research-article

Flashproxy: transparently enabling rich web content via remote execution

Authors:

Steven D. Gribble,

Henry M. LevyAuthors Info & Claims

MobiSys '08: Proceedings of the 6th international conference on Mobile systems, applications, and services

Pages 81 - 93

https://doi.org/10.1145/1378600.1378611

Published: 17 June 2008 Publication History

Abstract

It is now common for Web sites to use active Web content, such as Flash, Silverlight, or Java applets, to support rich, interactive applications. For many mobile devices, however, supporting active content is problematic. First, the physical resource requirements of the browser plug-ins that execute active content may exceed the capabilities of the device. Second, plug-ins are simply not available for many devices. Finally, active code and the plug-ins that execute it often contain security flaws, potentially exposing a user's device or private data to harm.

This paper explores a proxy-based approach for transparently supporting active Web content on mobile devices. Our approach uses a proxy to splice active content out of Web pages and replace it with an AJAX-based remote display component. The spliced active content executes within a remote sandbox on the proxy, but it appears embedded in the Web page on the mobile device's browser.

To demonstrate the viability of this approach, we have designed, implemented, and evaluated Flashproxy. By using Flashproxy, any mobile Web browser that supports JavaScript transparently inherits the ability to access sites that contain Flash programs. The major challenge in Flashproxy is in trapping and handling interactions between the Flash program and its execution environment, including browser interactions. Flashproxy uses binary rewriting of Flash bytecode to interpose on such interactions, redirecting them through a JavaScript-based RPC layer to the user's browser. Our evaluation of Flashproxy shows that it is transparent, performant, and compatible with nearly all Flash programs that we examined.

References

[1]

ADAMS, K., AND AGESEN, O. A comparison of software and hardware techniques for x86 virtualization. In Proceedings of the Twelfth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XII) (Seattle, WA, March 2006).

Digital Library

[2]

BICKMORE, T. W., AND SCHILIT, B. N. Digestor: Device-independent access to the world wide web. In Proceedings of Sixth International World Wide Web Conference (WWW 1997) (Santa Clara, CA, April 1997).

Digital Library

[3]

BROOKS, C., MAZER, M. S., MEEKS, S., AND MILLER, J. Application-specific proxy servers as HTTP stream transducers. In Proceedings of the Fourth International World Wide Web Conference (WWW 1995) (Boston, MA, December 1995).

[4]

CHAWATHE, Y., MCCANNE, S., AND BREWER, E. RMX: Reliable multicast in heterogeneous environments. In Proceedings of IEEE INFOCOM 2000 (Tel-Aviv, Israel, March 2000).

[5]

COHEN, G. A., CHASE, J. S., AND KAMINSKY, D. L. Automatic program transformation with JOIE. In Proceedings of the 1998 USENIX Annual Technical Symposium (New Orleans, LA, June 1998).

Digital Library

[6]

DE LARA, E., KUMAR, R., WALLACH, D. S., AND ZWAENEPOEL, W. Collaboration and multimedia authoring on mobile devices. In Proceedings of the First International Conference on Mobile Systems, Applications, and Services (MobiSys 2003) (San Francisco, CA, May 2003).

Digital Library

[7]

DE LARA, E., WALLACH, D. S., AND ZWAENEPOEL, W. Puppeteer: Component-based adaptation for mobile computing. In Proceedings of the 3rd USENIX Symposium on Internet Technologies and Systems (USITS '01) (San Francisco, CA, March 2001).

Digital Library

[8]

EVANS, D., AND TWYMAN, A. Flexible policy-directed code safety. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (Oakland, CA, May 1999).

[9]

FOX, A., AND BREWER, E. A. Reducing WWW latency and bandwidth requirements by real-time distillation. In Proceedings of the Fifth International World Wide Web Conference (WWW 1996) (Paris, France, May 1996).

Digital Library

[10]

FOX, A., GOLDBERG, I., GRIBBLE, S. D., AND LEE, D. C. Experience with Top Gun Wingman: A proxy-based graphical web browser for the 3Com PalmPilot. In Proceedings of the Middleware '98 (Lake District, England, September 1998).

Digital Library

[11]

FULTON, J., AND KANTARJIEV, C. K. An update on low bandwidth X (LBX). The X Resource, 5 (1993), 251--266.

Digital Library

[12]

GARRETT, J. J. Ajax: A new approach to Web applications. http://www.adaptivepath.com/publications/essays/archives/000385.php, February 2005.

[13]

HAYDEN, D. OBFU: A Flash Actionscript obfuscator. http://www.opaque.net/~dave/obfu/, 2001.

