DOCSLIB.ORG

Checking Cryptographic API Specifications in Javascript

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Checking Cryptographic API Specifications in Javascript Checking Cryptographic API Specifications in JavaScript Duncan Mitchell Submitted in fulfillment for the degree of Doctor of Philosophy Department of Computer Science Royal Holloway, University of London Declaration of Authorship The work presented in this thesis is the result of original research carried out by myself, in collaboration with others, whilst enrolled in the Depart- ment of Computer Science as a candidate for the degree of Doctor of Phi- losophy. This work has not been submitted for any other degree or award in any other university or educational establishment. Duncan Mitchell September 2019 i Acknowledgments I would like to thank my supervisor and academic mentor Johannes Kinder for his advice and guidance throughout this journey. His faith in me and drive for me to succeed have been an invaluable source of encouragement. I would like to thank all my lab mates for creating an enjoyable and con- genial place to undertake this PhD. In particular, to Blake Loring for our fruitful collaborations and his work on ExpoSE, and to Thomas van Bins- bergen for being so welcoming and generous with his time. I would also like to thank Claudio Rizzo and James Patrick-Evans for proof-reading and technical discussions, but most importantly good company. To Dave Cohen, Carlos Matos, Jasper Lyons and Matthew Hague: thank you for the opportunity to enrich my research life through teaching. I would like to thank Calum and Dan for taking a close interest in my work and their enthusiasm for my future. To my parents, for fostering my love of science, technology and mathe- matics, for their unfailing support and for every opportunity that bought me to this point. Finally, to Holly, my rock: without you, I would not be writing this. iii Abstract Increased awareness of privacy concerns on the Internet has encouraged developers towards implementing strong cryptography by default, in a trend dubbed “ubiquitous encryption”. For instance, web applications for messaging platforms routinely implement client-side cryptography in JavaScript for true end-to-end encryption. The standardization of cryp- tographic APIs in JavaScript through the W3C Web Cryptography API, WebCrypto, has made strong cryptography available to non-expert web developers. However, cryptographic APIs are often hard to use correctly; the clash between the agile mindset of JavaScript developers and the re- quirements of secure software engineering leads to lingering problems. Further, JavaScript’s dynamic types and often surprising semantics make it difficult to spot subtle security bugs, and such errors do not lead to fail- ing test cases or visible errors. In this thesis, we propose an automatic mechanism for the detection of incorrect usage of cryptographic APIs in JavaScript. We introduce a sys- tem of Security Annotations: type-like tags which express security proper- ties of values, e.g., whether a value is a ciphertext, or a cryptographically secure random value. Security Annotations are transparent to client code until they encounter an error, in which case the program under test fails. We formalize the notion of Security Annotations in a small lambda calcu- lus, and use this to motivate the design of Security Annotations within an executable formal semantics for JavaScript. We construct a specification of v the WebCrypto API and prove security guarantees in this setting. Finally, we implement Security Annotations within full JavaScript via source code instrumentation and use this to analyze both hand-crafted examples and real-world JavaScript applications. vi Contents 1 Introduction1 1.1 Context . .1 1.1.1 Cryptography . .1 1.1.2 Implementing Cryptography . .2 1.1.3 Detecting Cryptographic Errors . .4 1.1.4 JavaScript and Cryptography . .5 1.2 The Problem . .7 1.3 The Approach . .8 1.4 Analyzing String Manipulating Programs . 10 1.5 Contributions . 12 2 Background 15 2.1 Analyzing Cryptographic Implementations . 15 2.2 Analyzing JavaScript Programs . 18 2.3 JavaScript and Cryptography . 22 2.4 Test Generation for JavaScript . 27 2.4.1 A Primer on Dynamic Symbolic Execution . 28 2.4.2 ExpoSE: Practical DSE for JavaScript . 30 3 Structure of Security Annotations 33 3.1 What are Security Annotations? . 34 3.2 Formalizing Security Annotations . 39 3.3 The cut Operator . 47 vii Contents 3.4 Related Work . 49 4 A Lambda Calculus of Security Annotations 51 4.1 Design Decisions for λSA ..................... 51 4.2 Syntax of λSA ............................ 55 4.3 Dynamics . 57 4.4 Statics . 59 4.4.1 A Subtyping Relation . 59 4.4.2 Annotated typing rules for λSA ............. 61 4.5 Manipulating Security Annotations in λSA ........... 63 4.6 Annotated Type Safety for λSA .................. 68 4.6.1 Preservation for λSA ................... 