ATTACKS AND COUNTERMEASURES FOR WEBVIEW ON MOBILE SYSTEMS

ABSTRACT All the mainstream mobile operating systems provide a web container, called ``WebView\u27\u27. This Web-based interface can be included as part of the mobile application to retrieve and display web contents from remote servers. WebView not only provides the same functionalities as web browser, more importantly, it enables rich interactions between mobile apps and webpages loaded inside WebView. Through its APIs, WebView enables the two-way interaction. However, the design of WebView changes the landscape of the Web, especially from the security perspective. This dissertation conducts a comprehensive and systematic study of WebView\u27s impact on web security, with a particular focus on identifying its fundamental causes. This dissertation discovers multiple attacks on WebView, and proposes new protection models to enhance the security of WebView. The design principles of these models are also described as well as the prototype implementation in Android platform. Evaluations are used to demonstrate the effectiveness and performance of these protection models

Analysis of Visualisation and Interaction Tools Authors

This document provides an in-depth analysis of visualization and interaction tools employed in the context of Virtual Museum. This analysis is required to identify and design the tools and the different components that will be part of the Common Implementation Framework (CIF). The CIF will be the base of the web-based services and tools to support the development of Virtual Museums with particular attention to online Virtual Museum.The main goal is to provide to the stakeholders and developers an useful platform to support and help them in the development of their projects, despite the nature of the project itself. The design of the Common Implementation Framework (CIF) is based on an analysis of the typical workflow ofthe V-MUST partners and their perceived limitations of current technologies. This document is based also on the results of the V-MUST technical questionnaire (presented in the Deliverable 4.1). Based on these two source of information, we have selected some important tools (mainly visualization tools) and services and we elaborate some first guidelines and ideas for the design and development of the CIF, that shall provide a technological foundation for the V-MUST Platform, together with the V-MUST repository/repositories and the additional services defined in the WP4. Two state of the art reports, one about user interface design and another one about visualization technologies have been also provided in this document

Management and Visualisation of Non-linear History of Polygonal 3D Models

The research presented in this thesis concerns the problems of maintenance and revision control of large-scale three dimensional (3D) models over the Internet. As the models grow in size and the authoring tools grow in complexity, standard approaches to collaborative asset development become impractical. The prevalent paradigm of sharing files on a file system poses serious risks with regards, but not limited to, ensuring consistency and concurrency of multi-user 3D editing. Although modifications might be tracked manually using naming conventions or automatically in a version control system (VCS), understanding the provenance of a large 3D dataset is hard due to revision metadata not being associated with the underlying scene structures. Some tools and protocols enable seamless synchronisation of file and directory changes in remote locations. However, the existing web-based technologies are not yet fully exploiting the modern design patters for access to and management of alternative shared resources online. Therefore, four distinct but highly interconnected conceptual tools are explored. The first is the organisation of 3D assets within recent document-oriented No Structured Query Language (NoSQL) databases. These "schemaless" databases, unlike their relational counterparts, do not represent data in rigid table structures. Instead, they rely on polymorphic documents composed of key-value pairs that are much better suited to the diverse nature of 3D assets. Hence, a domain-specific non-linear revision control system 3D Repo is built around a NoSQL database to enable asynchronous editing similar to traditional VCSs. The second concept is that of visual 3D differencing and merging. The accompanying 3D Diff tool supports interactive conflict resolution at the level of scene graph nodes that are de facto the delta changes stored in the repository. The third is the utilisation of HyperText Transfer Protocol (HTTP) for the purposes of 3D data management. The XML3DRepo daemon application exposes the contents of the repository and the version control logic in a Representational State Transfer (REST) style of architecture. At the same time, it manifests the effects of various 3D encoding strategies on the file sizes and download times in modern web browsers. The fourth and final concept is the reverse-engineering of an editing history. Even if the models are being version controlled, the extracted provenance is limited to additions, deletions and modifications. The 3D Timeline tool, therefore, implies a plausible history of common modelling operations such as duplications, transformations, etc. Given a collection of 3D models, it estimates a part-based correspondence and visualises it in a temporal flow. The prototype tools developed as part of the research were evaluated in pilot user studies that suggest they are usable by the end users and well suited to their respective tasks. Together, the results constitute a novel framework that demonstrates the feasibility of a domain-specific 3D version control

