Top Banner
Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 박박박 1
27

Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

Mar 30, 2015

Download

Documents

Elyse Snelson
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

1

Gibraltar: Exposing Hardware De-vices to Web Pages Using AJAX

2013. 10. 21

Mobile Lab

박세준

Page 2: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

2

Contents

- Intro

- Design Scheme

- Implementation

- Application

- Security

- Evaluation

- Related Work & Conclusion

Page 3: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

3

Intro

• Web developers who want to exploit local de-vice face choices

Both of them has lack of portability.

Page 4: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

4

Intro

• Alternative solution– Ex. <input>– Original HTML tag(Before HTML5)

• <input type=“submit” value=“Register”>• Submit data from form to server or other object in web

pages session

– Applied HTML tag• <input type="file" name="image"

accept="image/*" capture>• Shot picture(image) saved to file with using camera

From http://w3.org/TR/html-media-capture

Page 5: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

5

Intro

• Trade-offs– Native application

• Faster response time– It can exploit device-optimized libraries

• Needs installation, depends on OS

– Cross platform application such as HTML5• No dependency

– User only connect to web with URL

• Higher response time, Vulnerability– Javascript is aware to most of all OS and browsers but it has to

be interpreted to local domain– Javascript and web browsers has a lot of surface that can be

attacked or manipulated

Page 6: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

6

Intro

• Gibraltar: Take only advantages– Simply, it is hardware abstraction to web

• HTTP is medium like IPC• Device server acts like kernel• Really, it is in browser with sandboxed

– Advantages merged• Low response time• No installation• Secure access control• Compatibility

– HTML5 ->Gibraltar(X)– Gibraltar ->HTML5(O)

Page 7: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

7

Design

• Separated modules– Based on privilege separation– hardware.js

• Consists of javascript codes• Provide public Gibraltar API• Compiler: from page request

to AJAX raw code

– Device server• Independence with browser• In principle, a device server

only allows one origin data• Manages authorization,

alarms when suspiciousrequest received

Page 8: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

8

Design

• Manifest authorization– When installing android application

install manager ask to user– So does Gibraltar– A page / pages which want to

access device should have amanifest describing what toaccess

– New page requests access /Old page requests new access: User have to approve permission

Page 9: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

9

Design

• Find the in common

허접쓰레기

referrer

Page 10: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

10

Design

• Find the in common

허접쓰레기http://www.korean.go.kr

referrerhttp://en.wikipedia.org/wiki/Referrer

Page 11: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

11

Design

• Session management– Referrer field

• If there is a link to y.html in x.html and this linkhas been activated, a HTTP request that makes page x.html to move y.html contains x.html in referrer field

• Possibility of fake request (Replay attack)

– Replay attack• Reuse session or cookie

Trusted.com Device server1. Request device access

3. Exists : Inspect mapping table with token4-1. Equal : Approve access4-2. Different : Ignore request & Alarm5. No : Create new unique token(=mapping) The token is transmitted to page

Trusted.com/x.htm

2. Check if granted token exists

Untrusted.-com/x.htm

X

Suspicious request:Denied because of different mapping

Page 12: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

12

Design

• Sensor widgets– Browser’s perspective

• Creating/copying authorized token in web browser to gain permission to device

1. Request device access

Device server

Sensor widget

Trusted.com

2. Send authorized token

3. Capture & copy authorized tokenin a browser

4. Try to get hardware access permission

5. Sensor widgets alert userbecause there is no trusted pagebut browser is trying to accesshardware with authorized token

Page 13: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

13

Design

• Sensor API– Many devices (GPS, camera, bluetooth, …)– Web pages can gain sensor data via Gibraltar’s API

in a time or several times– It aids various sensors & devices conveniently

singleQuery()

hardware.jsTrusted.com

continuousQuery()

Abstraction(Simple code)

In detail(Complex code)

sensorAdded()sensorRemoved()

startSensor()stopSensor()

Page 14: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

14

Design

• Processor API– Designed to support multi-core CPU & GPU– Inspired by OpenCL(Open Computing Language)– enqueueKernel()

