Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis

Adam Rapley; Xavier Bellekens; Lynsay Shepherd; Colin McLean

doi:10.3390/informatics5040046

Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis

Informatics ◽

10.3390/informatics5040046 ◽

2018 ◽

Vol 5 (4) ◽

pp. 46

Author(s):

Adam Rapley ◽

Xavier Bellekens ◽

Lynsay Shepherd ◽

Colin McLean

Keyword(s):

Scoring System ◽

Source Code ◽

Cutting Edge ◽

Application Framework ◽

Concerted Effort ◽

Server Side ◽

Powerful System ◽

Cross Platform ◽

Client Side ◽

Programming Interface

Writing desktop applications in JavaScript offers developers the opportunity to create cross-platform applications with cutting-edge capabilities. However, in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime—an increasingly popular server-side technology. By bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. This paper also exposes fifteen highly popular Electron applications and demonstrates that two-thirds of applications were found to be using known vulnerable elements with high CVSS (Common Vulnerability Scoring System) scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

Download Full-text

Contemporary Technologies and Methods for Cross-Platform Application Development

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2019.8261 ◽

2019 ◽

Vol 16 (9) ◽

pp. 3854-3859

Author(s):

Keith Vassallo ◽

Lalit Garg ◽

Vijay Prakash ◽

K. Ramesh

Keyword(s):

Operating Systems ◽

Review Process ◽

Smart Phones ◽

Application Development ◽

Web Based ◽

Research Issues ◽

Server Side ◽

Cross Platform ◽

Development Approach ◽

Client Side

This paper reviews the existing technologies for the development of cross-platform applications. Both Server-side as well as client-side applications for web, desktop and mobile devices are considered which mainly consists of smart phones and tablets. Further, based on the review process and research issues a web-based development approach is recommended for the development of truly cross-platform applications across devices and operating systems.

Download Full-text

DYNAMIC REST SERVICES ORCHESTRATION USING THE KNOWLEDGE BASE

Visnyk Universytetu “Ukraina” ◽

10.36994/2707-4110-2019-1-22-26 ◽

2019 ◽

Author(s):

Kostyantyn Kharchenko

Keyword(s):

Knowledge Base ◽

Service Oriented Architecture ◽

Main Idea ◽

The Real ◽

Server Side ◽

Service Oriented ◽

Services Orchestration ◽

Client Side ◽

Abstract Operation ◽

Microservice Architecture

The approach to organizing the automated calculations’ execution process using the web services (in particular, REST-services) is reviewed. The given solution will simplify the procedure of introduction of the new functionality in applied systems built according to the service-oriented architecture and microservice architecture principles. The main idea of the proposed solution is in maximum division of the server-side logic development and the client-side logic, when clients are used to set the abstract computation goals without any dependencies to existing applied services. It is proposed to rely on the centralized scheme to organize the computations (named as orchestration) and to put to the knowledge base the set of rules used to build (in multiple steps) the concrete computational scenario from the abstract goal. It is proposed to include the computing task’s execution subsystem to the software architecture of the applied system. This subsystem is composed of the service which is processing the incoming requests for execution, the service registry and the orchestration service. The clients send requests to the execution subsystem without any references to the real-world services to be called. The service registry searches the knowledge base for the corresponding input request template, then the abstract operation description search for the request template is performed. Each abstract operation may already have its implementation in the form of workflow composed of invocations of the real applied services’ operations. In case of absence of the corresponding workflow in the database, this workflow implementation could be synthesized dynamically according to the input and output data and the functionality description of the abstract operation and registered applied services. The workflows are executed by the orchestrator service. Thus, adding some new functions to the client side can be possible without any changes at the server side. And vice versa, adding new services can impact the execution of the calculations without updating the clients.

