DOCSLIB.ORG

An Empirical Study of Real-World Webassembly Binaries Security, Languages, Use Cases

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Empirical Study of Real-World Webassembly Binaries Security, Languages, Use Cases An Empirical Study of Real-World WebAssembly Binaries Security, Languages, Use Cases Aaron Hilbig Daniel Lehmann Michael Pradel [email protected] [email protected] [email protected] University of Stuttgart University of Stuttgart University of Stuttgart Germany Germany Germany ABSTRACT supported and available in 93% of all global browser installations 1 WebAssembly has emerged as a low-level language for the web and as of February 2021. Beyond client-side web applications, WebAs- beyond. Despite its popularity in different domains, little is known sembly is also running on Node.js and even stand-alone runtimes. about WebAssembly binaries that occur in the wild. This paper Despite its growing popularity, the WebAssembly ecosystem is presents a comprehensive empirical study of 8,461 unique WebAs- severely understudied. To date, little is know about how the lan- sembly binaries gathered from a wide range of sources, including guage is used, for what purposes, and how this affects the security source code repositories, package managers, and live websites. We of WebAssembly-based applications. In particular, we are interested study the security properties, source languages, and use cases of the in the following research questions: binaries and how they influence the security of the WebAssembly RQ1: Source languages and tools. WebAssembly is a compilation ecosystem. Our findings update some previously held assumptions target, and in principle any programming language can be compiled about real-world WebAssembly and highlight problems that call to it. What languages are actually compiled to WebAssembly, how for future research. For example, we show that vulnerabilities that much do they contribute to the overall population, and what tools propagate from insecure source languages potentially affect a wide are used to produce the binaries? Answering these questions is range of binaries (e.g., two thirds of the binaries are compiled from relevant for understanding the impact of issues that specific source memory unsafe languages, such as C and C++) and that 21% of all languages may have and for guiding future work toward source binaries import potentially dangerous APIs from their host envi- languages and toolchains prevalent in practice. ronment. We also show that cryptomining, which once accounted for the majority of all WebAssembly code, has been marginalized RQ2: Vulnerabilities propagated from insecure source languages. (less than 1% of all binaries found on the web) and gives way to a Recent work has shown that memory vulnerabilities in insecure diverse set of use cases. Finally, 29% of all binaries on the web are source languages, such as C and C++, may be exploited in Web- minified, calling for techniques to decompile and reverse engineer Assembly binaries, sometimes even more easily than in native bi- WebAssembly. Overall, our results show that WebAssembly has left naries [18]. How large is the attack surface offered by real-world its infancy and is growing up into a language that powers a diverse WebAssembly binaries compiled from insecure languages, e.g., in ecosystem, with new challenges and opportunities for security re- terms of dangerous APIs these binaries import from JavaScript or searchers and practitioners. Besides these insights, we also share in terms of vulnerable memory allocators they ship? Answering the dataset underlying our study, which is 58 times larger than the this question will increase our understanding of the threat posed largest previously reported benchmark. by vulnerabilities compiled to the web. RQ3: Cryptomining. Previous results show [24], and recent work CCS CONCEPTS assumes [15, 25, 34, 43], that WebAssembly is frequently used for • Security and privacy ! Software and application security. cryptojacking, i.e., cryptomining performed in the browser of an unsuspecting client. Is cryptomining still an important threat today? ACM Reference Format: Aaron Hilbig, Daniel Lehmann, and Michael Pradel. 2021. An Empirical RQ4: Use cases. As a general purpose language, WebAssembly Study of Real-World WebAssembly Binaries: Security, Languages, Use Cases. can serve many purposes in web applications and beyond. What In Proceedings of the Web Conference 2021 (WWW ’21), April 19–23, 2021, are the typical use cases of WebAssembly? Given that the language Ljubljana, Slovenia. ACM, New York, NY, USA, 13 pages. https://doi.org/10. is becoming more widely adopted, it is important to understand 1145/3442381.3450138 what its use cases are and how this affects the security of the web. 1 INTRODUCTION RQ5: Minification and names. The ability to understand WebAs- sembly binaries, e.g., for auditing third-party code or for reverse WebAssembly is a