software components for secure mobile web application
play

Software Components for Secure Mobile Web Application Platforms - PowerPoint PPT Presentation

Jun 23, 2023 •435 likes •531 views

Software Components for Secure Mobile Web Application Platforms Patrik Persson & Bjrn Johansson Ericsson Research Mobile Platforms, Lund, Sweden About us Ericsson Research in Lund, Sweden Device security, application

  1. Software Components for Secure Mobile Web Application Platforms Patrik Persson & Björn Johansson Ericsson Research Mobile Platforms, Lund, Sweden

  2. About us  Ericsson Research in Lund, Sweden – Device security, application environments, ... – Working tightly with Ericsson Mobile Platforms (EMP)  EMBRACE: Ericsson Mobile Browser Research And Cool Extensions – Prototype Widget-based terminal – EMP 3G platform, Linux kernel, Webkit, W3C- style Widgets W3C workshop, London 2 2008-12-11

  3. Motivation: Separation of concerns  Need separation of – Platform – Browser engine – Device APIs – Access control  Need a vendor-neutral access control mechanism – Assuming policy defined by operator, manufacturer, community, or other  Software component technology W3C workshop, London 3 2008-12-11

  4. Why software components?  Software component models – Separation of platform and application (separate address spaces possible) – Single entry point  centralized access control (method interception) – Can be fairly light-weight (e.g., COM/ECM)  Interfaces described in IDL (interface description language) – Translated to glue code in JavaScript, C/C++, Java, ... – Language independence (with limitations) W3C workshop, London 4 2008-12-11

  5. COM/IDL translation example Interface Description Language Generated proxy (IDL) (JavaScript) interface ICall { function ICall (...) { int start (char * nbr); function start (nbr) { ... }; void stop (int session); function stop (session) { ... }; void answer (int session); function answer (session) { ... }; void reject (int session); function reject (session) { ... }; } }  Automatic IDL-to-JavaScript translator – COM interface instances  JavaScript proxy components – COM callback interfaces  JavaScript event handlers  Some IDL limitations apply (e.g., regarding void*) W3C workshop, London 5 2008-12-11

  6. Basic architecture JavaScript apps Application Layer Javascript (possibly Implements (de-facto) standard APIs untrusted) Shim Layer in terms of platform primitives Maintains identity of currently Context Layer executing application Trusted Access decision: Access Control Layer platform Map interface  required access domain API functionality Platform Layer W3C workshop, London 6 2008-12-11

  7. Conclusions  Advantages – Separation of concerns – Language independence (C/C++, Java, JavaScript, Python, Ruby, ...) – Single entry point  centralized access control – ECM (COM-like) proven in mobile devices  Challenges – Maintaining run-time identity – Dynamically downloadable shim layers? – Performance & footprint – User experience W3C workshop, London 7 2008-12-11

  8. W3C workshop, London 8 2008-12-11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS371m - Mobile Computing Anatomy of an Android App and the App Lifecycle Application Components

CS371m - Mobile Computing Anatomy of an Android App and the App Lifecycle Application Components

CS371m - Mobile Computing Anatomy of an Android App and the App Lifecycle Application Components four primary components (plus one) different purposes and different lifecycles Activity single screen with a user interface, app may

646 views • 33 slides
iOS App Components CS 4720 Mobile Application Development CS 4720 iOS Architecture CS 4720

iOS App Components CS 4720 Mobile Application Development CS 4720 iOS Architecture CS 4720

iOS App Components CS 4720 Mobile Application Development CS 4720 iOS Architecture CS 4720 2 Building Blocks UIApplication The main entry point for your app Each app has exactly one instance of this class Provides the

427 views • 25 slides
SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS

SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS

SECURE PROGRAMMING A.A. 2018/2019 TERMINOLOGY System, Social and Mobile Security SECURITY FLAWS Software engineering has long been concerned with the elimination of software defects. A software defect is the encoding of a human error into

1.75k views • 156 slides
Android'Applica,on'Components:' Lifecycle'and'State' ' Mobile'and'Ubiquitous'Compu,ng'

Android'Applica,on'Components:' Lifecycle'and'State' ' Mobile'and'Ubiquitous'Compu,ng'

Android'Applica,on'Components:' Lifecycle'and'State' ' Mobile'and'Ubiquitous'Compu,ng' MEIC/MERC'2015/16' ' ' Nuno'Santos' 1.#APPLICATION#COMPONENTS# Mobile'and'Ubiquitous'Compu,ng'2015/16' Android'Components'

704 views • 35 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco,

Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco,

Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco, California, April 2001 Markus Jakobsson David Pointcheval David Pointcheval Adam Young Dept dInformatique Lockheed Martin Bell Laboratories Lucent

429 views • 7 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE

1.07k views • 72 slides
Mobile Edge Computing Wei-Yu Chen Outline 5G Communication Components Computation

Mobile Edge Computing Wei-Yu Chen Outline 5G Communication Components Computation

Mobile Edge Computing Wei-Yu Chen Outline 5G Communication Components Computation Offloading Mobility Management and Service Migration 5G Communication Components Software Defined Network(SDN) Network Function

621 views • 23 slides
Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE SECURITY SPECIALIST Agenda Software Security Overview Software Security Methodologies Security Test Methods Analysis Tools Tools

