Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

Similar presentations

Presentation on theme: "Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1."— Presentation transcript:

1 Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX Mobile Lab 1

2 Contents 2 -Intro -Design Scheme -Implementation -Application -Security -Evaluation -Related Work & Conclusion

3 Intro Web developers who want to exploit local device face choices Both of them has lack of portability. 3

4 Intro Alternative solution –Ex. –Original HTML tag(Before HTML5) Submit data from form to server or other object in web pages session –Applied HTML tag Shot picture(image) saved to file with using camera From 4

5 Intro Trade-offs –Native application Faster response time –It can exploit device-optimized libraries Needs installation, depends on OS –Cross platform application such as HTML5 No dependency –User only connect to web with URL Higher response time, Vulnerability –Javascript is aware to most of all OS and browsers but it has to be interpreted to local domain –Javascript and web browsers has a lot of surface that can be attacked or manipulated 5

6 Intro Gibraltar: Take only advantages –Simply, it is hardware abstraction to web HTTP is medium like IPC Device server acts like kernel Really, it is in browser with sandboxed –Advantages merged Low response time No installation Secure access control Compatibility –HTML5 ->Gibraltar(X) –Gibraltar ->HTML5(O) 6

7 Design Separated modules –Based on privilege separation –hardware.js Consists of javascript codes Provide public Gibraltar API Compiler: from page request to AJAX raw code –Device server Independence with browser In principle, a device server only allows one origin data Manages authorization, alarms when suspicious request received 7

8 Design Manifest authorization –When installing android application install manager ask to user –So does Gibraltar –A page / pages which want to access device should have a manifest describing what to access –New page requests access / Old page requests new access : User have to approve permission 8

9 Design Find the in common referrer 9

10 Design Find the in common referrer 10

11 Design Session management –Referrer field If there is a link to y.html in x.html and this link has been activated, a HTTP request that makes page x.html to move y.html contains x.html in referrer field Possibility of fake request (Replay attack) –Replay attack Reuse session or cookie 11 Trusted.comDevice server 1. Request device access 3. Exists : Inspect mapping table with token 4-1. Equal : Approve access 4-2. Different : Ignore request & Alarm 5. No : Create new unique token(=mapping) The token is transmitted to page x.htm 2. Check if granted token exists x.htm Suspicious request: Denied because of different mapping

12 Design Sensor widgets –Browsers perspective Creating/copying authorized token in web browser to gain permission to device Request device access Device server Sensor widget 2. Send authorized token 3. Capture & copy authorized token in a browser 4. Try to get hardware access permission 5. Sensor widgets alert user because there is no trusted page but browser is trying to access hardware with authorized token

13 Design Sensor API –Many devices (GPS, camera, bluetooth, …) –Web pages can gain sensor data via Gibraltars API in a time or several times –It aids various sensors & devices conveniently 13 singleQuery() continuousQuery() Abstraction (Simple code) In detail (Complex code) sensorAdded() sensorRemoved() startSensor() stopSensor()

14 Design Processor API –Designed to support multi-core CPU & GPU –Inspired by OpenCL(Open Computing Language) –enqueueKernel() Specify which kernel will execute job –setKernelData() Set data to be computed parallel –Two parallelism methods Plural enqueueKernel() call & setKernelData(scalar) An enqueueKernel() call & setKernelData(vector) –executeKernels() Automatic distribution & coordination & intercommunication 14

15 Design Storage API –Provides a key/value storage interface –HTML5 DOM storage provides a key/value storage, too But it is only to non-removable storage As shown above, there is no specific field to assign storage in DOM 15 interface Storage { readonly attribute unsigned long length;length DOMString? key(unsigned long index);key getter DOMString? getItem(DOMString key);getItem setter creator void setItem(DOMString key, DOMString value); deleter void removeItem(DOMString key); void clear();setItemremoveItemclear }; from

16 Design Remote device access –By default, it is disabled To prevent security problem If it is allowed, seizing referrer field or duplicating capable token can occur –Alleviation through whitelist Users must explicitly designate IP or DNS –It is done by constructing user driven manifest by oneself But user care about the list extremely to prevent security issues 16

17 Implementation Gibdroid –Implementation Gibraltar to Android –There is two sensors classified by data rate High data rate : video cam, accelerator Low data rate : picture cam, GPS –To alleviate throughput drop, Gibdroid uses indefinite size frame for high data rate Session establishing messages hurt performance between Gibdroid and device 17

18 Application 4 Applications using Gibraltar API –MapQueest Uses GPS data of users location Uses local cached tile expressed key-value (tileID, fileSystemLocation), e.g. (1B, /map/ ) –Shazam Identifies playing music Exploit complex computation with Processor API –Gibraltar Paint Canvas on browser of desktop is drawn by a mobile device –Pacman Same manner as above 18

19 Security Two security issues –The device access request is reliable? If there is weird browser, how can system detect? –If once data from hardware has been transmitted, what can system do? Isnt that mend the barn after the horse is stolen? –Five security principals User, Gibraltar, OS, Web page, Web browser The system concerned two component: page, browser –Three defenses Referrer, Sensor widget, Legitimate page 19

20 Security And operation: Fake referrer Steal token legitimately- authorized page No satisfaction all of them, no attack success referrer

21 Security If browser is reliable, then? –No attack is going to be succeeded –Modern browsers, e.g. IE9, Chrome support process isolation –Attackers try that steal token from authorized page wont be succeeded Because of process separation Place of attackers process is different with authorized pages process So attacker has no route for authorized pages token 21

22 Evaluation Multi-core machines Write latency is superior over HTML5 Asynchronous write policy If Gibraltar write policy is set to write-through, then result will be similar to HTML5 Read latency is inferior to HTML5 Inferior local storage using method to HTML5s such as caching user data to avoid fetching it over a slow network 22

23 Evaluation Single-core machines Raw performance is inferior to Dual-cores one Modern smartphones all adopt multi-core system Gibraltar can exploit this advantage and bad performance for single-core will be reduce gratefully.. 23

24 Evaluation Single-core machines Left Accelerator and geolocation sensor is sufficient to use interactive app (The rate approaches null rate) Right Server push is superior to R-R. However, when the setting of R-R is turn to server push it is reduced dramatically. It doesnt come from server push technique but from diverse devise server 24

25 Evaluation Sampling rate Gibdroids throughput is almost Natives one. 25

26 Evaluation Power consumption Gibdroid accelerator and browsing consumes much power But it comes from not Gibdroids bad architecture, but from browser and device server 26

27 Thank you! 27

Download ppt "Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1."

Similar presentations

Ads by Google