Download Full-text

Optimized watershed delineation library for server-side and client-side web applications

Open Geospatial Data Software and Standards ◽

10.1186/s40965-019-0068-9 ◽

2019 ◽

Vol 4 (1) ◽

Cited By ~ 3

Author(s):

Muhammed Sit ◽

Yusuf Sermet ◽

Ibrahim Demir

Keyword(s):

Web Applications ◽

Server Side ◽

Watershed Delineation ◽

Client Side

Download Full-text

CADDAC: Multi-Client Collaborative Shape Design System with Server-based Geometry Kernel

Journal of Computing and Information Science in Engineering ◽

10.1115/1.1582882 ◽

2003 ◽

Vol 3 (2) ◽

pp. 170-173 ◽

Cited By ~ 21

Author(s):

Karthik Ramani, ◽

Abhishek Agrawal, and ◽

Mahendra Babu ◽

Christoph Hoffmann

Keyword(s):

Global Economy ◽

Design System ◽

Shape Design ◽

Server Side ◽

Collaborative Product Design ◽

Flexible Architecture ◽

Computationally Intensive ◽

New Feature ◽

Rendering Pipeline ◽

Client Side

New and efficient paradigms for web-based collaborative product design in a global economy will be driven by increased outsourcing, increased competition, and pressures to reduce product development time. We have developed a three-tier (client-server-database) architecture based collaborative shape design system, Computer Aided Distributed Design and Collaboration (CADDAC). CADDAC has a centralized geometry kernel and constraint solver. The server-side provides support for solid modeling, constraint solving operations, data management, and synchronization of clients. The client-side performs real-time creation, modification, and deletion of geometry over the network. In order to keep the clients thin, many computationally intensive operations are performed at the server. Only the graphics rendering pipeline operations are performed at the client-side. A key contribution of this work is a flexible architecture that decouples Application Data (Model), Controllers, Viewers, and Collaboration. This decoupling allows new feature development to be modular and easy to develop and manage.

Download Full-text

The Framework Design of E-Box Multimedia System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.739.628 ◽

2013 ◽

Vol 739 ◽

pp. 628-631

Author(s):

Xiao Meng Chen ◽

Wei Chang Feng

Keyword(s):

Remote Control ◽

Multimedia System ◽

The Internet ◽

Tv Viewing ◽

Server Side ◽

Framework Design ◽

E Box ◽

Video And Audio ◽

The Rich ◽

Client Side

E-Box multimedia system is developed for the rich audio and video resource on the Internet and on its server side, it can automatically search and integration of network video and audio resources, and send to the client side for the user in real-time broadcast TV viewing, full use of remote control operation, Simply its a very easy to use multimedia system. This article introduces its infrastructure, main technical ideas and you can also see some details about server side and client side.

Download Full-text

A Home Multimedia Control Centers of Improved Design

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.338.796 ◽

2011 ◽

Vol 338 ◽

pp. 796-799

Author(s):

Wei Chang Feng

Keyword(s):

Remote Control ◽

Real Time ◽

Multimedia System ◽

The Internet ◽

Tv Viewing ◽

Server Side ◽

Video And Audio ◽

The Rich ◽

Improved Design ◽

Client Side

E-Yuan multimedia system is developed for the rich audio and video resource on the Internet and on its server side, it can automatically search and integration of network video and audio resources, and send to the client side for the user in real-time broadcast TV viewing, full use of remote control operation, Simply it’s a very easy to use multimedia system. This article introduces its infrastructure, main technical ideas and you can also see some details about server side and client side. At the same time, the improvement on how to collect and integrate video resources is comprehensively elaborated.

Download Full-text

Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.1.9473 ◽

2017 ◽

Vol 7 (1.1) ◽

pp. 230

Author(s):

C. Vasan Sai Krishna ◽

Y. Bhuvana ◽

P. Pavan Kumar ◽

R. Murugan

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attack ◽

Computing Power ◽

Server Side ◽

Ddos Attack ◽

Client Machine ◽

Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

Download Full-text

Implementasi Compatibility Layer Pada Jaringan Server Diskless Berbasis Lubuntu 18.04 LTS

Elkom : Jurnal Elektronika dan Komputer ◽

10.51903/elkom.v13i2.207 ◽

2020 ◽

Vol 13 (2) ◽

pp. 1-9

Author(s):