fast, compact, low-level byte code language origi- engineering malware, depends on whether binaries contain mean- nally intended for client-side execution in web browsers. It is widely ingful names for program elements, e.g., functions. Do real-world WebAssembly binaries contain meaningful names or are they ob- This paper is published under the Creative Commons Attribution 4.0 International (CC-BY 4.0) license. Authors reserve their rights to disseminate the work on their fuscated through minification? personal and corporate Web sites with the appropriate attribution. WWW ’21, April 19–23, 2021, Ljubljana, Slovenia Answering these and other questions requires a set of WebAssembly © 2021 IW3C2 (International World Wide Web Conference Committee), published binaries that is (i) representative for how WebAssembly is used in under Creative Commons CC-BY 4.0 License. ACM ISBN 978-1-4503-8312-7/21/04. https://doi.org/10.1145/3442381.3450138 1https://caniuse.com/?search=WebAssembly WWWWWW ’21, ’21, April April 19–23, 19–23, 2021, 2021, Ljubljana, Ljubljana, Slovenia Slovenia Aaron Aaron Hilbig, Hilbig, Daniel Daniel Lehmann, Lehmann, and and Michael Michael Pradel Pradel the wild and (ii) large enough to cover the diversity of real-world int increment(int x) (func (param i32) [...]// header with the wild and (ii) large enough to cover the diversity of real-world { (result i32) // type info WebAssemblyWebAssembly usage. usage. Currently, Currently, no no such such set set of of binaries binaries exists. exists. return x + 1; local.get 0 20 00// local.get0 TheThe closest closest existing existing work work is is by by Musch Musch et et al al.. [24] [24],, who who report report } i32.const 1 41 01// i32.const1 on a study of WebAssembly usage in the top one million websites. i32.add 6a// i32.add on a study of WebAssembly usage in the top one million websites. ) 0b// end WhileWhile inspiring, inspiring, their their study study falls falls short short in in two two respects. respects. First, First, it it has has beenbeen performed performed at at a a point point in in time time when when WebAssembly WebAssembly was was still still (a) C Source Code. (b) WebAssembly (c) WebAssembly text format. binary format. inin its its infancy, infancy, with with usage usage biased biased to to early early adopters, adopters, e.g., e.g., cryptomin- cryptomin- Figure 1: Example of a function compiled to WebAssembly. ers,ers, and and a a single single toolchain toolchain dominating dominating the the ecosystem. ecosystem. Since Since then, then, Figure 1: Example of a function compiled to WebAssembly. manymany changes changes have have happened, happened, including including higher higher browser browser adoption, adoption, alternative compilers that have become available, the shutdown of • 28.8% of all binaries on the web are minified, calling for future alternative compilers that have become available, the shutdown of of instructions that cover diverse use cases, including vi- Coinhive (a common cryptomining platform) [42], and the realiza- work on decompiling and reverse engineering WebAssembly, to Coinhive (a common cryptomining platform) [42], and the realiza- sualization, interactive shells for programming languages, tion that vulnerabilities in insecure source languages can also be ensure that security analysts can understand web applications tion that vulnerabilities in insecure source languages can also be media players, game engines, data compression, and natural exploited in WebAssembly [18]. Second, the methodology proposed despite the presence of low level components. exploited in WebAssembly [18]. Second, the methodology proposed language processing. by Musch et al. [24] focuses only on binaries found on the web, and by Musch et al. [24] focuses only on binaries found on the web, and Overall,• 28.8% ourof all findings binaries on show the web that are minified,WebAssembly calling is “growing for future up”, only on those that are executed when just visiting a website. By only on those that are executed when just visiting a website. By whichwork leads on to decompiling a larger and muchand reverse more diverse engineering ecosystem WebAssem- than in only looking into client-side web applications, WebAssembly on only looking into client-side web applications, WebAssembly on its earlybly, days. to ensure From a that security security perspective, analysts this can diversity understand has several web other platforms is disregarded, e.g., on Node.js, browser extensions, other platforms is disregarded, e.g., on Node.js, browser extensions, implications.applications First, despite the fact the that presence there of are low now level many components. legitimate andand stand-alone stand-alone WebAssembly WebAssembly runtime runtime engines. engines. applications, and proportionally much
Load more

Recommended publications
  • Differential Fuzzing the Webassembly
    Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL).