68 4.6.2 Progress for λSA ...................... 76 4.6.3 Discussion . 78 4.7 Related Work . 80 5 A Semantics for Security Annotations in JavaScript 81 5.1 Working with a semantics for JavaScript . 82 5.2 A More Complex Language . 83 5.3 Syntax of S5SA ........................... 87 5.4 Semantics for S5SA ........................ 88 5.4.1 Coercing Security Annotations . 88 5.4.2 Checking Security Annotations . 90 5.4.3 Completing S5SA ..................... 91 5.5 Implementing S5SA ........................ 93 5.5.1 Declaring Annotations . 93 5.5.2 Deciding ≺:......................... 96 5.5.3 Adapting The Semantics of S5SA ............ 96 5.5.4 Mechanizing Functions . 98 5.6 Executing JavaScript in S5SA ................... 99 viii Contents 5.7 Using S5SA: A Case Study . 102 5.8 Properties of S5SA Programs . 106 5.8.1 Safety Guarantees . 106 5.8.2 Security Guarantees . 109 5.8.3 Security Guarantees in Practice . 110 5.8.4 Limitations . 112 5.9 Related Work . 115 6 Sound Regular Expression Semantics for the Dynamic Sym- bolic Execution of JavaScript 117 6.1 ECMAScript Regex . 119 6.2 Approach . 122 6.3 Modeling ES6 Regex . 127 6.3.1 Preprocessing . 127 6.3.2 Operators and Capture Groups . 129 6.3.3 Backreferences . 131 6.3.4 Modeling Non-membership . 134 6.4 Matching Precedence Refinement . 135 6.4.1 Matching Precedence . 135 6.4.2 Termination of the Scheme . 138 6.4.3 Soundness of the Model . 138 6.5 Modeling the ES6 Regex API . 139 6.6 Consequences of this Model . 140 6.7 Related Work . 141 7 Security Annotations for JavaScript 145 7.1 Implementation . 145 7.1.1 Security Annotations . 146 7.1.2 Attaching Annotations . 147 7.1.3 Complications: Annotating Objects. 148 ix Contents 7.1.4 Manipulating Annotations . 151 7.2 Establishing Faithfulness . 153 7.3 A Testing Strategy for the Detection of Cryptographic Errors 155 7.4 From S5SA to ExpoSESA ...................... 156 7.5 Case Studies . 162 7.5.1 secret-notes . 162 7.5.2 hat.sh: A File Encryption Serivce . 167 8 Conclusions 173 Bibliography 177 x List of Figures 2.1 The ExpoSE architecture [60]. 31 3.1 The atomic Security Annotation hierarchy for Listing 3.1. 41 4.1 Syntax of λSA: programs, terms, values and prevalues. 56 4.2 Syntax of λSA: types, environments and Security Annotations. 57 4.3 Runtime semantics for λSA.................... 59 4.4 Annotated subtyping rules for λSA................ 60 4.5 Static semantics for λSA...................... 61 4.6 Adding Security Annotations within λSA............ 64 4.7 Removing Security Annotations within λSA........... 65 4.8 Copying Security Annotations within λSA............ 66 5.1 The reduction relations for S5 [81]. 82 5.2 The syntax of S5 [81]. 84 5.3 Syntax modifications to add Security Annotations to S5. 86 5.4 Judgments for coercing annotations: as, drop and cpAnn... 89 5.5 Function application with Security Annotation enforcement. 90 5.6 Judgments for setting, deleting and adding fields. 92 5.7 Judgments for SecAnn....................... 94 5.8 Judgments for SecAnn Extends................. 95 5.9 Reduction relations enriched with the annotation store. 98 5.10 Judgments for as enriched with the annotation store. 99 xi List of Figures 5.11 Function application enriched with an annotation store. 100 xii List of Listings 2.1 A program using async/await ................. 25 2.2 A simple branching JavaScript program. 29 3.1 An annotated shim of WebCrypto’s encrypt API. 38 4.1 Typing the if construct. 63 4.2 Typing the drop operator. 65 4.3 Typing the cpAnn operator. 66 5.1 A simple JavaScript program using Security Annotations. 85 5.2 The S5SA program corresponding to Listing 5.1. 85 5.3 An annotated shim for a fragment of the WebCrypto API. 104 5.4 Case Study: constructing the IV. 105 5.5 Case Study: the developer’s encrypt function. 105 6.1 Using complex regex features to match an XML tag. 124 7.1 Annotating a JavaScript Value. 148 7.2 Annotating objects vs. their references. 149 7.3 A mock for WebCrypto’s decrypt method. 158 7.4 A shim for WebCrypto’s decrypt method. 159 7.5 Modifications to test an application in ExpoSESA........ 160 7.6 Processing the message to be sent. 161 xiii List of Listings 7.7 A testing harness for the integrity tutorial in secret-notes. 164 7.8 Shims for digest and verify.................. 165 7.9 Extending the shim for deriveKey................ 166 7.10 Deriving a key from a password in hat.sh [93]. 169 7.11 Automatically generating a password in hat.sh [93]. 170 xiv List of Tables 2.1 Cryptographic algorithms supported by WebCrypto. 26 6.1 Regular expression operators, separated by classes of prece- dence. 122 6.2 Models for regex operators. 130 6.3 Modeling backreferences. 132 6.4 Contribution of different components of the model to test- ing 1; 131 NPM packages, showing number (#) and fraction (%) of packages with line coverage improvements. 141 xv Introduction 1 1.1 Context 1.1.1 Cryptography In the modern world, cryptography is ubiquitous.
