Toward Secure Embedded Web Interfaces

Authors: 

Baptiste Gourdin, LSV ENS-Cachan; Chinmay Soman, Stanford University; Hristo Bojinov, Stanford University; Elie Bursztein, Stanford University

Abstract: 

We address the challenge of building secure embedded web interfaces by proposing WebDroid: the first framework specifically dedicated to this purpose. Our design extends the Android Framework, and enables developers to create easily secure web interfaces for their applications. To motivate our work, we perform an in-depth study of the security of web interfaces embedded in consumer electronics devices, uncover significant vulnerabilities in all the devices examined, and categorize the vulnerabilities. We demonstrate how our framework’s security mechanisms prevent embedded applications from suffering the vulnerabilities exposed by our audit. Finally we evaluate the efficiency of our framework in terms of performance and security.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {266539,
author = {Baptiste Gourdin and Chinmay Soman and Hristo Bojinov and Elie Bursztein},
title = {Toward Secure Embedded Web Interfaces},
booktitle = {20th USENIX Security Symposium (USENIX Security 11)},
year = {2011},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/usenix-security-11/toward-secure-embedded-web-interfaces},
publisher = {USENIX Association},
month = aug
}
Download

Presentation Video

Presentation Audio

Links

Paper: 
http://www.usenix.org/events/sec11/tech/full_papers/Gourdin.pdf
Slides: 
http://www.usenix.org/events/sec11/tech/slides/gourdin.pdf