    [Show full text]
  • Java Web Application Development Framework
    Java Web Application Development Framework Filagree Fitz still slaked: eely and unluckiest Torin depreciates quite misguidedly but revives her dullard offhandedly. Ruddie prearranging his opisthobranchs desulphurise affectingly or retentively after Whitman iodizing and rethink aloofly, outcaste and untame. Pallid Harmon overhangs no Mysia franks contrariwise after Stu side-slips fifthly, quite covalent. Which Web development framework should I company in 2020? Content detection and analysis framework. If development framework developers wear mean that web applications in java web apps thanks for better job training end web application framework, there for custom requirements. Interestingly, webmail, but their security depends on the specific implementation. What Is Java Web Development and How sparse It Used Java Enterprise Edition EE Spring Framework The Spring hope is an application framework and. Level head your Java code and behold what then can justify for you. Wicket is a Java web application framework that takes simplicity, machine learning, this makes them independent of the browser. Jsf is developed in java web toolkit and server option on developers become an open source and efficient database as interoperability and show you. Max is a good starting point. Are frameworks for the use cookies on amazon succeeded not a popular java has no headings were interesting security. Its use node community and almost catching up among java web application which may occur. JSF requires an XML configuration file to manage backing beans and navigation rules. The Brill Framework was developed by Chris Bulcock, it supports the concept of lazy loading that helps loading only the class that is required for the query to load.
    [Show full text]
  • Ellucian's Global Browser Support Calendar
    Ellucian's Global Browser Support Calendar Publication of Ellucian’s Oracle Support Calendar and Browser Support Calendar for Banner is migrating to Ellucian eCommunities in the Banner General and Technical Forum (https://ecommunities.ellucian.com/community/banner-technical). Publication of this information via the Banner Compatibility Matrix web application will end December 2018. The following browsers and versions are supported by all Ellucian products except where noted in the "Notes & Exceptions" column. Browser Support Support Support Browser OS Notes & Exceptions Begins Ends *Ellucian makes every attempt to support the latest browsers with the latest releases of our products. Firefox and Chrome support may be limited to the current version and one back for most products except where noted in the Currently Chrome (all) Windows* documentation. Due to NPAPI plugin Supported dependencies, Banner 8.x INB is no longer supported on Chrome 45 and higher. Please see Article 000035689 for more information about browser restrictions for Banner 8.x INB support. *Ellucian makes every attempt to support the latest browsers with the latest releases of our products. Firefox and Chrome support may be limited to the current version and one back for most products except where noted in the documentation. Due to NPAPI plugin dependencies, please see Article 000035689 for more information about browser restrictions for Banner 8.x INB support. Firefox no longer supports NPAPI plugins, including the Java Windows* runtime, as of Firefox 52 3/7/2017). Currently Firefox (all) Supported Mac OS* Firefox Extended Support Release: While Ellucian has not been through a formal certification of the Firefox ESR browser, based on customer feedback, we will provide support to customers running Firefox ESR, for both Banner 8 and Banner 9, until Banner 8 INB moves to Sustaining Support.
    [Show full text]
  • Emscripten: an LLVM to Javascript Compiler
    Emscripten: An LLVM to JavaScript Compiler Alon Zakai Mozilla What? Why? Compiling to JavaScript ● The web is everywhere – PCs to iPads – No plugins, no installation required – Built on standards ● The web runs JavaScript Existing Compilers to JavaScript ● Google Web Toolkit: Java (Gmail, etc.) ● CoffeeScript ● Pyjamas: Python ● SCM2JS: Scheme ● JSIL: .NET bytecode ● (and many more) ● But C and C++ are missing! Emscripten ● Enables compiling C and C++ into JavaScript ● Written in JavaScript ● Open source http://emscripten.org https://github.com/kripken/emscripten Demos! ● Bullet ● SQLite ● Python, Ruby, Lua ● Real-world code – Large, complex codebases ● Manual ports exist – Typically partial and not up to date The Big Picture C or C++ LLVM Bitcode JavaScript Low Level Virtual Machine (LLVM) ● A compiler project (cf. GCC) ● Intermediate Representation: LLVM bitcode – Very well documented – Great tools ● Much easier to compile LLVM bitcode than compile C or C++ directly! How? Code Comparison #include <stdio.h> int main() { printf(“hello, world!