Enterprise WebRTC Powered by Browser Extensions

ABSTRACT We use browser extensions to solve two important issues in adopting WebRTC (Web Real-Time Communications) in enterprises: how to integrate WebRTC-centric communication with existing systems such as corporate directories, communication infrastructure and intranet websites, and how to traverse media paths across enterprise firewalls. Vclick is a simple and easy to use web-based video collaboration application that enables click-to-call from other webpages. SecureEdge is a network border traversal system for policy and security enforcement, and consists of a secure media relay that sits at the network border or in the cloud. A browser extension in the enterprise user's device transparently injects this media relay in every WebRTC media path needing to traverse the enterprise network edge to enable authenticated border traversal without help from the websites hosting the WebRTC pages. We attempt to generically support WebRTC in enterprises on a variety of application scenarios instead of creating another fragmented communication island. The challenges faced and techniques used in our proof-of-concepts are likely extensible to other enterprise WebRTC scenarios using the emerging HTML5 technologies

A Survey of the Selenium Ecosystem

Selenium is often considered the de-facto standard framework for end-to-end web testing nowadays. It allows practitioners to drive web browsers (such as Chrome, Firefox, Edge, or Opera) in an automated fashion using different language bindings (such as Java, Python, or JavaScript, among others). The term ecosystem, referring to the open-source software domain, includes various components, tools, and other interrelated elements sharing the same technological background. This article presents a descriptive survey aimed to understand how the community uses Selenium and its ecosystem. This survey is structured in seven categories: Selenium foundations, test development, system under test, test infrastructure, other frameworks, community, and personal experience. In light of the current state of Selenium, we analyze future challenges and opportunities around it.This work has been supported by the European Commission under the H2020 project "MICADO" (GA-822717), by the Government of Spain through the project "BugBirth" (RTI2018-101963-B-100), by the Regional Government of Madrid (CM) through the project "EDGEDATA-CM" (P2018/TCS-4499) cofunded by FSE & FEDER, and by the project "Analytics using sensor data for FlatCity" (MINECO/ERDF, EU) funded in part by the Spanish Agencia Estatal de Investigación (AEI) under Grant TIN2016-77158-C4-1-R and in part by the European Regional Development Fund (ERDF)

Computational Resource Abuse in Web Applications

Internet browsers include Application Programming Interfaces (APIs) to support Web applications that require complex functionality, e.g., to let end users watch videos, make phone calls, and play video games. Meanwhile, many Web applications employ the browser APIs to rely on the user's hardware to execute intensive computation, access the Graphics Processing Unit (GPU), use persistent storage, and establish network connections. However, providing access to the system's computational resources, i.e., processing, storage, and networking, through the browser creates an opportunity for attackers to abuse resources. Principally, the problem occurs when an attacker compromises a Web site and includes malicious code to abuse its visitor's computational resources. For example, an attacker can abuse the user's system networking capabilities to perform a Denial of Service (DoS) attack against third parties. What is more, computational resource abuse has not received widespread attention from the Web security community because most of the current specifications are focused on content and session properties such as isolation, confidentiality, and integrity. Our primary goal is to study computational resource abuse and to advance the state of the art by providing a general attacker model, multiple case studies, a thorough analysis of available security mechanisms, and a new detection mechanism. To this end, we implemented and evaluated three scenarios where attackers use multiple browser APIs to abuse networking, local storage, and computation. Further, depending on the scenario, an attacker can use browsers to perform Denial of Service against third-party Web sites, create a network of browsers to store and distribute arbitrary data, or use browsers to establish anonymous connections similarly to The Onion Router (Tor). Our analysis also includes a real-life resource abuse case found in the wild, i.e., CryptoJacking, where thousands of Web sites forced their visitors to perform crypto-currency mining without their consent. In the general case, attacks presented in this thesis share the attacker model and two key characteristics: 1) the browser's end user remains oblivious to the attack, and 2) an attacker has to invest little resources in comparison to the resources he obtains. In addition to the attack's analysis, we present how existing, and upcoming, security enforcement mechanisms from Web security can hinder an attacker and their drawbacks. Moreover, we propose a novel detection approach based on browser API usage patterns. Finally, we evaluate the accuracy of our detection model, after training it with the real-life crypto-mining scenario, through a large scale analysis of the most popular Web sites

Techno-Economic Feasibility of Web Real-Time Communications

WebRTC is an ongoing effort to build an open framework for real-time audio and video communication capabilities that turn Web browsers, and other clients supporting it, into a platform for person-to-person communication. Previously, real-time communication (RTC) has been achievable in the Web browser only by installing third party software. WebRTC brings native support for RTC to the Web browsers and exposes it freely to web developers via standardized JavaScript API. This brings RTC as a feature to the Web, which can foster further innovation. This thesis studies the techno-economic feasibility of WebRTC with the help of a framework for feasibility analysis of Internet protocols, developed by Levaä and Suomi (2013). To provide input for the framework, we conduct an interview study, as well as research of available Web resources. Further, we explore what market opportunities may arise, provided that WebRTC is successfully adopted. To do that, we use Value Network Configurations as a tool for studying and visualizing the possible relationships between market players and the roles they assume in the ecosystem. We find that WebRTC is a feasible technology in its basic, but highly relevant use case of one-to-one browser-to-browser communication. While we discover a number of unresolved challenges, we do not see any insurmountable obstacles that would prevent WebRTC adoption. WebRTC opens up opportunities for companies that would use it directly to deliver an RTC service, but also creates space for WebRTC PaaS providers in the market. Additionally, WebRTC interconnecting with legacy systems, such as PSTN or PLMN, opens up opportunity for telecom operators to explore creating new ways of communication for their customers