497 views • 25 slides
Secure Scalable CCT Secure Scalable CCTV, Mobile, and W Mobile, and Wearable earable Video F

Secure Scalable CCT Secure Scalable CCTV, Mobile, and W Mobile, and Wearable earable Video F

WSB-2017 17 J January 2 2017 17 Secure Scalable CCT Secure Scalable CCTV, Mobile, and W Mobile, and Wearable earable Video F Video Face R ce Recognition cognition Brian Lo Brian Lovell ll The Univer The Univ ersity of Queensland

784 views • 62 slides
CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and

CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and

CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and Design 8 January 2019 OSU CSE 1 Restated Learning Outcomes Theme 1: software engineering concepts Be familiar with sound software engineering

535 views • 17 slides
What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recent Security Incidents Garmin Ransomware -- $10 million Sync servers down for many days

506 views • 21 slides
Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels Ronald Kainda, Ivan

Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels Ronald Kainda, Ivan

Introduction Framework Application Conclusion Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels Ronald Kainda, Ivan Flechais, A.W. Roscoe International Workshop on Security and Privacy in Spontaneous Interaction

539 views • 17 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why a Mobile Application Code? Extend the NAI compliance program into the mobile application space Provide extra flexibility for this rapidly

319 views • 18 slides
Lepton Collider Simulations With WHIZARD New Developments Wolfgang Kilian University of Siegen

Lepton Collider Simulations With WHIZARD New Developments Wolfgang Kilian University of Siegen

Lepton Collider Simulations With WHIZARD New Developments Wolfgang Kilian University of Siegen CEPC Workshop, IHEP, Beijing November 2017 W. Kilian (U Siegen) WHIZARD Nov 2017 1 / 29 Overview WHIZARD: Overview Scope WHIZARD is a

501 views • 29 slides
Roaming tiger Anton Cherepanov cherepanov@eset.sk Intro In 2014 ESET observed similar attacks in

Roaming tiger Anton Cherepanov cherepanov@eset.sk Intro In 2014 ESET observed similar attacks in

Roaming tiger Anton Cherepanov cherepanov@eset.sk Intro In 2014 ESET observed similar attacks in Russia and CIS countries: Belarus, Kazakhstan, Kyrgyzstan, Tajikistan, Ukraine and Uzbekistan Similarities: Same infection vectors Use of

766 views • 20 slides
RAMP-White / FAST-MP Hari Angepat and Derek Chiou Electrical and Computer Engineering University

RAMP-White / FAST-MP Hari Angepat and Derek Chiou Electrical and Computer Engineering University

RAMP-White / FAST-MP Hari Angepat and Derek Chiou Electrical and Computer Engineering University of Texas at Austin Supported in part by DOE, NSF, SRC,Bluespec, Intel, Xilinx, IBM, and Freescale RAMP-White Overview Use existing FPGA

870 views • 25 slides
CombiHeader: Minimizing the Number of Shim Headers in Redundancy Elimination Systems Sumanta

CombiHeader: Minimizing the Number of Shim Headers in Redundancy Elimination Systems Sumanta

CombiHeader: Minimizing the Number of Shim Headers in Redundancy Elimination Systems Sumanta Saha, Andrey Lukyanenko and Antti Yl-Jski Aalto University School of Science, Finland (Formerly, Helsinki University of Technology) Outline

443 views • 12 slides
LIE BRACKETS AND STABILITY OF SWITCHED SYSTEMS Daniel Liberzon Coordinated Science

LIE BRACKETS AND STABILITY OF SWITCHED SYSTEMS Daniel Liberzon Coordinated Science

LIE BRACKETS AND STABILITY OF SWITCHED SYSTEMS Daniel Liberzon Coordinated Science Laboratory and Dept. of Electrical & Computer Eng., Univ. of Illinois at Urbana-Champaign Happy 60 th birthday, Eduardo! 1 of 22 SWITCHED SYSTEMS

434 views • 22 slides
The event generator WHIZARD Jrgen R. Reuter, DESY J.R.Reuter WHIZARD

The event generator WHIZARD Jrgen R. Reuter, DESY J.R.Reuter WHIZARD

/23 The event generator WHIZARD Jrgen R. Reuter, DESY J.R.Reuter WHIZARD MBI 2016, U. Wisconsin, Madison, 25.08.16 1 /23 W,HIggs,Z And Respective Decays Jrgen R. Reuter, DESY J.R.Reuter

1.02k views • 81 slides
Web Components Whats the Catch? TJ VanToll | @tjvantoll

Web Components Whats the Catch? TJ VanToll | @tjvantoll

Web Components Whats the Catch? TJ VanToll | @tjvantoll Kendo UI jQuery UI UI libraries are seen as the ideal use case for web

717 views • 52 slides
A B Intelligent Agents Chapter 2 Percepts: location and contents, e.g., [ A, Dirty ] Actions:

A B Intelligent Agents Chapter 2 Percepts: location and contents, e.g., [ A, Dirty ] Actions:

Vacuum-cleaner world A B Intelligent Agents Chapter 2 Percepts: location and contents, e.g., [ A, Dirty ] Actions: Left , Right , Suck , NoOp Chapter 2 1 Chapter 2 4 Outline A vacuum-cleaner agent Agents and environments Percept

412 views • 5 slides

More recommend