[14]

HAYDEN, D., MORTON, D., KOGAN, I., AND ZHEN, W. The Flasm command line assembler/disassembler of flash actionscript bytecode. http://www.nowrap.de/flasm, 2007.

[15]

INTERNET ARCHIVE. The Heritrix Web crawler project. http://crawler.archive.org/.

[16]

JSON. http://www.json.org/.

[17]

KIM, J., BARATTO, R. A., AND NIEH, J. pTHINC: A thin client architecture for mobile wireless web. In Proceedings of the Fifteenth International World Wide Web Conference (WWW 2006) (Edinburgh, Scotland, May 2006).

Digital Library

[18]

LEE, H. B., AND ZORN, B. G. BIT: A tool for instrumenting Java bytecodes. In Proceedings of the USENIX Symposium on Internet Technologies and Systems (USITS '97) (Monterey, CA, December 1997).

Digital Library

[19]

LINN, C., AND DEBRAY, S. Obfuscation of executable code to improve resistance to static disassembly. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003) (Washington, DC, October 2003).

Digital Library

[20]

MATHERS, T. W., AND GENOWAY, S. P. Windows NT Thin Client Solutions: Implementing Terminal Server and Citrix MetaFrame. Macmillan Technical Publishing, Indianapolis, IN, November 1998.

Digital Library

[21]

REIS, C., DUNAGAN, J., WANG, H. J., DUBROVSKY, O., AND ESMEIR, S. BrowserShield: Vulnerability-driven filtering of dynamic HTML. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI '06) (Seattle, WA, November 2006).

Digital Library

[22]

RICHARDSON, T., STAFFORD-FRASER, Q., WOOD, K. R., AND HOPPER, A. Virtual network computing. IEEE Internet Computing 2, 1 (1998), 33--38.

Digital Library

[23]

SCHEIFLER, R. W., AND GETTYS, J. The X window system. ACM Transactions on Graphics (TOG) 5, 2 (April 1986), 79--109.

Digital Library

[24]

SCHMIDT, B. K., LAM, M. S., AND NORTHCUTT, J. D. The interactive performance of SLIM: a stateless, thin-client architecture. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP '99) (Kiawah Island Resort, SC, December 1999).

Digital Library

[25]

SECUNIA. Macromedia Flash ActiveX denial of service. http://secunia.com/advisories/7545/, November 2002.

[26]

SECUNIA. Adobe Flash Player multiple vulnerabilities. http://secunia.com/advisories/26027/, July 2007.

[27]

SIRER, E. G., GRIMM, R., GREGORY, A. J., AND BERSHAD, B. N. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP '99) (Kiawah Island Resort, SC, December 1999).

Digital Library

[28]

SITES, R. L., CHERNOFF, A., KIRK, M. B., MARKS, M. P., AND ROBINSON, S. G. Binary translation. Communications of the ACM 36, 2 (February 1993).

Digital Library

[29]

SONG, Y., AND FLEISCH, B. D. Rico: A security proxy for mobile code. Journal of Computers and Security 23, 4 (2004), 338--351.

[30]

SONG, Y., AND FLEISCH, B. D. Utilizing binary rewriting for improving end-host security. IEEE Transactions on Parallel and Distributed Systems 18, 12 (December 2007), 1687--1699.

Digital Library

[31]

SONG, Y., XU, Y., AND FLEISCH, B. D. Design and performance evaluation of a proxy-based Java rewriting security system. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems, (ICDCS 26) (Lisboa, Portugal, July 2006).

Digital Library

[32]

VAN PUT, L., CHANET, D., DE BUS, B., DE SUTTER, B., AND DE BOSSCHERE, K. DIABLO: a reliable, retargetable and extensible link-time rewriting framework. In Proceedings of the 2005 IEEE International Symposium On Signal Processing And Information Technology (Athens, Greece, December 2005).

[33]

WAHBE, R., LUCCO, S., ANDERSON, T. E., AND GRAHAM, S. L. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review 27, 5 (December 1993), 203--216.

Digital Library

[34]

ZENEL, B., AND DUCHAMP, D. A general purpose proxy filtering mechanism applied to the mobile environment. In Proceedings of the 3rd Annual ACM/IEEE International Conference on Mobile Computing and Networking (Mobicom '97) (Budapest, Hungary, September 1997).