Farid Jatri Abiyyu ◽

Ibnu Ziad ◽

Ade Silvia Handayani

Keyword(s):

Open Source ◽

Packet Loss ◽

Computer Network ◽

Source Code ◽

Thin Client ◽

Cross Platform ◽

Good For ◽

Secure Shell ◽

Cluster Computer

Diskless server is a cluster computer network which uses SSH (Secure Shell) protocol to grant the client an access to the host's directory and modify it's content so that the client don't need a hardisk (Thin Client). One way to design a diskless server is by utilizing "Linux Terminal Server Project", an open source-based script for Linux. However, using Linux has it own drawback, such as it can't cross platform for running an aplication based on Windows system which are commonly used. This drawback can be overcomed by using a compatibility layer that converts a windows-based application's source code. The data which will be monitored is the compatibility layer implementation's result, and the throughput, packet loss, delay, and jitter. The result of measurement from those four parameters resulting in "Excellent" for throughput, "Perfect" for packet loss and delay, and "Good" for jitter.

Download Full-text

On distributed concern delivery in user interface design

Computer Science and Information Systems ◽

10.2298/csis141202021c ◽

2015 ◽

Vol 12 (2) ◽

pp. 655-681 ◽

Cited By ~ 14

Author(s):

Tomas Cerny ◽

Miroslav Macik ◽

Michael Donahoo ◽

Jan Janousek

Keyword(s):

User Interface ◽

Interface Design ◽

Web Application ◽

Significant Information ◽

Server Side ◽

Ui Design ◽

Potential Benefits ◽

And Performance ◽

Client Side

Increasing demands on user interface (UI) usability, adaptability, and dynamic behavior drives ever-growing development and maintenance complexity. Traditional UI design techniques result in complex descriptions for data presentations with significant information restatement. In addition, multiple concerns in UI development leads to descriptions that exhibit concern tangling, which results in high fragment replication. Concern-separating approaches address these issues; however, they fail to maintain the separation of concerns for execution tasks like rendering or UI delivery to clients. During the rendering process at the server side, the separation collapses into entangled concerns that are provided to clients. Such client-side entanglement may seem inconsequential since the clients are simply displaying what is sent to them; however, such entanglement compromises client performance as it results in problems such as replication, fragment granularity ill-suited for effective caching, etc. This paper considers advantages brought by concern-separation from both perspectives. It proposes extension to the aspect-oriented UI design with distributed concern delivery (DCD) for client-server applications. Such an extension lessens the serverside involvement in UI assembly and reduces the fragment replication in provided UI descriptions. The server provides clients with individual UI concerns, and they become partially responsible for the UI assembly. This change increases client-side concern reuse and extends caching opportunities, reducing the volume of transmitted information between client and server to improve UI responsiveness and performance. The underlying aspect-oriented UI design automates the server-side derivation of concerns related to data presentations adapted to runtime context, security, conditions, etc. Evaluation of the approach is considered in a case study applying DCD to an existing, production web application. Our results demonstrate decreased volumes of UI descriptions assembled by the server-side and extended client-side caching abilities, reducing required data/fragment transmission, which improves UI responsiveness. Furthermore, we evaluate the potential benefits of DCD integration implications in selected UI frameworks.

Download Full-text

From cutting edge to guideline: A first step in harmonization of the zebrafish embryotoxicity test (ZET) by describing the most optimal test conditions and morphology scoring system

Reproductive Toxicology ◽

10.1016/j.reprotox.2015.06.050 ◽

2015 ◽

Vol 56 ◽

pp. 64-76 ◽

Cited By ~ 40

Author(s):

Manon Beekhuijzen ◽

Coco de Koning ◽

Maria-Eugenia Flores-Guillén ◽

Selinda de Vries-Buitenweg ◽

Marysia Tobor-Kaplon ◽

...

Keyword(s):

Scoring System ◽

Cutting Edge ◽

Optimal Test ◽

Test Conditions

Download Full-text