You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > GUI

GUI White Papers

A Systematic Approach to Uncover Security Flaws in GUI Logic

Overview To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the human-computer interface is compromised. GUI logic flaws are category of software vulnerabilities that result from logic bugs in GUI design/implementation. Visual spoofing attacks that exploit these flaws can lure even security-conscious users to perform unintended actions. The focus of this paper is to formulate the problem of GUI logic flaws and to develop a methodology for uncovering them in software implementations. Specifically, based on an in-depth study of key subsets of Internet Explorer (IE) browser source code, it have developed a formal model for the browser GUI logic and have applied formal reasoning to uncover new spoofing scenarios, including nine for status bar spoofing and four for address bar spoofing.

Further White Paper Details
Publisher	Microsoft	File Format	PDF
Date Published	March 2007
Format	White Papers
Topics	GUI, Security Management

Did you find this white paper useful? 2 out of 7 users found this white paper useful

JDA MMS: Maximizing ROI and Getting More From the Same

With renewed focus on its MMS offering, JDA has demonstrated its commitment to the product and has announced the availability of a GUI version of MMS in the near future....

Publisher:
CIBER

Tags:
gui

Yacht Maker Transforms Customer Experience With Revolutionary Computing Platform

Luxury yacht maker Lazzara Yachts prides itself on its unique approach to building and selling the industry's finest boats. Since its founding in 1990, the family-owned company has emphasized quality...

Publisher:
Microsoft

Tags:
gui

Cisco UCS Manager Architecture

The Cisco UCS Manager model-driven framework separates the Cisco UCS Manager logic from platform implementation, making the software cleaner and easier to maintain. The Cisco UCS Manager's information model is...

Publisher:
Cisco Systems

Tags:
xml

ODS Graphics Designer: An Interactive Tool for Creating Batchable Graphs

The SAS/GRAPH ODS Graphics Designer is a GUI based interactive tool for users who want to create custom graph quickly without any programming. This paper will show how one can...

Publisher:
SAS Institute

Tags:
gui

SCL Is Gone: How Do I Get Variables From My Users Into SAS Enterprise Guide?

SAS Enterprise Guide is the GUI interface beginning with SAS 9. The GUI concept may take some getting used to for those of who have been coding SAS for a...

Publisher:
SAS Institute

Tags:
gui

Microsoft riled by adware scam

An adware purveyor has apparently used two previously unknown security flaws in Microsoft's Internet Explorer browser to install a toolbar on victims' computers that triggers pop-up ads, researchers said this week.

Channel:
Malware

Firefox update plugs phishing hole

The updated browser will display the IDN Punycode in the address bar, preventing URL spoofing. The Mozilla Foundation released on Thursday an update to the Firefox web browser to fix several vulnerabilities, including one that would allow domain...

Channel:
WebWatch

Firefox security update keeps people in the dark

The vulnerabilities reported by Secunia are spoofing flaws, which could let an attacker place malicious content on trusted websites. Most of the flaws would require some user interaction for an attacker to be able to exploit them, Hofmann said.

Trio of Windows flaws opens door to nasties

To exploit the flaws, an attacker could craft a malicious image and trick a Windows user to look at it on a malicious website or in an HTML email, for example, according to Microsoft. Three security flaws in the way Windows handles certain graphics...

Spoofing flaw unearthed in IE 7

The spoofing issue, rated "less critical" by Secunia, appears to be the first genuine, publicly disclosed flaw in the new Microsoft browser. It said: "This makes it possible to only display a part of the address bar, which may trick users into...

Microsoft probing holes in Vista, IE 7

Attackers could exploit the issue to spoof the browser address bar, FrSirt said. Neither of the flaws has been used in any attacks and exploiting the issues is difficult, a company representative said.

Featured White Papers

The Value of Location Intelligence in the Communications Industry

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities and government departments make more informed decisions and derive greater value from current location-based information and data. Read this whitepaper to see how you can take advantage of location intelligence.

Publisher:
Pitney Bowes

Best Practices for Translating Customer Satisfaction into Revenue

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language. How do you quantify customer satisfaction? Download the Best Practices for Benchmarking Customer Satisfaction to get industry research the Association of Support Professionals (ASP) on how to measure and leverage customer satisfaction.

Publisher:
Citrix Online

HP print solutions and 3M

the objective for 3M was to optimize office printing infrastructure at 3Mlocations worldwide Reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print soultions, More than $3 million in savings in first two years and Per page costs reduced by up to 90 percent.