\n”); return 0; } Code Comparison @.str = private unnamed_addr constant [15 x i8] c"hello, world!\0A\00", align 1 define i32 @main() { entry: %retval = alloca i32, align 4 call i32 (i8*, ...)* @printf(i8* getelementptr inbounds ([15 x i8]* @.str, i32 0, i32 0)) store i32 0, i32* %retval ret i32 %retval } Code Comparison define i32 @main() { function _main() { entry: %retval = alloca i32, var _retval; align 4 call i32 (i8*, ...)* _printf (..); @printf (..) store i32 0, i32* _retval = 0; %retval ret
    [Show full text]
  • Machine Learning in the Browser
    Machine Learning in the Browser The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:38811507 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA Machine Learning in the Browser a thesis presented by Tomas Reimers to The Department of Computer Science in partial fulfillment of the requirements for the degree of Bachelor of Arts in the subject of Computer Science Harvard University Cambridge, Massachusetts March 2017 Contents 1 Introduction 3 1.1 Background . .3 1.2 Motivation . .4 1.2.1 Privacy . .4 1.2.2 Unavailable Server . .4 1.2.3 Simple, Self-Contained Demos . .5 1.3 Challenges . .5 1.3.1 Performance . .5 1.3.2 Poor Generality . .7 1.3.3 Manual Implementation in JavaScript . .7 2 The TensorFlow Architecture 7 2.1 TensorFlow's API . .7 2.2 TensorFlow's Implementation . .9 2.3 Portability . .9 3 Compiling TensorFlow into JavaScript 10 3.1 Motivation to Compile . 10 3.2 Background on Emscripten . 10 3.2.1 Build Process . 12 3.2.2 Dependencies . 12 3.2.3 Bitness Assumptions . 13 3.2.4 Concurrency Model . 13 3.3 Experiences . 14 4 Results 15 4.1 Benchmarks . 15 4.2 Library Size . 16 4.3 WebAssembly . 17 5 Developer Experience 17 5.1 Universal Graph Runner .
    [Show full text]
  • CSS Browser Selector Plus: a Javascript Library to Support Cross-Browser Responsive Design Richard Duchatsch Johansen Talita C
    CSS Browser Selector Plus: A JavaScript Library to Support Cross-browser Responsive Design Richard Duchatsch Johansen Talita C. Pagani Britto Cesar Augusto Cusin W3C Accessibility WG Member and Assistant Coordinator Professor at Faculdade Paraíso do Senior Front-end Developer at of Educational Projects - MStech Ceará and W3C Accessibility WG Eventials – Rua Itapaiúna, 2434 Rua Joaquim Anacleto Bueno, 1-42 Member – Rua da Conceição, 1228 São Paulo – SP – Brazil, Zip Code Bauru – SP – Brazil, Juazeiro do Norte – CE – Brazil, 05707-001 Zip Code 17047-281 Zip Code 63010-465 +55 14 9711-7983 +55 14 3235-5500 +55 15 8100-4466 [email protected] [email protected] [email protected] ABSTRACT means you can use CSS Media Queries to tweak a CSS for a Developing websites for multiples devices have been a rough task mobile devices, printer or create a responsive site. for the past ten years. Devices features change frequently and new Media queries is an extension to the @media (or media=”” devices emerge every day. Since W3C introduced media queries attribute, in <link> tag) specification on CSS, allowing in CSS3, it’s possible to developed tailored interfaces for multiple declaration of conditional queries expressions to detect particular devices using a single HTML document. CSS3 media queries media features, such as viewport width, display color, orientation have been used to support adaptive and flexible layouts, however, and resolution [1], as shown on Table 1. it’s not supported in legacy browsers. In this paper, we present CSS Browser Selector Plus, a cross-browser alternative method Table 1.
    [Show full text]
  • Rich Internet Applications
    Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight Master of Science Thesis in the Programme Software Engineering and Technology CARL-DAVID GRANBÄCK Department of Computer Science and Engineering CHALMERS UNIVERSITY OF TECHNOLOGY UNIVERSITY OF GOTHENBURG Göteborg, Sweden, October 2009 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight CARL-DAVID GRANBÄCK © CARL-DAVID GRANBÄCK, October 2009. Examiner: BJÖRN VON SYDOW Department of Computer Science and Engineering Chalmers University of Technology SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden, October 2009 Abstract This Master's thesis report describes and compares the three Rich Internet Application !RIA" frameworks Adobe Flex, JavaFX and Microsoft Silverlight.