Load more

Recommended publications
  • Oracle® Server X5-8 Product Notes
    ® Oracle Server X5-8 Product Notes Part No: E56303-20 August 2021 Oracle Server X5-8 Product Notes Part No: E56303-20 Copyright © 2015, 2021, Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • PRIMERGY RX300 S5 Operating Manual
    PRIMERGY RX300 S5 Operating manual Edition september 2009 Comments… Suggestions… Corrections… The User Documentation Department would like to know your opinion of this manual. Your feedback helps us optimize our documentation to suit your individual needs. Feel free to send us your comments by e-mail to [email protected]. Certified documentation according to DIN EN ISO 9001:2000 To ensure a consistently high quality standard and user-friendliness, this documentation was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001:2000. cognitas. Gesellschaft für Technik-Dokumentation mbH www.cognitas.de Copyright and Trademarks Copyright © 2009 Fujitsu Technology Solutions GmbH. All rights reserved. Delivery subject to availability. The right to technical modification is reserved. All hardware and software names used are trade names and/or trademarks of their respective manufacturers. Contents 1 Preface . 7 1.1 Concept and target groups for this manual . 7 1.2 Documentation overview . 8 1.3 Features . 10 1.4 Notational conventions . 22 1.5 Technical data . 23 2 Installation steps, overview . 25 3 Important information . 27 3.1 Safety instructions . 27 3.2 ENERGY STAR . 34 3.3 CE conformity . 34 3.4 FCC Class A Compliance Statement . 35 3.5 Transporting the server . 36 3.6 Notes on installing in the rack . 37 3.7 Environmental protection . 38 4 Hardware installation . 41 4.1 Unpacking the server . 42 4.2 Installing/removing the server in/from the rack . 43 4.2.1 Rack system requirements . 43 4.2.2 Installation in PRIMECENTER/DataCenter Rack .
    [Show full text]
  • Appendix a the Ten Commandments for Websites
    Appendix A The Ten Commandments for Websites Welcome to the appendixes! At this stage in your learning, you should have all the basic skills you require to build a high-quality website with insightful consideration given to aspects such as accessibility, search engine optimization, usability, and all the other concepts that web designers and developers think about on a daily basis. Hopefully with all the different elements covered in this book, you now have a solid understanding as to what goes into building a website (much more than code!). The main thing you should take from this book is that you don’t need to be an expert at everything but ensuring that you take the time to notice what’s out there and deciding what will best help your site are among the most important elements of the process. As you leave this book and go on to updating your website over time and perhaps learning new skills, always remember to be brave, take risks (through trial and error), and never feel that things are getting too hard. If you choose to learn skills that were only briefly mentioned in this book, like scripting, or to get involved in using content management systems and web software, go at a pace that you feel comfortable with. With that in mind, let’s go over the 10 most important messages I would personally recommend. After that, I’ll give you some useful resources like important websites for people learning to create for the Internet and handy software. Advice is something many professional designers and developers give out in spades after learning some harsh lessons from what their own bitter experiences.
