FlowTwist: Efficient Context-Sensitive Inside- Out Taint Analysis for Large Codebases
|
|
|
- Brian Townsend
- 6 years ago
- Views:
Transcription
1 FlowTwist: Efficient Context-Sensitive Inside- Out Taint Analysis for Large Codebases Johannes Lerch, Ben Hermann, Eric Bodden, and Mira Mezini Technische Universität Darmstadt Software Technology Group 1
2 Oracle patches Java 7 vulnerability Breaking its quarterly update schedule, Oracle has released a new Java runtime that addresses recent security flaws. Aug 30,
3 Theory: Stack-based Access Control SecurityManager.checkPermission FilePermission, SocketPermission,... SecurityManager.checkWrite FilePermission, SocketPermission,... FileOutputStream.<init> FilePermission, SocketPermission,... Attacker.doEvil MyApplet.init Ø Ø = Ø 3
4 Theory: Stack-based Access Control public static Class<?> forname(string classname) throws ClassNotFoundException { return forname0(classname, true, ClassLoader.getCallerClassLoader()); Implicit Permission Check Class.forName Privileged ClassLoader Attacker.doEvil Unprivileged ClassLoader MyApplet.init Unprivileged ClassLoader 4
5 Leak in sun.beans.finder.classfinder (CVE ) public static Class<?> findclass(string classname) { try { ClassLoader cl = return Class.forName(className, false, cl); catch (ClassNotFoundException e) { throws SecurityException catch (SecurityException e) { return Class.forName(className); handled here 5
6 Leak in sun.beans.finder.classfinder (CVE ) public static Class<?> findclass(string classname) { try { ClassLoader cl = return Class.forName(className, Privileged false, ClassLoader cl); ClassFinder.findClass Privileged ClassLoader catch (ClassNotFoundException e) { Attacker.doEvil Unprivileged ClassLoader MyApplet.init catch (SecurityException e) { Unprivileged ClassLoader throws SecurityException return Class.forName(className); handled here 6
7 Deriving the Static Program Analysis Problem Caller Sensitive Track the return value Class.forName Privileged ClassLoader ClassFinder.findClass Privileged ClassLoader Attacker.doEvil MyApplet.init Unprivileged ClassLoader Unprivileged ClassLoader Track the parameter 7
8 Two Independent Analyses Source Caller Sensitive Sink Track the return value Track the parameter Sink Source 8
9 Two Independent Analyses: Not Context-Sensitive Caller Sensitive Track the return value Track the parameter 9
10 Pure Forward Context-Sensitive Approach Caller Sensitive Source Sink 10
11 Runtime [min] Results only Class.forName Maximum Heap Size [GB] 11
![Runtime [min] Results all Caller Sensitive Methods 40 35](/docs-images/78/78179457/images/12-2.jpg "30 25 20 15 10 5 0 10 9 8 7 6 5 4 3 Maximum Heap Size [GB]")
12 Runtime [min] Results all Caller Sensitive Methods Maximum Heap Size [GB] 12
13 Scale of the Problem Caller Sensitive ~45,000 methods 13
14 Scale of the Problem 64 methods Caller Sensitive 3,656 call sites ~45,000 methods 14
15 Exploit Imbalance to Improve Scalability 64 methods Caller Sensitive 3,656 call sites ~45,000 methods 15
16 IFDS Algorithm [17,19] Reports Leaks Caller Sensitive? 16
17 IFDS Algorithm: Computing Summaries a {a foo(a) { 1: a {a, b 2: b = a c = b a {a, b 3: return c 17
18 IFDS Algorithm: Computing Summaries foo(a) { 1: a {a, b 2: a {a, b, c 3: b = a c = b return c a {a b {b, c 18
19 IFDS Algorithm: Computing Summaries foo(a) { 1: b = a 2: a {a, b, c 3: c = b return c 19
20 Path Construction foo(a) { 1: b = a a {a, b pred(b) = a stmt(b) = #1 2: a {a, b, c 3: c = b return c a {a b {b, c pred(c) = b stmt(c) = #2 20
21 Path Construction: Merge at Branches bar(a) { if (...) { 1: b = a else { a {a, b 1 pred(b 1 ) = a stmt(b 1 ) = #1 2: a {a, b 1, b 2 b = a a {a, b 2 pred(b 2 ) = a stmt(b 2 ) = #2 3: return b 21
22 Runtime [min] Results only Class.forName Pure Forward Baseline Independent Inside-Out Maximum Heap Size [GB] 22
