Attacking End User's Applications by Run Time Modifications

M. Trampus, M. Ciglarič, M. Pančur, and T. Vidmar (Slovenia)


Security, Attack, Applications, Run time modification, Digital signature


The paper focuses on the attacks on system and application infrastructure. Main idea of our approach is to take advantage of existing applications and attack them while they are executing. We analyze the steps that need to be taken in such attacks and point out the properties of the applications and execution environments that can be exploited. To demonstrate the findings, we present two case studies of such attacks. The first exploits a web browser which uses SSL (Secure Sockets Layer) and the second an e mail client which uses digital signatures. In both cases we are able to successfully perform the attack which escapes the end user's notice. In the conclusion we present possible defence against such attacks.

Important Links:

Go Back