    [Show full text]
  • Kubuntu Desktop Guide
    Kubuntu Desktop Guide Ubuntu Documentation Project <[email protected]> Kubuntu Desktop Guide by Ubuntu Documentation Project <[email protected]> Copyright © 2004, 2005, 2006 Canonical Ltd. and members of the Ubuntu Documentation Project Abstract The Kubuntu Desktop Guide aims to explain to the reader how to configure and use the Kubuntu desktop. Credits and License The following Ubuntu Documentation Team authors maintain this document: • Venkat Raghavan The following people have also have contributed to this document: • Brian Burger • Naaman Campbell • Milo Casagrande • Matthew East • Korky Kathman • Francois LeBlanc • Ken Minardo • Robert Stoffers The Kubuntu Desktop Guide is based on the original work of: • Chua Wen Kiat • Tomas Zijdemans • Abdullah Ramazanoglu • Christoph Haas • Alexander Poslavsky • Enrico Zini • Johnathon Hornbeck • Nick Loeve • Kevin Muligan • Niel Tallim • Matt Galvin • Sean Wheller This document is made available under a dual license strategy that includes the GNU Free Documentation License (GFDL) and the Creative Commons ShareAlike 2.0 License (CC-BY-SA). You are free to modify, extend, and improve the Ubuntu documentation source code under the terms of these licenses. All derivative works must be released under either or both of these licenses. This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER. Copies of these licenses are available in the appendices section of this book. Online versions can be found at the following URLs: • GNU Free Documentation License [http://www.gnu.org/copyleft/fdl.html] • Attribution-ShareAlike 2.0 [http://creativecommons.org/licenses/by-sa/2.0/] Disclaimer Every effort has been made to ensure that the information compiled in this publication is accurate and correct.
    [Show full text]
  • Transport Protocols
    Transport Protocols Reading: Sec. 2.5, 5.1 – 5.2, 6.1 – 6.4 Slides by Rexford @ Princeton & Slides accompanying the Internet Lab Manual, slightly altered by M.D. Goals for Today’s Lecture • Principles underlying transport-layer services – (De)multiplexing – Reliable delivery – Flow control – Congestion control • Transport-layer protocols in the Internet – User Datagram Protocol (UDP) • Simple (unreliable) message delivery • Realized by a SOCK_DGRAM socket – Transmission Control Protocol (TCP) • Reliable bidirectional stream of bytes • Realized by a SOCK_STREAM socket 2 Transport Layer • Transport layer protocols are end-to-end protocols • They are only implemented at the end hosts HOST HOST Application Application Transport Transport Network Network Network Data Link Data Link Data Link Data Link 3 Role of Transport Layer • Application layer – Between applications (e.g., browsers and servers) – E.g., HyperText Transfer Protocol (HTTP), File Transfer Protocol (FTP), Network News Transfer Protocol (NNTP) • Transport layer – Between processes (e.g., sockets) – Relies on network layer and serves the application layer – E.g., TCP and UDP • Network layer – Between nodes (e.g., routers and hosts) – Hides details of the link technology (e.g., IP) 4 Context User User User User Application Process Process Process Process Layer TCP UDP Transport Layer ICMP IP IGMP Network Layer Hardware ARP RARP Interface Link Layer Media 5 Context To which application ? TCP header TCP data ICMP UDP TCP 1 IGMP 2 17 6 TCP ) ( IP header hdr DEST SRC Protocol type cksum IP IP data ) ( ) ( Others 0806 8035 0800 ARP RARP IP IPIPIP ) ( dest source MAC MAC Ethernet frame type data CRC ) ( 6 Port Numbers • UDP (and TCP) use port numbers to identify applications • A globally unique address at the transport layer (for both UDP and TCP) is a tuple <IP address, port number> • There are 65,535 UDP ports per host.
    [Show full text]
  • Templates, Microformats and Structured Editing Francesc Campoy Flores, Vincent Quint, Irène Vatton
    Templates, Microformats and Structured Editing Francesc Campoy Flores, Vincent Quint, Irène Vatton To cite this version: Francesc Campoy Flores, Vincent Quint, Irène Vatton. Templates, Microformats and Structured Editing. ACM Symposium on Document Engineering, Oct 2006, Amsterdam, Netherlands. pp.188- 197, 10.1145/1166160.1166211. inria-00193958 HAL Id: inria-00193958 https://hal.inria.fr/inria-00193958 Submitted on 5 Dec 2007 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Templates, Microformats and Structured Editing Francesc Campoy Flores Vincent Quint Irene` Vatton INRIA Rhone-Alpesˆ INRIA Rhone-Alpesˆ INRIA Rhone-Alpesˆ 655 avenue de l’Europe 655 avenue de l’Europe 655 avenue de l’Europe 38334 Saint Ismier, France 38334 Saint Ismier, France 38334 Saint Ismier, France francesc.campoy- [email protected] [email protected][email protected] ABSTRACT the server side only, as a source format from which other rep- Microformats and semantic XHTML add semantics to web resentations are derived. Documents are transformed into pages while taking advantage of the existing (X)HTML in- XHTML before delivery to the client. This ensures that frastructure. This approach enables new applications that information can be presented on many different types of de- can be deployed smoothly on the web.
