DeView: Confining Progressive Web Applications by Debloating Web APIs
- Authors
- Oh, C.[Oh, C.]; Lee, S.[Lee, S.]; Qian, C.[Qian, C.]; Koo, H.[Koo, H.]; Lee, W.[Lee, W.]
- Issue Date
- 5-Dec-2022
- Publisher
- Association for Computing Machinery
- Keywords
- Browser; Debloating; Program Analysis; Progressive Web Application; PWA; Record-and-Replay; Web APIs
- Citation
- ACM International Conference Proceeding Series, pp.881 - 895
- Indexed
- SCOPUS
- Journal Title
- ACM International Conference Proceeding Series
- Start Page
- 881
- End Page
- 895
- URI
- https://scholarworks.bwise.kr/skku/handle/2021.sw.skku/105624
- DOI
- 10.1145/3564625.3567987
- ISSN
- 0000-0000
- Abstract
- A progressive web application (PWA) becomes an attractive option for building universal applications based on feature-rich web Application Programming Interfaces (APIs). While flexible, such vast APIs inevitably bring a significant increase in an API attack surface, which commonly corresponds to a functionality that is neither needed nor wanted by the application. A promising approach to reduce the API attack surface is software debloating, a technique wherein an unused functionality is programmatically removed from an application. Unfortunately, debloating PWAs is challenging, given the monolithic design and non-deterministic execution of a modern web browser. In this paper, we present DeView, a practical approach that reduces the attack surface of a PWA by blocking unnecessary but accessible web APIs. DeView tackles the challenges of PWA debloating by i) record-and-replay web API profiling that identifies needed web APIs on an app-by-app basis by replaying (recorded) browser interactions and ii) compiler-assisted browser debloating that eliminates the entry functions of corresponding web APIs from the mapping between web API and its entry point in a binary. Our evaluation shows the effectiveness and practicality of DeView. DeView successfully eliminates 91.8% of accessible web APIs while i) maintaining original functionalities and ii) preventing 76.3% of known exploits on average. © 2022 Owner/Author.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Computing and Informatics > Computer Science and Engineering > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/skku/handle/2021.sw.skku/105624)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.