    [Show full text]
  • Webcl for Hardware-Accelerated Web Applications
    WebCL for Hardware-Accelerated Web Applications Won Jeon, Tasneem Brutch, and Simon Gibbs What is WebCL? • WebCL is a JavaScript binding to OpenCL. • WebCL enables significant acceleration of compute-intensive web applications. • WebCL currently being standardized by Khronos. 2 tizen.org Contents • Introduction – Motivation and goals – OpenCL • WebCL – Demos – Programming WebCL – Samsung’s Prototype: implementation & performance • Standardization – Khronos WebCL Working Group – WebCL robustness and security – Standardization status • Conclusion – Summary and Resources 3 tizen.org Motivation • New mobile apps with high compute demands: – augmented reality – video processing – computational photography – 3D games 4 tizen.org Motivation… • GPU offers improved FLOPS and FLOPS/watt as compared to CPU. FLOPS/ GPU watt CPU year 5 tizen.org Motivation… • Web-centric platforms 6 tizen.org OpenCL: Overview • Features – C-based cross-platform programming interface – Kernels: subset of ISO C99 with language extensions – Run-time or build-time compilation of kernels – Well-defined numerical accuracy (IEEE 754 rounding with specified maximum error) – Rich set of built-in functions: cross, dot, sin, cos, pow, log … 7 tizen.org OpenCL: Platform Model • A host is connected to one or more OpenCL devices • OpenCL device – A collection of one or more compute units (~ cores) – A compute unit is composed of one or more processing elements (~ threads) – Processing elements execute code as SIMD or SPMD 8 tizen.org OpenCL: Execution Model • Kernel – Basic unit
    [Show full text]
  • Seamless Offloading of Web App Computations from Mobile Device to Edge Clouds Via HTML5 Web Worker Migration
    Seamless Offloading of Web App Computations From Mobile Device to Edge Clouds via HTML5 Web Worker Migration Hyuk Jin Jeong Seoul National University SoCC 2019 Virtual Machine & Optimization Laboratory Department of Electrical and Computer Engineering Seoul National University Computation Offloading Mobile clients have limited hardware resources Require computation offloading to servers E.g., cloud gaming or cloud ML services for mobile Traditional cloud servers are located far from clients Suffer from high latency 60~70 ms (RTT from our lab to the closest Google Cloud DC) Latency<50 ms is preferred for time-critical games Cloud data center End device [Kjetil Raaen, NIK 2014] 2 Virtual Machine & Optimization Laboratory Edge Cloud Edge servers are located at the edge of the network Provide ultra low (~a few ms) latency Central Clouds Mobile WiFi APs Small cells Edge Device Cloud Clouds What if a user moves? 3 Virtual Machine & Optimization Laboratory A Major Issue: User Mobility How to seamlessly provide a service when a user moves to a different server? Resume the service at the new server What if execution state (e.g., game data) remains on the previous server? This is a challenging problem Edge computing community has struggled to solve it • VM Handoff [Ha et al. SEC’ 17], Container Migration [Lele Ma et al. SEC’ 17], Serverless Edge Computing [Claudio Cicconetti et al. PerCom’ 19] We propose a new approach for web apps based on app migration techniques 4 Virtual Machine & Optimization Laboratory Outline Motivation Proposed system WebAssembly
    [Show full text]
  • Redalyc.NEW WEB TECHNOLOGIES for ASTRONOMY
    Revista Mexicana de Astronomía y Astrofísica ISSN: 0185-1101 [email protected] Instituto de Astronomía México Sprimont, P-G.; Ricci, D.; Nicastro, L. NEW WEB TECHNOLOGIES FOR ASTRONOMY Revista Mexicana de Astronomía y Astrofísica, vol. 45, 2014, pp. 75-78 Instituto de Astronomía Distrito Federal, México Available in: http://www.redalyc.org/articulo.oa?id=57132995026 How to cite Complete issue Scientific Information System More information about this article Network of Scientific Journals from Latin America, the Caribbean, Spain and Portugal Journal's homepage in redalyc.org Non-profit academic project, developed under the open access initiative RevMexAA (Serie de Conferencias) , 45 , 75–78 (2014) NEW WEB TECHNOLOGIES FOR ASTRONOMY P-G. Sprimont, 1 D. Ricci, 2 and L. Nicastro 1 RESUMEN Gracias a las nuevas capacidades de HTML5, y las grandes mejoras del lenguaje JavaScript es posible disen˜ar interfaces web muy complejas e interactivas. Adem´as, los servidores que eran una vez monol´ıticos y orientados a servir archivos, est´an evolucionando a aplicaciones de servidor f´acilmente programables, capaces de lidiar con interacciones complejas gracias a la nueva generaci´onde navegadores. Nosotros creemos que la comunidad de astr´onomos profesionales y aficionados entera puede beneficiarse del potencial de estas nuevas tecnolog´ıas. Nuevas interfaces web pueden ser disen˜adas para proveer al usuario con herramientas mucho m´as intuitivas e interactivas. Acceder a archivos de datos astron´omicos, controlar y monitorear observatorios y en particu- lar telescopios rob´oticos, supervisar pipelines de reducci´on de datos, son todas capacidades que pueden ser imp lementadas en una aplicaci´on web JavaScript.