    [Show full text]
  • Certified Desugaring of Javascript
    Certified desugaring of Javascript JS meets JSCert Marek Materzok 1 Introduction Marek Materzok – Certified desugaring of Javascript 2 What is JSCert EcmaScript 5 formalized in Coq Verified and tested interpreter (JSRef) Interpreter extracted to OCaml Marek Materzok – Certified desugaring of Javascript 3 What is JS (S5 variant) A core calculus for EcmaScript 5, based on the call-by-value lambda calculus An embedding of ES5 into the core calculus (the desugaring function) The environment file – ES5 algorithms and built-in objects implemented in the core calculus Interpreter of the core calculus Marek Materzok – Certified desugaring of Javascript 4 Usefulness of JS Designing of type systems and program analysis tools Examples: typecheckers for Javascript (TeJaS, Strobe) Uses: ADsafety, typed jQuery, verified private browsing More info: http://www.jswebtools.org/ Marek Materzok – Certified desugaring of Javascript 5 LambdaCert: S5 married with JSCert Semantics of the S5 core calculus formalized in Coq The interpreter reimplemented in Coq Desugaring function (ES5 to S5 core) reimplemented in Coq Interpreter + desugaring extracted to OCaml Equivalence proof for the semantics and the interpreter Work in progress: proving soundness of S5 (core + desugaring + environment) with respect to JSCert Marek Materzok – Certified desugaring of Javascript 6 What’s done? A lot. What’s not (yet) done? bit-shift operators for, for-in, do-while, switch eval arguments object function object creation / defineOwnProperty / internal methods for some
    [Show full text]
  • Slidy - a Web Based Alternative to Microsoft Powerpoint
    Slidy - a web based alternative to Microsoft PowerPoint Dave Raggett W3C/Volantis [email protected] © 2006 Dave Raggett Abstract HTML Slidy is an open source Web-based alternative to Microsoft PowerPoint based upon XHTML, CSS and JavaScript, and which runs on a wide variety of browsers. I will introduce Slidy, and describe the challenges faced in developing an accessible cross platform browser-based editor for slide presentations. Slidy is available at http://www.w3.org/Talks/Tools/Slidy/ Introduction Slide presentations are a familiar part of life. In Victorian times, presenters were able to project images of glass slides and opaque objects using a device called an epidiascope. In the last century these were superseded by 35mm slides and the overhead projector. As computers and inkjet printers become more affordable, computer generated slides took over from hand drawn foils. This era came to an end with the spread of the video projector which displays slides directly from the computer. Today Microsoft PowerPoint is omnipresent. The first version was released in 1987 for the Apple Macintosh and used to produce black and white overhead transparencies. Microsoft bought the company that produced it (Forethought) and adapted it for use on Windows, and PowerPoint has been part of the Microsoft Office suite since 1990. One of the problems with PowerPoint is the difficulty of making your slides available to others. The files tend to be very large and many people are suspicious of binary email attachments. Another problem is that the format is proprietary to Microsoft so that you are dependent on one company for the software needed to produce and view the slides.
    [Show full text]
  • The A.D.E. Taxonomy of Spreadsheet Application Development
    Edith Cowan University Research Online Theses: Doctorates and Masters Theses 1992 The A.D.E. taxonomy of spreadsheet application development Maria Jean Hall Edith Cowan University Follow this and additional works at: https://ro.ecu.edu.au/theses Part of the Software Engineering Commons Recommended Citation Hall, M. J. (1992). The A.D.E. taxonomy of spreadsheet application development. https://ro.ecu.edu.au/ theses/1696 This Thesis is posted at Research Online. https://ro.ecu.edu.au/theses/1696 Edith Cowan University Copyright Warning You may print or download ONE copy of this document for the purpose of your own research or study. The University does not authorize you to copy, communicate or otherwise make available electronically to any other person any copyright material contained on this site. You are reminded of the following: Copyright owners are entitled to take legal action against persons who infringe their copyright. A reproduction of material that is protected by copyright may be a copyright infringement. Where the reproduction of such material is done without attribution of authorship, with false attribution of authorship or the authorship is treated in a derogatory manner, this may be a breach of the author’s moral rights contained in Part IX of the Copyright Act 1968 (Cth). Courts have the power to impose a wide range of civil and criminal sanctions for infringement of copyright, infringement of moral rights and other offences under the Copyright Act 1968 (Cth). Higher penalties may apply, and higher damages may be awarded, for offences and infringements involving the conversion of material into digital or electronic form.
