Please use this identifier to cite or link to this item: https://doi.org/10.1007/978-3-642-34129-8_35
Title: Detecting and preventing ActiveX API-misuse vulnerabilities in internet explorer
Authors: Dai, T.
Sathyanarayan, S.
Yap, R.H.C. 
Liang, Z. 
Issue Date: 2012
Source: Dai, T.,Sathyanarayan, S.,Yap, R.H.C.,Liang, Z. (2012). Detecting and preventing ActiveX API-misuse vulnerabilities in internet explorer. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 7618 LNCS : 373-380. ScholarBank@NUS Repository. https://doi.org/10.1007/978-3-642-34129-8_35
Abstract: ActiveX is used to build reusable software components in Microsoft Windows. It is widely used by many Windows applications, such as Internet Explorer and Microsoft Office. As general-purpose components, ActiveX controls expose methods to applications, which may be used in ways unexpected by the ActiveX designer, leading to malicious activities. We call such misuse of ActiveX methods - ActiveX API misuse vulnerabilities. In this paper, we present a solution which identifies and prevents API misuse of ActiveX controls in Internet Explorer. We construct models to represent normal functionality of ActiveX methods, and identify ActiveX API misuse by identifying the methods that can reach dangerous (system) APIs. We then develop a technique for Internet Explorer to prevent the use of dangerous ActiveX methods. We evaluated our approach on six real-world ActiveX controls. We are able to identify and prevent ActiveX API misuse in these controls. Our approach is effective in detecting ActiveX API misuse and has negligible overhead for preventing attacks. © 2012 Springer-Verlag.
Source Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
URI: http://scholarbank.nus.edu.sg/handle/10635/41755
ISBN: 9783642341281
ISSN: 03029743
DOI: 10.1007/978-3-642-34129-8_35
Appears in Collections:Staff Publications

Show full item record
Files in This Item:
There are no files associated with this item.

Page view(s)

80
checked on Dec 16, 2017

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.