JavaScript: The Definitive Guide
JavaScript: The Definitive Guide
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Tiny Web Services for Sensor Device Interoperability
IPSN '08 Proceedings of the 7th international conference on Information processing in sensor networks
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Comet and Reverse Ajax: The Next-Generation Ajax 2.0
Comet and Reverse Ajax: The Next-Generation Ajax 2.0
Engineering heap overflow exploits with JavaScript
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Isolating web programs in modern browser architectures
Proceedings of the 4th ACM European conference on Computer systems
SoundSense: scalable sound sensing for people-centric applications on mobile phones
Proceedings of the 7th international conference on Mobile systems, applications, and services
Efficient application integration in IP-based sensor networks
Proceedings of the First ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Buildings
Mugshot: deterministic capture and replay for Javascript applications
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Tightlip: keeping applications from spilling the beans
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Maverick: providing web applications with safe and flexible access to local devices
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
CsFire: transparent client-side mitigation of malicious cross-domain requests
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
On the challenges of building a web-based ubiquitous application platform
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Extending the web to support personal network services
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Multi-device application middleware: leveraging the ubiquity of the Web with webinos
The Journal of Supercomputing
| Hi-index | 0.00 |
Gibraltar is a new framework for exposing hardware devices to web pages. Gibraltar's fundamental insight is that Java-Script's AJAX facility can be used as a hardware access protocol. Instead of relying on the browser to mediate device interactions, Gibraltar sandboxes the browser and uses a small device server to handle hardware requests. The server uses native code to interact with devices, and it exports a standard web server interface on the localhost. To access hardware, web pages send device commands to the server using HTTP requests; the server returns hardware data via HTTP responses. Using a client-side JavaScript library, we build a simple yet powerful device API atop this HTTP transfer protocol. The API is particularly useful to developers of mobile web pages, since mobile platforms like cell phones have an increasingly wide array of sensors that, prior to Gibraltar, were only accessible via native code plugins or the limited, inconsistent APIs provided by HTML5. Our implementation of Gibraltar on Android shows that Gibraltar provides stronger security guarantees than HTML5; furthermore, it shows that HTTP is responsive enough to support interactive web pages that perform frequent hardware accesses. Gibraltar also supports an HTML5 compatibility layer that implements the HTML5 interface but provides Gibraltar's stronger security.