Toward Customizable Multi-tenant SaaS Applications

abstract: Nowadays, Computing is so pervasive that it has become indeed the 5th utility (after water, electricity, gas, telephony) as Leonard Kleinrock once envisioned. Evolved from utility computing, cloud computing has emerged as a computing infrastructure that enables rapid delivery of computing resources as a utility in a dynamically scalable, virtualized manner. However, the current industrial cloud computing implementations promote segregation among different cloud providers, which leads to user lockdown because of prohibitive migration cost. On the other hand, Service-Orented Computing (SOC) including service-oriented architecture (SOA) and Web Services (WS) promote standardization and openness with its enabling standards and communication protocols. This thesis proposes a Service-Oriented Cloud Computing Architecture by combining the best attributes of the two paradigms to promote an open, interoperable environment for cloud computing development. Mutil-tenancy SaaS applicantions built on top of SOCCA have more flexibility and are not locked down by a certain platform. Tenants residing on a multi-tenant application appear to be the sole owner of the application and not aware of the existence of others. A multi-tenant SaaS application accommodates each tenant’s unique requirements by allowing tenant-level customization. A complex SaaS application that supports hundreds, even thousands of tenants could have hundreds of customization points with each of them providing multiple options, and this could result in a huge number of ways to customize the application. This dissertation also proposes innovative customization approaches, which studies similar tenants’ customization choices and each individual users behaviors, then provides guided semi-automated customization process for the future tenants. A semi-automated customization process could enable tenants to quickly implement the customization that best suits their business needs.Dissertation/ThesisDoctoral Dissertation Computer Science 201

From native to cross-platform hybrid development : CodeGT, design and development of a mobile app for ERP

The current trend towards mobility of individuals, together with the exponential growth of the number of mobile devices led the market to a boom in the demand for the development of mobile applications. Moreover, with the expansion and heterogeneity of the mobile devices and platforms, software companies need to search for faster and cheaper ways to develop applications that can span as many devices as possible to capture the market. Currently, the Android and iOS Operating Systems roughly share and dominate the mobile market, with timid expressions of other competitors. Each of these mobile operating systems were developed using their own languages, strategy and SDKs for development of applications using their libraries – known as Native apps. On the other hand, the evolution of HTML5, CSS and JavaScript created generic alternatives to create mobile apps that run on devices on all operating systems, although lacking the capability to access the device’s full potential. Alongside came the new Hybrid cross-platform development frameworks, which try to take the best of both worlds. This dissertation describes the evolution of the different mobile app development approaches and the state-of-the-art in their development techniques, and compares them with the Hybrid app approach, then highlighting the trends in mobile app development using Hybrid platforms and their advantages. This research includes the development of a mobile Hybrid application, CodeGT, which interacts with an Enterprise Resource Planning (ERP) to access the Transport Documents registered in this ERP and access to the code transmitted by the Portuguese Tax Authority (AT), therefore not requiring the printing of documents and meeting a need of the business market. This application does already have customer industry companies interested in it.As tendências atuais em direção à grande mobilidade dos indivíduos, juntamente com o crescimento exponencial do número de dispositivos móveis, levaram ao enorme crescimento na procura do desenvolvimento de aplicações móveis. Além disso, com a expansão e heterogeneidade dos dispositivos e das plataformas móveis, as empresas de desenvolvimento de software necessitam de encontrar formas mais rápidas e baratas de desenvolver aplicações capazes de abranger o maior número de dispositivos para ir ao encontro da elevada procura do mercado. Atualmente, os sistemas operativos Android e iOS dividem e dominam o mercado de dispositivos móveis com expressões tímidas de outros concorrentes. Cada um desses sistemas operativos móveis foi desenvolvido especificamente para linguagens de programação e estratégias próprias e oferecem um conjunto de ferramentas de desenvolvimento com as suas bibliotecas, para a criação de aplicações nativas. Por outro lado, a evolução do HTML5, CSS e do JavaScript criaram oportunidades para o surgimento de alternativas genéricas para criação de aplicações multiplataforma que correm em todos os dispositivos e em todos os sistemas operativos, mas sem a capacidade de aceder todo o potencial nativo do dispositivo. Paralelamente surgiram as novas plataformas de desenvolvimento híbridas, que tentam tirar o melhor partido dos dois mundos. Esta dissertação descreve a evolução das diferentes abordagens no desenvolvimento de aplicações móveis mais concretamente na utilização de ferramentas multiplataformas para a criação de aplicações móveis híbridas e as suas vantagens. A pesquisa incluiu ainda o desenvolvimento de uma aplicação móvel, CodeGT, desenvolvido numa plataforma híbrida para interagir com um software ERP, acedendo aos Documentos de Transporte registados nesse ERP, assim como ao código transmitido pela Autoridade Tributária (AT), que assim dispensa a impressão de documentos e indo ao encontro de uma necessidade do mercado. Esta aplicação já tem empresas clientes interessadas nela