    [Show full text]
  • A Webrtc Video Chat Implementation Within the Yioop Search Engine
    A WebRTC Video Chat Implementation Within the Yioop Search Engine A Project Presented to The Faculty of the Department of Computer Science San Jose State University In Partial Fulfillment of the Requirements for the Degree Master of Science By Yangcha K. Ho May 2019 ©2019 Yangcha K. Ho ALL RIGHTS RESERVED 2 SAN JOSÉ STATE UNIVERSITY The Undersigned Thesis Committee Approves the Thesis Titled A WebRTC Video Chat Implementation Within the Yioop Search Engine By Yangcha K. Ho APPROVED FOR THE DEPARTMENT OF COMPUTER SCIENCE ___________________________________________________________ Dr. Chris Pollett, Department of Computer Science 05/20/2019 __________________________________________________________ Dr. Melody Moh, Department of Computer Science 05/20/2019 _________________________________________________________ Dr. Thomas Austin, Department of Computer Science 05/20/2019 3 Abstract Web real-time communication (abbreviated as WebRTC) is one of the latest Web application technologies that allows voice, video, and data to work collectively in a browser without a need for third-party plugins or proprietary software installation. When two browsers from different locations communicate with each other, they must know how to locate each other, bypass security and firewall protections, and transmit all multimedia communications in real time. This project not only illustrates how WebRTC technology works but also walks through a real example of video chat-style application. The application communicates between two remote users using WebSocket and the data encryption algorithm specified in WebRTC technology. This project concludes with a description of the WebRTC video chat application’s implementation in Yioop.com, a PHP-based internet search engine. 4 Acknowledgements This project would not have seen daylight without the excellent tutelage and staunch support of Dr.
    [Show full text]
  • Onclick Event-Handler
    App Dev Stefano Balietti Center for European Social Science Research at Mannheim University (MZES) Alfred-Weber Institute of Economics at Heidelberg University @balietti | stefanobalietti.com | @nodegameorg | nodegame.org Building Digital Skills: 5-14 May 2021, University of Luzern Goals of the Seminar: 1. Writing and understanding asynchronous code: event- listeners, remote functions invocation. 2. Basic front-end development: HTML, JavaScript, CSS, debugging front-end code. 3. Introduction to front-end frameworks: jQuery and Bootstrap 4. Introduction to back-end development: NodeJS Express server, RESTful API, Heroku cloud. Outputs of the Seminar: 1. Web app: in NodeJS/Express. 2. Chrome extensions: architecture and examples. 3. Behavioral experiment/survey: nodeGame framework. 4. Mobile development: hybrid apps with Apache Cordova, intro to Ionic Framework, progressive apps (PWA). Your Instructor: Stefano Balietti http://stefanobalietti.com Currently • Fellow in Sociology Mannheim Center for European Social Research (MZES) • Postdoc at the Alfred Weber Institute of Economics at Heidelberg University Previously o Microsoft Research - Computational Social Science New York City o Postdoc Network Science Institute, Northeastern University o Fellow IQSS, Harvard University o PhD, Postdoc, Computational Social Science, ETH Zurich My Methodology Interface of computer science, sociology, and economics Agent- Social Network Based Analysis Models Machine Learning for Optimal Experimental Experimental Methods Design Building Platforms Patterns
    [Show full text]