This work is dedicated to analysis and comparison of the efficiency of several extensions of javascript. Analysis concentrates on the quality of delivered application performance in terms of web page update, database ...
详细信息
ISBN:
(纸本)9783319582740
This work is dedicated to analysis and comparison of the efficiency of several extensions of javascript. Analysis concentrates on the quality of delivered application performance in terms of web page update, database display refreshing, etc. The comparison is performed using three scenarios of: array data display, filling a form, and switching the views between application pages. The research addresses functionality of frameworks and libraries taken under consideration on the personal computer as well as on the mobile device. The results of comparison show, that it is difficult to find one solution, which works well in all circumstances. React, as a view of application, can be recommended for server side flow control, near the database, while Angular should be considered when a clear division into server and client side is sought.
The need for developers to be able to update mobile apps immediately on discovery of a critical is something the Apple iOS software patching system does not allow through their traditional app patching lifecycle. Two ...
详细信息
ISBN:
(纸本)9781908320803
The need for developers to be able to update mobile apps immediately on discovery of a critical is something the Apple iOS software patching system does not allow through their traditional app patching lifecycle. Two tools have been developed to solve this problem, one commercial and one opensource. Both employ javascript and dynamic code downloads and provide a method for users to receive immediate updates, but both have the potential to be abused and open the user to multiple security vulnerabilities. This paper will discuss the how tools JSPatch and Rollout. io, open-source and commercial respectively, enable quick updates but also expose users to multiple security vulnerabilities.
Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user f...
详细信息
ISBN:
(数字)9783319663999
ISBN:
(纸本)9783319663999;9783319663982
Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user fingerprints. While keystroke timing attacks are considered harmful, they typically require native code execution to exploit the side channels and, thus, may not be practical in many scenarios. In this paper, we present the first generic keystroke timing attack in sandboxed javascript, targeting arbitrary other tabs, processes and programs. This violates same-origin policy, HTTPS security model, and process isolation. Our attack is based on the interrupt-timing side channel which has previously only been exploited using native code. In contrast to previous attacks, we do not require the victim to run a malicious binary or interact with the malicious website. Instead, our attack runs in a background tab, possibly in a minimized browser window, displaying a malicious online advertisement. We show that we can observe the exact inter-keystroke timings for a user's PIN or password, infer URLs entered by the user, and distinguish different users time-sharing a computer. Our attack works on personal computers, laptops and smartphones, with different operating systems and browsers. As a solution against all known javascript timing attacks, we propose a fine-grained permission model.
javascript(1) is heavily used in the web, yet it is much slower than other languages. To improve the javascript performance, ahead-of-time compilation (AOTC) has been used, either to reuse the bytecode or the machine ...
详细信息
ISBN:
(纸本)9781450351843
javascript(1) is heavily used in the web, yet it is much slower than other languages. To improve the javascript performance, ahead-of-time compilation (AOTC) has been used, either to reuse the bytecode or the machine code generated by the baseline just-in-time compilation (JITC). javascript engines today employ high-performance optimizing JITC. So, we propose an AOTC that reuses the code generated by the optimizing JITC. It is more challenging than existing AOTCs since we need to handle more complex address relocation issues. Our preliminary evaluation shows that the proposed AOTC is promising, though.
javascript programming language has been in existence for many years already and is one of the most widely known, if not, the most used front-end programming language in web development. However, javascript is still e...
详细信息
javascript programming language has been in existence for many years already and is one of the most widely known, if not, the most used front-end programming language in web development. However, javascript is still evolving and with the emergence of javascript Frameworks (JSF), there has been a major change in how developers develop software nowadays. Developers these days often use more than one framework in order to fulfil their job which has given rise to the problem for developers when it comes to choosing the right javascript framework to develop software which is partly due to the availability of countless numbers of javascript frameworks and libraries. Moreover, the use of javascript is getting more important for web development and thus, there has been major considerations done about the performance aspect of the javascript programming language. Thus, this work investigates current research regarding the comparison of javascript frameworks through the use of computer benchmarks. A benchmark reference application that simulates user events was developed which then incorporated the implementation of an application developed in each of the javascript frameworks chosen. In addition, software complexity metrics was introduced and experiments were conducted to measure these metrics. Overall, this research hopes to achieve a level of comparison which can further garner knowledge towards comparing javascript frameworks.
暂无评论