23 Runtime [min] Results all Caller Sensitive Methods Pure Forward Baseline Independent Inside-Out Maximum Heap Size [GB] 23
24 Two Synchronized/Dependent Analyses Caller Sensitive 24
25 Two Synchronized/Dependent Analyses Caller Sensitive Balanced Return Unbalanced Return 25
26 Runtime [min] Results only Class.forName Pure Forward Baseline Independent Inside-Out Dependent Inside-Out Maximum Heap Size [GB] 26
27 Runtime [min] Results all Caller Sensitive Methods Pure Forward Baseline Independent Inside-Out Dependent Inside-Out Maximum Heap Size [GB] 27
28 Summary 28
Hardening Java s Access Control by Abolishing Implicit Privilege Elevation
2017 IEEE Symposium on Security and Privacy Hardening Java s Access Control by Abolishing Implicit Privilege Elevation Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden and Mira Mezini Fraunhofer
Security SYSTEM SOFTWARE 1
Security SYSTEM SOFTWARE 1 Security Introduction Class Loader Security Manager and Permissions Summary SYSTEM SOFTWARE 2 Security Mechanisms in Java Virtual machine erroneous array accesses forbidden casts
K-Miner Uncovering Memory Corruption in Linux
K-Miner Uncovering Memory Corruption in Linux David Gens Simon Schmitt Ahmad-Reza Sadeghi Cyber Security Center (CYSEC) Technische Universität Darmstadt Lucas Davi Universität of Duisburg-Essen Why Static
CSE331: Introduction to Networks and Security. Lecture 26 Fall 2004
CSE331: Introduction to Networks and Security Lecture 26 Fall 2004 Announcements Midterm 2 will be Monday, Nov. 15 th. Covers material since midterm 1 Today: Java/C# access control model CSE331 Fall 2004
Dynamic Class Loading
Dynamic Class Loading Philippe Collet Partially based on notes from Michel Buffa Master 1 IFI Interna,onal 2012-2013 h4p://dep,nfo.unice.fr/twiki/bin/view/minfo/soceng1213 P. Collet 1 Agenda Principle
McAfee Exploit Prevention Content Release Notes New Windows Signatures
McAfee Exploit Prevention Content 7616 Release Notes 2017-03-14 Content package version for - McAfee Host Intrusion Prevention: 8.0.0.7616 Endpoint Security Exploit Prevention: 10.5.0.7616 Below is the
Java Vulnerability Analysis with JAPCT: Java. Access Permission Checking Tree
Contemporary Engineering Sciences, Vol. 7, 2014, no. 24, 1383-1388 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.49170 Java Vulnerability Analysis with JAPCT: Java Access Permission
KAIST Graduate School of Information Security SAR(Security Analysis Report)
Document # CSRC-12-03-011 Title Java Applet Vulnerability Analysis (CVE-2012-5076) Type Attack Trend Technical Analysis Specialty Analysis Data November 15, 2012 Modified November 19, 2012 Author KAIST
Secure Development After Security Bugs
Secure Development After Security Bugs Jeremy Epstein Program Manager Presentation to 1 st IEEE Cybersecurity Development Conference (SecDev) 11/03/16 Distribution Statement A. Approved for public release:
Lecture 10. Pointless Tainting? Evaluating the Practicality of Pointer Tainting. Asia Slowinska, Herbert Bos. Advanced Operating Systems
Lecture 10 Pointless Tainting? Evaluating the Practicality of Pointer Tainting Asia Slowinska, Herbert Bos Advanced Operating Systems December 15, 2010 SOA/OS Lecture 10, Pointer Tainting 1/40 Introduction
Java Security. Compiler. Compiler. Hardware. Interpreter. The virtual machine principle: Abstract Machine Code. Source Code
Java Security The virtual machine principle: Source Code Compiler Abstract Machine Code Abstract Machine Code Compiler Concrete Machine Code Input Hardware Input Interpreter Output 236 Java programs: definitions
Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java
Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java Consistent * Complete * Well Documented * Easy to Reuse * * AEC * Evaluated * ECOOP * Artifact Johannes Späth 1, Lisa Nguyen