• Specify which kernel will execute job

– setKernelData()• Set data to be computed parallel

– Two parallelism methods• Plural enqueueKernel() call & setKernelData(scalar)• An enqueueKernel() call & setKernelData(vector)

– executeKernels()• Automatic distribution & coordination & intercommunication

Page 15: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

15

Design

• Storage API– Provides a key/value storage interface– HTML5 DOM storage provides a key/value storage,

too• But it is only to non-removable storage

• As shown above, there is no specific field to assignstorage in DOM

interface Storage { readonly attribute unsigned long length; DOMString? key(unsigned long index); getter DOMString? getItem(DOMString key); setter creator void setItem(DOMString key, DOMString

value); deleter void removeItem(DOMString key); void clear(); };

from dev.w3.org/html5/webstorage

Page 16: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

16

Design

• Remote device access– By default, it is disabled

• To prevent security problem• If it is allowed, seizing referrer field or duplicating capable

token can occur

– Alleviation through whitelist• Users must explicitly designate IP or DNS

– It is done by constructing user driven manifest by oneself• But user care about the list extremely to prevent

security issues

Page 17: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

17

Implementation

• Gibdroid– Implementation Gibraltar to Android– There is two sensors classified by data rate

• High data rate : video cam, accelerator• Low data rate : picture cam, GPS

– To alleviate throughput drop, Gibdroid uses indefinite size frame for high data rate• Session establishing messages hurt performance between

Gibdroid and device

Page 18: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

18

Application

• 4 Applications using Gibraltar API– MapQueest

• Uses GPS data of user’s location• Uses local cached tile expressed key-value

(tileID, fileSystemLocation), e.g. (1B, /map/00011011)

– Shazam• Identifies playing music• Exploit complex computation with Processor API

– Gibraltar Paint• Canvas on browser of desktop

is drawn by a mobile device

– Pacman• Same manner as above

Page 19: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

19

Security

• Two security issues– The device access request is reliable?

• If there is weird browser, how can system detect?

– If once data from hardware has been transmitted, what can system do?• Isn’t that mend the barn after the horse is stolen?

– Five security principals• User, Gibraltar, OS, Web page, Web browser• The system concerned two component: page, browser

– Three defenses• Referrer, Sensor widget, Legitimate page

Page 20: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

20

Security

And operation:

Fake referrer

Steal token

legitimately-authorized page

No satisfactionall of them,no attack success

referrer<token<authorized page

Page 21: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

21

Security

• If browser is reliable, then?– No attack is going to be succeeded– Modern browsers, e.g. IE9, Chrome support

process isolation– Attacker’s try that steal token from authorized page

won’t be succeeded• Because of process separation• Place of attacker’s process is different with

authorized page’s process• So attacker has no route for authorized page’s token

Page 22: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

22

Evaluation

• Multi-core machinesWrite latency is superiorover HTML5Asynchronous write policyIf Gibraltar write policy isset to write-through, thenresult will be similar toHTML5

Read latency is inferiorto HTML5Inferior local storage using method to HTML5’s such ascaching user data to avoid fetching it over a slow network

Page 23: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

23

Evaluation

• Single-core machines

Raw performance is inferior to Dual-core’s oneModern smartphones all adopt multi-core systemGibraltar can exploit this advantage and bad performance for single-corewill be reduce gratefully..

Page 24: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

24

Evaluation

• Single-core machines

LeftAccelerator and geolocation sensor is sufficient to use interactive app(The rate approaches null rate)

RightServer push is superior to R-R. However, when the setting of R-R is turn to server push it is reduced dramatically. It doesn’t come from server push technique but from diverse devise server

Page 25: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

25

Evaluation

• Sampling rate

Gibdroid’s throughput is almost Native’s one.

Page 26: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

26

Evaluation

• Power consumption

Gibdroid accelerator and browsing consumes much powerBut it comes from not Gibdroid’s bad architecture, but frombrowser and device server

Page 27: Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 1.

27

Thank you!