Digital Library

Cited By

Chen YZhang YZou JTan ZHuang YHu N(2022)Stealth: A Heterogeneous Covert Access Channel for Mix-net2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00023(118-125)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00023
Moravapalle USivakumar RKim MBalasubramanian A(2018)Just Do ItProceedings of the 19th International Workshop on Mobile Computing Systems & Applications10.1145/3177102.3177117(69-74)Online publication date: 12-Feb-2018
https://dl.acm.org/doi/10.1145/3177102.3177117
Ansari NHan T(2017)ReferencesGreen Mobile Networks10.1002/9781119125099.refs(279-297)Online publication date: 25-Mar-2017
https://doi.org/10.1002/9781119125099.refs
Show More Cited By

Index Terms

Flashproxy: transparently enabling rich web content via remote execution
1. Information systems

Recommendations

TwoB: a two-tier web browser architecture optimized for mobile network
MoMM '12: Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia

The connection establishment phase including DNS lookups and TCP handshakes takes significantly long time during web browsing through mobile network. In this paper, we propose a novel web browser architecture that aims at improving mobile web browsing ...
Design, Implementation and Evaluation of a Real-Time Active Content Distribution Service

The phenomenal growth of the world-wide web has made it the most popular Internet application today. Web caching and content distribution services have been recognized as valuable techniques to mitigate the explosion of web traffic. An increasing ...
A Performance Comparative on Most Popular Internet Web Browsers
Abstract
Our reliance on the internet increases daily as it depends on the number of services implemented on the internet. With the growth of internet usage dramatically increasing, more users feel the need to explore and utilize it to the fullest. The ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '08: Proceedings of the 6th international conference on Mobile systems, applications, and services

June 2008

304 pages

ISBN:9781605581392

DOI:10.1145/1378600

General Chairs:
Dirk Grunwald
University of Colorado, USA
,
Richard Han
University of Colorado, USA
,
Program Chairs:
Eyal de Lara
University of Toronto, Canada
,
Carla Ellis
Duke University, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 June 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

Mobisys08

Sponsor:

Mobisys08: The 6th International Conference on Mobile Systems, Applications, and Services

June 17 - 20, 2008

CO, Breckenridge, USA

Acceptance Rates

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
758
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen YZhang YZou JTan ZHuang YHu N(2022)Stealth: A Heterogeneous Covert Access Channel for Mix-net2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00023(118-125)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00023
Moravapalle USivakumar RKim MBalasubramanian A(2018)Just Do ItProceedings of the 19th International Workshop on Mobile Computing Systems & Applications10.1145/3177102.3177117(69-74)Online publication date: 12-Feb-2018
https://dl.acm.org/doi/10.1145/3177102.3177117
Ansari NHan T(2017)ReferencesGreen Mobile Networks10.1002/9781119125099.refs(279-297)Online publication date: 25-Mar-2017
https://doi.org/10.1002/9781119125099.refs
Tao Han Ansari NMingquan Wu Yu H(2013)On Accelerating Content Delivery in Mobile NetworksIEEE Communications Surveys & Tutorials10.1109/SURV.2012.100412.0009415:3(1314-1333)Online publication date: Nov-2014
https://doi.org/10.1109/SURV.2012.100412.00094
Xu LLi LNagarajan VHuang DTsai W(2013)Secure Web Referral Services for Mobile Cloud ComputingProceedings of the 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering10.1109/SOSE.2013.94(584-593)Online publication date: 25-Mar-2013
https://dl.acm.org/doi/10.1109/SOSE.2013.94
Liu JChen JWu YWang P(2013)AASMP -- Android Application Server for Mobile PlatformsProceedings of the 2013 IEEE 16th International Conference on Computational Science and Engineering10.1109/CSE.2013.100(643-650)Online publication date: 3-Dec-2013
https://dl.acm.org/doi/10.1109/CSE.2013.100
Koehl AWang H(2012)m.SiteProceedings of the 13th International Middleware Conference10.5555/2442626.2442630(41-60)Online publication date: 3-Dec-2012
https://dl.acm.org/doi/10.5555/2442626.2442630
Liu JChen JTsai YTai YShih C(2012)Supporting Audio Streaming in Application Cloud for Embedded SystemsProceedings of the 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems10.1109/HPCC.2012.271(1800-1805)Online publication date: 25-Jun-2012
https://dl.acm.org/doi/10.1109/HPCC.2012.271
Koehl AWang H(2012)m.Site: Efficient Content Adaptation for Mobile DevicesMiddleware 201210.1007/978-3-642-35170-9_3(41-60)Online publication date: 2012
https://doi.org/10.1007/978-3-642-35170-9_3
Zhang XJeon WGibbs SKunjithapatham A(2012)Elastic HTML5: Workload Offloading Using Cloud-Based Web Workers and Storages for Mobile DevicesMobile Computing, Applications, and Services10.1007/978-3-642-29336-8_26(373-381)Online publication date: 2012
https://doi.org/10.1007/978-3-642-29336-8_26
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents