MiniSIP as a Plug-in

Arumugam Mathivanan, Arun

January 2012

Internet telephony has rapidly becoming an integral part of life. Due to its low incremental cost and the wide availability of voice over IP (VoIP) based services these services being used by nearly everyone. Today there are many VoIP applications available in the market, but most of them lack basic security features. Because people use VoIP services via public hotspots and shared local area networks these VoIP applications are vulnerable to attacks, such as eavesdropping. Today, there is a great need for VoIP applications with high quality security. MiniSIP is an open-source VoIP application platform, initially developed at KTH. High quality security has been a major focus of MiniSIP developments by several students, including the first public implementations of the secure real-time protocol (SRTP) and the Multimedia Key Exchange (MIKEY) protocol. MiniSIP implements secure end-to-end VoIP services. In addition, MiniSIP implements features such as dynamically choosing the most appropriate CODEC during a call, implementing calling policies, etc. However, it suffers from having a complicated GUI that requires the use of many libraries, rendering it both hard to build and hard support – both of which make it unsuitable for commercial purposes. Web browser plug-ins are shared libraries that users install to extend the functionality of their browser. For example, a plug-in can be used to display content that the browser itself cannot display natively. For example, Adobe's reader plugin displays PDF files directly within the web browser. Real Network’s Streaming video player utilizes a browser plug-in to provide support for live video streaming within a web page. Adobe’s Flash player plugin is required to load or view any Flash contents – such as video or animations. The goal of this thesis project is remove the problem of the existing MiniSIP GUIs by developing a Firefox browser plug-in for the MiniSIP application that will utilize a web-browser based GUI. The prototype that will be designed, implemented, and evaluated will implement an open-source VoIP application that is easy for a Firefox browser user to install and will be easy to use via a web interface. The long term goal is to facilitate an ordinary user to utilize VoIP communication via their web browser. A secondary goal is to re-use the code within MiniSIP, while using the web-browser to provide the GUI. / Internettelefoni har snabbt blivit en integrerad del av livet. På grund av dess låga marginalkostnaden och den breda tillgången på Röst över IP (VoIP) tjänster dessa tjänster används av nästan alla. Idag finns det många VoIP-applikationer som finns på marknaden, men de flesta av dem saknar grundläggande säkerhetsfunktioner. Eftersom människor använder VoIP tjänster via offentliga hotspots och delade lokala nätverk dessa VoIP-applikationer är sårbara för attacker, såsom avlyssning. Idag finns det ett stort behov av VoIP-applikationer med hög kvalitet säkerhet. MiniSIP är ett open-source VoIP-program plattform, ursprungligen utvecklats vid KTH. Hög kvalitet säkerhet har varit ett stort fokus på MiniSIP utvecklingen genom att flera studenter, däribland de första offentliga implementeringar av den säkra realtid protokoll (SRTP) och Multimedia Key Exchange (MIKEY) protokollet. MiniSIP implementerar säker början till slut VoIP tjänster. Dessutom genomför MiniSIP funktioner som dynamiskt välja den lämpligaste CODEC under ett samtal, genomföra samtalsstrategier, osv. Men lider den från att ha en komplicerad GUI som kräver användning av många bibliotek, vilket gör det både svårt att bygga och hård stöd - som båda gör det olämpligt för kommersiella ändamål. Webbläsare plug-ins delas bibliotek som användare installerar för att utöka funktionerna i sin webbläsare. Till exempel kan en plug-in kan användas för att visa innehåll som webbläsaren inte själv kan visa inföding. Till exempel visar Adobes Reader plugin PDF-filer direkt i webbläsaren. Real Networks strömmande videospelare använder en plugin-att ge stöd för levande video strömning i en webbsida. Adobe Flash Player plugin krävs för att ladda eller visa en Flash innehåll - såsom video eller animationer. Målet med denna avhandling projektet är bort problemet med befintliga MiniSIP GUI genom att utveckla en Firefox webbläsare plug-in för att MiniSIP programmet som kommer att använda en webbläsare baserad GUI. Prototypen som kommer att utformas, genomföras och utvärderas kommer att genomföra en öppen källkod VoIP-program som är lätt för en Firefox webbläsare användaren att installera och kommer att vara lätt att använda via ett webbgränssnitt. Det långsiktiga målet är att underlätta en vanlig användare att använda VoIP-kommunikation via sin webbläsare. En sekundär målsättning är att återanvända kod i MiniSIP, medan du använder webbläsare för att ge det grafiska gränssnittet.

VoIP

MiniSIP

Firefox plugin

web-browser

VoIP

MiniSIP

Firefox plugin

webbläsare

Communication Systems

Kommunikationssystem

colorXtractor - a technical aid for people with colour blindness

Hochwarter, Stefan

January 2010

<p>The aim of this thesis is to develop an technical aid (software) to help people with colourblindness. Colour blind people have difficulties to differentiate between certain colours,so the implemented software will name a selected colour. The software is implementedas a Mozilla Firefox extension and also uses a XPCOM component. Furthermore canthe user select different colour databases and change the displaying properties.The aim of this thesis is to develop an technical aid (software) to help people with colourblindness. Colour blind people have difficulties to differentiate between certain colours,so the implemented software will name a selected colour. The software is implementedas a Mozilla Firefox extension and also uses a XPCOM component. Furthermore canthe user select different colour databases and change the displaying properties.</p>

colour blindness

Mozilla Firefox extension

Colour algorithms

CIELAB

accessibility

Securing Script-based Extensibility in Web Browsers

Djeric, Vladan

15 January 2010

Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We show that this approach is effective by testing our system against exploits in the Firefox bug database and finding that it detects the vast majority of attacks with no false alarms.

web browser

browser extensions

privilege escalation

JavaScript

Firefox

vulnerability

0984

Securing Script-based Extensibility in Web Browsers

Djeric, Vladan

15 January 2010

Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We show that this approach is effective by testing our system against exploits in the Firefox bug database and finding that it detects the vast majority of attacks with no false alarms.

web browser

browser extensions

privilege escalation

JavaScript

Firefox

vulnerability

0984

colorXtractor - a technical aid for people with colour blindness

Hochwarter, Stefan

January 2010

The aim of this thesis is to develop an technical aid (software) to help people with colourblindness. Colour blind people have difficulties to differentiate between certain colours,so the implemented software will name a selected colour. The software is implementedas a Mozilla Firefox extension and also uses a XPCOM component. Furthermore canthe user select different colour databases and change the displaying properties.The aim of this thesis is to develop an technical aid (software) to help people with colourblindness. Colour blind people have difficulties to differentiate between certain colours,so the implemented software will name a selected colour. The software is implementedas a Mozilla Firefox extension and also uses a XPCOM component. Furthermore canthe user select different colour databases and change the displaying properties.

colour blindness

Mozilla Firefox extension

Colour algorithms

CIELAB

accessibility

Webbläsartillägg för inhämtning av data

Karlsson, Albin

January 2011

Speedledger is a company that is working to automate electronic accounting for businesses, organizations and associations.In the current situation bank data is sent from the users internet bank to Speedledger via a virtual printer driver. The driver transforms the web page into a PDF and sends it to a server for interpretation.The problem is that PDF is not created for this sort of data transfer and makes the interpretation of data is very problematic. The goal of the thesis is to study whether there is a possibility to develop a browser add-on that can retrieve information on the customer's banking page and send it on to Speedledgers server for interpretation. My task was to implement a add-on for one of the three major browsers Mozilla Firefox, Google Chrome or Microsoft Internet Explorer, and then study the possibility of implementing it to the other two by reading the documentation. What I concluded was that it is possible to implement for all the three browsers. However, the techniques will differ slightly when developing these add-ons.

Mozilla

Firefox

Webbläsare

Tillägg

Plug-in

Add-on

Software Engineering

Programvaruteknik

在Web2.0之下應用協作於在地化流程-以Mozilla Firefox—MozTW在地化專案與Facebook—中文(台灣)翻譯應用程式為例

張嘉玲, Chang, Chia Ling

Unknown Date

軟體與網路服務，如社群網站（SNS）在計畫進入其他地區的市場時，「在地化」扮演著非常重要的角色，將軟體或網路服務上的字串翻譯的適切以及符合目標市場使用者，是在地化流程中十分重要的一環，因為關切著使用者是否能順利的接受這項產品。而在Web2.0的網路環境下，越來越多企業、組織思考要如何運用「互動、分享」的概念融入組織發展策略當中。 開始有企業或組織貫徹Web2.0之核心概念，將「協作」運用在「在地化流程」之中。 基於以上原因，本研究為「在Web2.0之下運用協作於在地化流程之探討」，選取個案為Mozilla Firefox—MozTW在地化專案及Facebook—中文（台灣）翻譯應用程式，從結合「協作」與「在地化」兩個概念的案例，瞭解下列三個問題： 在Web2.0下，協作概念的加入，促使在地化流程有何改變？ 在Web2.0下，應用協作概念於在地化流程中，有何互動產生？ 在Web2.0下，應用協作於在地化流程之中，產生的附加價值為何？ 研究發現顯示，在Web2.0的環境下，協作的運用使得在地化流程的四個階段產生變化，翻譯與測試階段不再只是企業、組織的內部作業，而是一般使用者都可以參與的過程。 應用「協作」概念於「在地化流程」使得參與者、社群、組織及協作工具有許多的交織互動，組織聆聽社群及參與者的聲音，參與者給予組織回饋，促使協作工具得以不斷的改良。並且，翻譯的成果，可以更貼近目標市場的使用者。 另外，由於參與者融入原本企業、組織內部的在地化活動，使得擴散得以提早發生。且協作工具應用在翻譯上，使得使用者加入開發的門檻降低，進而使參與者背景更多元，這樣的情況，也有助於擴散的發生。 從個案中也可以瞭解，參與者多為對該軟體或網路服務忠誠度高的使用者，他們希望可以藉著參與翻譯加速中文化版本的出現，使更多人可以在沒有語言隔閡之下使用該軟體或網路服務。

協作

在地化

在地化流程

Facebook

Firefox

Web2.0

HTML 5 a CSS 3 / HTML 5 and CSS 3

Valoušek, Filip

January 2010

HTML 5 and CSS 3 are basic languages, without which today exists in principle any web presentation. Currently, there are in development new versions of these languages, HTML 5 and CSS 3, which gradually begin to be implemented in new versions of most popular browsers. The objective of this thesis is to present an overview of new elements in these languages and the main differences unlike previous versions. Thesis also includes a practical demonstration, in which the new properties are presented. On this practical demonstration was also made the test of support of new elements in four different browsers and results of this test are also part of this thesis.

Characterization and optimization of JavaScript programs for mobile systems

Srikanth, Aditya

09 October 2013

JavaScript has permeated into every aspect of the web experience in today's world, making it highly crucial to process it as quickly as possible. With the proliferation of HTML5 and its associated mobile web applications, the world is slowly but surely moving into an age where majority of the webpages will involve complex computations and manipulations within the JavaScript engine. Recent techniques like Just-in-Time (JIT) compilation have become commonplace in popular browsers like Chrome and Firefox, and there is an ongoing effort to further optimize them in the context of mobile systems. In order to fully take advantage of JavaScript-heavy webpages, it is important to first characterize the interaction of these webpages (both existing pages and modern HTML5 pages) with the different components of the JavaScript engine, viz. the interpreter, the method JIT, the optimizing compiler and the garbage collector. In this thesis, the aforementioned characterization work was leveraged to identify the limits of JavaScript optimizations. Subsequently, a particular optimization, i.e. Register Allocation heuristics was explored in detail on different types of JavaScript programs. This was primarily because the majority of the time (an average of 52.81%) spent in the optimizing compiler is for the register allocation stage alone. By varying the heuristics for register assignment, interval priority and spill selection, a clear idea is obtained about how it impacts certain types of programs more than others. This thesis also gives a preliminary insight into JavaScript applications and benchmarks, showing that these applications tend to be register-intensive, with large live intervals and sparse uses, and sensitive to array and string manipulations. A statically-selected optimal register allocation scheme outperforms the default register allocation scheme resulting in 9.1% performance improvement and 11.23% reduction in execution time on a representative mobile system. / text

JavaScript

Mobile systems

Workload characterization

Compiler optimizations

Register allocation

Firefox

SpiderMonkey

Mitteilungen des URZ 3/2008

Clauß, Matthias, Riedel, Wolfgang, Heide, Gerd, Trapp, Holger, Riedel, Ursula

03 September 2008

Informationen des Universitätsrechenzentrums

AFS

DACS

Firefox

Server Hosting

VPSH

Kurse

Weiterbildung

ddc:004

Computer

Software