext Isolation Techniques for {XSS} Prevention. In: Web 2.0 Security and Privacy (May 2008)"},{"key":"5_CR51","doi-asserted-by":"crossref","unstructured":"Wang, R., Xing, L., Wang, X., Chen, S.: Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation. In: ACM Conference on Computer and Communications Security (ACM CCS), Berlin, Germany (2013)","DOI":"10.1145\/2508859.2516727"},{"key":"5_CR52","doi-asserted-by":"crossref","unstructured":"Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: ICSE (2008)","DOI":"10.1145\/1368088.1368112"},{"key":"5_CR53","unstructured":"Xu, R., Sa\u00efdi, H., Anderson, R.: Aurasium: practical policy enforcement for Android applications. In: Proceedings of the 21st USENIX Conference on Security Symposium (2012)"},{"key":"5_CR54","doi-asserted-by":"crossref","unstructured":"Zhang, X., Ahlawat, A., Du., W.: AFrame: Isolating Advertisements from Mobile Applications in Android. In: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana, USA (December 2013)","DOI":"10.1145\/2523649.2523652"},{"key":"5_CR55","unstructured":"Zhou, Y., Jiang, X.: Detecting Passive Content Leaks and Pollution in Android Applications. In: Proceedings of the 20th Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2013)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-08509-8_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,8]],"date-time":"2022-04-08T00:51:02Z","timestamp":1649379062000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-08509-8_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319085081","9783319085098"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-08509-8_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}