    [Show full text]
  • Energy-Efficient Mobile Network I/O Optimization at the Application Layer
    Energy-Eicient Mobile Network I/O Optimization at the Application Layer Kemal Guner*, MD S Q Zulkar Nine*, Tevk Kosar*, M. Fatih Bulut‡ * University at Bualo (SUNY) ‡IBM Thomas J. Watson Research Center {kemalgne, mdsqzulk, tkosar}@bualo.edu, [email protected] ABSTRACT Limited battery power is becoming an increasingly crit- Mobile data trac (cellular + WiFi) will exceed PC Internet ical problem for smartphones and mobile computing, and trac by 2020. As the number of smartphone users and the many techniques have been proposed in the literature to amount of data transferred per smartphone grow exponen- overcome this at dierent layers. At the physical layer, tech- tially, limited battery power is becoming an increasingly niques were proposed to choose appropriate modulation, critical problem for mobile devices which depend on the coding, and transmission power control schemes to improve network I/O. Despite the growing body of research in power energy eciency of the mobile device [17, 19, 52, 54, 58]. At management techniques for the mobile devices at the hard- the media access control (MAC) layer, several new energy- ware layer as well as the lower layers of the networking stack, ecient MAC protocol designs were proposed [13, 39, 39, there has been little work focusing on saving energy at the 46, 63, 64, 67]. At the network layer, low-power and scal- application layer for the mobile systems during network I/O. able routing algorithms were developed [16, 53, 55, 59, 66]. In this paper, to the best of our knowledge, we are rst to pro- At the transport layer, trac shaping techniques [5] and vide an in-depth analysis of the eects of application-layer new transport protocols [5, 15, 24, 40, 77] were proposed to data transfer protocol parameters on the energy consump- exploit application-specic information and reduce power tion of mobile phones.
    [Show full text]
  • DA-683 Linux User's Manual
    DA-683 Linux User’s Manual First Edition, January 2011 www.moxa.com/product © 2011 Moxa Inc. All rights reserved. Reproduction without permission is prohibited. DA-683 Linux User’s Manual The software described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agreement. Copyright Notice Copyright ©2011 Moxa Inc. All rights reserved. Reproduction without permission is prohibited. Trademarks The MOXA logo is a registered trademark of Moxa Inc. All other trademarks or registered marks in this manual belong to their respective manufacturers. Disclaimer Information in this document is subject to change without notice and does not represent a commitment on the part of Moxa. Moxa provides this document as is, without warranty of any kind, either expressed or implied, including, but not limited to, its particular purpose. Moxa reserves the right to make improvements and/or changes to this manual, or to the products and/or the programs described in this manual, at any time. Information provided in this manual is intended to be accurate and reliable. However, Moxa assumes no responsibility for its use, or for any infringements on the rights of third parties that may result from its use. This product might include unintentional technical or typographical errors. Changes are periodically made to the information herein to correct such errors, and these changes are incorporated into new editions of the publication. Technical Support Contact Information www.moxa.com/support Moxa Americas Moxa China (Shanghai office) Toll-free: 1-888-669-2872 Toll-free: 800-820-5036 Tel: +1-714-528-6777 Tel: +86-21-5258-9955 Fax: +1-714-528-6778 Fax: +86-21-5258-5505 Moxa Europe Moxa Asia-Pacific Tel: +49-89-3 70 03 99-0 Tel: +886-2-8919-1230 Fax: +49-89-3 70 03 99-99 Fax: +886-2-8919-1231 Table of Contents 1.
    [Show full text]
  • Supported Browsers
    IBM Kenexa BrassRing on Cloud Supported Browsers Revision Date: July, 2017 Edition Notice Note: Before using this information and the product it supports, read the information in the following Notice section. This edition applies to IBM® Kenexa® BrassRing® on Cloud® Supported Browsers. Licensed Materials - Property of IBM © Copyright IBM® Corporation, 2017. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. ©.Copyright IBM Corporation, 2015-2017. All rights reserved 2 Notices This information was developed for products and services offered in the U.S.A and other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd.
    [Show full text]