Proceedings of the Workshop on web applications and secure hardware (WASH 2013).

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself

Human-centred computer architecture: redesigning the mobile datastore and sharing interface

This dissertation develops a material perspective on Information & Communication Technologies and combines this perspective with a Research through Design approach to interrogate current and develop new mobile sharing interfaces and datastores. through this approach I open up a line of inquiry that connects a material perspective of information with everyday sharing and communication practices as well as with the mobile and cloud architectures that increasingly mediate such practices. With this perspective, I uncover a shifting emphasis of how data is stored on mobile devices and how this data is made available to apps through sharing interfaces that prevent apps from obtaining a proper handle of data to support fundamentally human acts of sharing such as giving. I take these insights to articulate a much wider research agenda to implicate, beyond the sharing interface, the app model and mobile datastore, data exchange protocols, and the Cloud. I formalise the approach I take to bring technically and socially complex, multi-dimensional and changing ideas into correspondence and to openly document this process. I consider the history of the File abstraction and the fundamental grammars of action this abstraction supports (e.g. move, copy, & delete) and the mediating role this abstraction – and its graphical representation – plays in binding together the concerns of system architects, programmers, and users. Finding inspiration in the 30 year history of the file, I look beyond the Desktop to contemporary realms of computing on the mobile and in the Cloud to develop implications for reinvigorated file abstractions, representations, and grammars of actions. First and foremost, these need to have a social perspective on files. To develop and hone such a social perspective, and challenge the assumption that mobile phones are telephones – implying interaction at a distance – I give an interwoven account of the theoretical and practical work I undertook to derive and design a grammar of action – showing – tailored to co-present and co-located interactions. By documenting the process of developing prototypes that explore this design space, and returning to the material perspective I developed earlier, I explore how the grammars of show and gift are incongruent with the specific ways in which information is passed through the mobile’s sharing interface. This insight led me to prototype a mobile datastore – My Stuff – and design new file abstractions that foreground the social nature of the stuff we store and share on our mobiles. I study how that stuff is handled and shared in the Cloud by developing, documenting, and interrogating a cloud service to facilitate sharing, and implement grammars of actions to support and better align with human communication and sharing acts. I conclude with an outlook on the powerful generative metaphor of casting mobile media files as digital possessions to support and develop human-centred computer architecture that give people better awareness and control over the stuff that matters to them

Building Web Based Programming Environments for Functional Programming

Functional programming offers an accessible and powerful algebraic model for computing. JavaScript is the language of the ubiquitous Web, but it does not support functional programs well due to its single-threaded, asynchronous nature and lack of rich control flow operators. The purpose of this work is to extend JavaScript to a language environment that satisfies the needs of functional programs on the Web. This extended language environment uses sophisticated control operators to provide an event-driven functional programming model that cooperates with the browser\u27s DOM, along with synchronous access to JavaScript\u27s asynchronous APIs. The results of this work are used toward two projects: (1) a programming environment called WeScheme that runs in the web browser and supports a functional programming curriculum, and (2) a tool-chain called Moby that compiles event-driven functional programs to smartphones, with access to phone-specific features

Framework for the Integration of Mobile Device Features in PLM

Currently, companies have covered their business processes with stationary workstations while mobile business applications have limited relevance. Companies can cover their overall business processes more time-efficiently and cost-effectively when they integrate mobile users in workflows using mobile device features. The objective is a framework that can be used to model and control business applications for PLM processes using mobile device features to allow a totally new user experience