Liquid stream processing on the web: a JavaScript framework

The Web is rapidly becoming a mature platform to host distributed applications. Pervasive computing application running on the Web are now common in the era of the Web of Things, which has made it increasingly simple to integrate sensors and microcontrollers in our everyday life. Such devices are of great in- terest to Makers with basic Web development skills. With them, Makers are able to build small smart stream processing applications with sensors and actuators without spending a fortune and without knowing much about the technologies they use. Thanks to ongoing Web technology trends enabling real-time peer-to- peer communication between Web-enabled devices, Web browsers and server- side JavaScript runtimes, developers are able to implement pervasive Web ap- plications using a single programming language. These can take advantage of direct and continuous communication channels going beyond what was possible in the early stages of the Web to push data in real-time. Despite these recent advances, building stream processing applications on the Web of Things remains a challenging task. On the one hand, Web-enabled devices of different nature still have to communicate with different protocols. On the other hand, dealing with a dynamic, heterogeneous, and volatile environment like the Web requires developers to face issues like disconnections, unpredictable workload fluctuations, and device overload. To help developers deal with such issues, in this dissertation we present the Web Liquid Streams (WLS) framework, a novel streaming framework for JavaScript. Developers implement streaming operators written in JavaScript and may interactively and dynamically define a streaming topology. The framework takes care of deploying the user-defined operators on the available devices and connecting them using the appropriate data channel, removing the burden of dealing with different deployment environments from the developers. Changes in the semantic of the application and in its execution environment may be ap- plied at runtime without stopping the stream flow. Like a liquid adapts its shape to the one of its container, the Web Liquid Streams framework makes streaming topologies flow across multiple heterogeneous devices, enabling dynamic operator migration without disrupting the data flow. By constantly monitoring the execution of the topology with a hierarchical controller infrastructure, WLS takes care of parallelising the operator execution across multiple devices in case of bottlenecks and of recovering the execution of the streaming topology in case one or more devices disconnect, by restarting lost operators on other available devices

Machine learning for Quality of Experience in real-time applications

L'abstract è presente nell'allegato / the abstract is in the attachmen

Evolução da telefonia na web

Mestrado em Sistemas de InformaçãoCom a ameaça imposta às operadoras por aplicações OTT como WhatsApp ou Skype, diversas iniciativas coordenadas pela GSMA foram criadas para tentar responder a este fenómeno. Paralelamente, com a evolução de tecnologias como HTML5 e WebRTC, novos serviços como o Twilio têm surgido, oferecendo APIs para o desenvolvimento de novas aplicações Web. No entanto, a integração destas tecnologias em tradicionais redes de telecomunicações não faz parte das actuais especificações. Sendo assim, o objectivo desta dissertação consiste na especificação e implementação de um protótipo baseado nestas tecnologias emergentes, integrado com uma rede IMS. Primeiramente, foi feito um estudo do estado de arte, definindo requisitos e casos de uso a serem explorados. De seguida, o desenho da solução foi feito e implementado, tendo sido criado uma plataforma que alia WebRTC e a OneAPI da GSMA (que define funcionalidades básicas para operadores), oferecendo interoperabilidade entre ambos os mundos. A solução é composta por um servidor aplicacional que expõe a API e gateway WebRTC, tendo sido testada e considerada adaptada às necessidades estabelecidas.With the threat to operators by OTT applications such as Skype or WhatsApp, several initiatives coordinated by GSMA were created in an effort to respond to this phenomenon. In parallel, with the evolution of technologies such as HTML5 and WebRTC, new services such as Twilio are now available, offering APIs for web application development. However, the integration of these technologies and traditional telecommunication networks is not a part of the current standards. As such, the objective of this dissertation is the specification and implementation of a prototype based on these emerging technologies, integrated in an IMS network. First, a state-of-the-art analysis was made, defining requirements and use-cases to be explored. Secondly, the design and implementation of the solution was done, creating a platform that unites WebRTC and GSMA’s OneAPI (which exposes basic operator features), offering interoperability between both worlds. The solution is composed by an application server that exposes the API and a WebRTC gateway, having been successfully tested and adapted to the established needs

Европейский и национальный контексты в научных исследованиях

В настоящем электронном сборнике «Европейский и национальный контексты в научных исследованиях. Технология» представлены работы молодых ученых по геодезии и картографии, химической технологии и машиностроению, информационным технологиям, строительству и радиотехнике. Предназначены для работников образования, науки и производства. Будут полезны студентам, магистрантам и аспирантам университетов.=In this Electronic collected materials “National and European dimension in research. Technology” works in the fields of geodesy, chemical technology, mechanical engineering, information technology, civil engineering, and radio-engineering are presented. It is intended for trainers, researchers and professionals. It can be useful for university graduate and post-graduate students