1 / 27

Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX

Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX. 2013. 10. 21 Mobile Lab 박세 준. Contents. Intro Design Scheme Implementation Application Security Evaluation Related Work & Conclusion. Intro. Web developers who want to exploit local device face choices

cadee
Download Presentation

Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX 2013. 10. 21 Mobile Lab 박세준

  2. Contents • Intro • Design Scheme • Implementation • Application • Security • Evaluation • Related Work & Conclusion

  3. Intro • Web developers who want to exploit local device face choices Both of them has lack of portability.

  4. Intro • Alternative solution • Ex. <input> • Original HTML tag(Before HTML5) • <input type=“submit” value=“Register”> • Submit data from form to server or other object in web pages session • Applied HTML tag • <input type="file" name="image" accept="image/*" capture> • Shot picture(image) saved to file with using camera From http://w3.org/TR/html-media-capture

  5. Intro • Trade-offs • Native application • Faster response time • It can exploit device-optimized libraries • Needs installation, depends on OS • Cross platform application such as HTML5 • No dependency • User only connect to web with URL • Higher response time, Vulnerability • Javascript is aware to most of all OS and browsers but it has to be interpreted to local domain • Javascript and web browsers has a lot of surface that can be attacked or manipulated

  6. Intro • Gibraltar: Take only advantages • Simply, it is hardware abstraction to web • HTTP is medium like IPC • Device server acts like kernel • Really, it is in browser with sandboxed • Advantages merged • Low response time • No installation • Secure access control • Compatibility • HTML5 ->Gibraltar(X) • Gibraltar ->HTML5(O)

  7. Design • Separated modules • Based on privilege separation • hardware.js • Consists of javascript codes • Provide public Gibraltar API • Compiler: from page requestto AJAX raw code • Device server • Independence with browser • In principle, a device serveronly allows one origin data • Manages authorization,alarms when suspiciousrequest received

  8. Design • Manifest authorization • When installing android applicationinstall manager ask to user • So does Gibraltar • A page / pages which want toaccess device should have amanifest describing what toaccess • New page requests access /Old page requests new access: User have to approve permission

  9. Design • Find the in common 허접쓰레기 referrer

  10. Design • Find the in common 허접쓰레기 http://www.korean.go.kr referrer http://en.wikipedia.org/wiki/Referrer

  11. Design • Session management • Referrer field • If there is a link to y.html in x.html and this linkhas been activated, a HTTP request that makes page x.html to move y.html contains x.html in referrer field • Possibility of fake request (Replay attack) • Replay attack • Reuse session or cookie 1. Request device access Trusted.com Device server X 3. Exists : Inspect mapping table with token 4-1. Equal : Approve access 4-2. Different : Ignore request & Alarm 5. No : Create new unique token(=mapping) The token is transmitted to page Trusted.com/x.htm 2. Check if granted token exists Untrusted.com/x.htm Suspicious request: Denied because of different mapping

  12. Design • Sensor widgets • Browser’s perspective • Creating/copying authorized token in web browser to gain permission to device 5. Sensor widgets alert user because there is no trusted page but browser is trying to access hardware with authorized token Trusted.com 1. Request device access 4. Try to get hardware access permission Device server Sensor widget 3. Capture & copy authorized token in a browser 2. Send authorized token

  13. Design • Sensor API • Many devices (GPS, camera, bluetooth, …) • Web pages can gain sensor data via Gibraltar’s API in a time or several times • It aids various sensors & devices conveniently Abstraction (Simple code) In detail (Complex code) singleQuery() Trusted.com hardware.js continuousQuery() startSensor() stopSensor() sensorAdded() sensorRemoved()

  14. Design • Processor API • Designed to support multi-core CPU & GPU • Inspired by OpenCL(Open Computing Language) • enqueueKernel() • Specify which kernel will execute job • setKernelData() • Set data to be computed parallel • Two parallelism methods • Plural enqueueKernel() call& setKernelData(scalar) • An enqueueKernel() call & setKernelData(vector) • executeKernels() • Automatic distribution & coordination & intercommunication

  15. Design • Storage API • Provides a key/value storage interface • HTML5 DOM storage provides a key/value storage, too • But it is only to non-removable storage • As shown above, there is no specific field to assignstorage in DOM interface Storage { readonlyattribute unsigned long length; DOMString? key(unsigned long index); getter DOMString? getItem(DOMString key); setter creator void setItem(DOMString key, DOMString value); deletervoid removeItem(DOMString key); void clear(); }; from dev.w3.org/html5/webstorage

  16. Design • Remote device access • By default, it is disabled • To prevent security problem • If it is allowed, seizing referrer field or duplicating capable token can occur • Alleviation through whitelist • Users must explicitly designate IP or DNS • It is done by constructing user driven manifest by oneself • But user care about the list extremely to preventsecurity issues

  17. Implementation • Gibdroid • Implementation Gibraltar to Android • There is two sensors classified by data rate • High data rate : video cam, accelerator • Low data rate : picture cam, GPS • To alleviate throughput drop, Gibdroid uses indefinite size frame for high data rate • Session establishing messages hurt performance between Gibdroid and device

  18. Application • 4 Applications using Gibraltar API • MapQueest • Uses GPS data of user’s location • Uses local cached tile expressed key-value(tileID, fileSystemLocation), e.g. (1B, /map/00011011) • Shazam • Identifies playing music • Exploit complex computation with Processor API • Gibraltar Paint • Canvas on browser of desktopis drawn by a mobile device • Pacman • Same manner as above

  19. Security • Two security issues • The device access request is reliable? • If there is weird browser, how can system detect? • If once data from hardware has been transmitted, what can system do? • Isn’t that mend the barn after the horse is stolen? • Five security principals • User, Gibraltar, OS, Web page, Web browser • The system concerned two component: page, browser • Three defenses • Referrer, Sensor widget, Legitimate page

  20. Security And operation: Fake referrer Steal token legitimately-authorized page No satisfaction all of them, no attack success referrer<token<authorized page

  21. Security • If browser is reliable, then? • No attack is going to be succeeded • Modern browsers, e.g. IE9, Chrome supportprocess isolation • Attacker’s try that steal token from authorized page won’t be succeeded • Because of process separation • Place of attacker’s process is different withauthorized page’s process • So attacker has no route for authorized page’s token

  22. Evaluation • Multi-core machines Write latency is superior over HTML5 Asynchronous write policy If Gibraltar write policy is set to write-through, then result will be similar toHTML5 Read latency is inferior to HTML5 Inferior local storage using method to HTML5’s such as caching user data to avoid fetching it over a slow network

  23. Evaluation • Single-core machines Raw performance is inferior to Dual-core’s one Modern smartphones all adopt multi-core system Gibraltar can exploit this advantage and bad performance for single-core will be reduce gratefully..

  24. Evaluation • Single-core machines Left Accelerator and geolocation sensor is sufficient to use interactive app (The rate approaches null rate) Right Server push is superior to R-R. However, when the setting of R-R is turn to server push it is reduced dramatically. It doesn’t come from server push technique but from diverse devise server

  25. Evaluation • Sampling rate Gibdroid’s throughput is almost Native’s one.

  26. Evaluation • Power consumption Gibdroid accelerator and browsing consumes much power But it comes from not Gibdroid’s bad architecture, but frombrowser and device server

  27. Thank you!

More Related