Software Engineering Design & Construction
Winter Semester 16/17 Software Engineering Design & Construction Dr. Michael Eichberg Fachgebiet Softwaretechnik Technische Universität Darmstadt Software Product Line Engineering based on slides created
ECE 122. Engineering Problem Solving with Java
ECE 122 Engineering Problem Solving with Java Lecture 24 Exceptions Overview Problem: Can we detect run-time errors and take corrective action? Try-catch Test for a variety of different program situations
Background. Reflection. The Class Class. How Objects Work
Background Reflection Turing's great insight: programs are just another kind of data Source code is text Manipulate it line by line, or by parsing expressions Compiled programs are data, too Integers and
An Introduction to the Waratek Application Security Platform
Product Analysis January 2017 An Introduction to the Waratek Application Security Platform The Transformational Application Security Technology that Improves Protection and Operations Highly accurate.
Java Class Loading and Bytecode Verification
Java Class Loading and Bytecode Verification Every object is a member of some class. The Class class: its members are the (definitions of) various classes that the JVM knows about. The classes can be dynamically
Exploiting JRE - JRE Vulnerability: Analysis & Hunting
Exploiting JRE - JRE Vulnerability: Analysis & Hunting @Hitcon 2013 xye0x01@gmail.com nforest@live.cn About Us Xiao Lee(xye0x01),Sen Nie(nforest) SHANGHAI JIAO TONG UNIVERSITY Major in Computer Science
CSCE 314 Programming Languages
CSCE 314 Programming Languages! Reflection Dr. Hyunyoung Lee! 1 Reflection and Metaprogramming Metaprogramming: Writing (meta)programs that represent and manipulate other programs Reflection: Writing (meta)programs
Runtime Application Self-Protection (RASP) Performance Metrics
Product Analysis June 2016 Runtime Application Self-Protection (RASP) Performance Metrics Virtualization Provides Improved Security Without Increased Overhead Highly accurate. Easy to install. Simple to
Wanted: Students to participate in a user study
Wanted: Students to participate in a user study Requirements: Know how to use the Eclipse IDE Knowledge in Java development Knowledge of static analysis is not required, but it is a plus Time: 2-3 hours
Outline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
Sandboxing untrusted code: policies and mechanisms
Sandboxing untrusted code: policies and mechanisms Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2011 1 Overview Introduction Java and.net Sandboxing Runtime monitoring Information Flow Control
CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 4
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 4 Access Control Last time: Unix/Windows access control at the OS level. Access control matrix Reference monitor Today: Stack Inspection
Malicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
Don't Be Pwned: A Very Short Course on Secure Programming in Java
Don't Be Pwned: A Very Short Course on Secure Programming in Java Dean F. Sutherland & Robert Seacord & David Svoboda 2013 Carnegie Mellon University Copyright 2013 Carnegie Mellon University This material
End-Point Counter-Worm Mechanism Using Automated Software Patching. Angelos Keromytis Columbia University
End-Point Counter-Worm Mechanism Using Automated Software Patching Angelos Keromytis Columbia University angelos@cs.columbia.edu Summary End-network architecture for protecting network services against
Addressing Security In The Eclipse Core Runtime (RCP)
Addressing Security In The Eclipse Core Runtime (RCP) What is needed & how do we get there? Larry Koved, Marco Pistoia, Ted Habeck IBM T. J. Watson Research Center Hawthorne, New York Eclipse RCP is intended
Recent Java Exploitation Techniques HackPra
HackPra 19-06-2013 Matthias Kaiser (matthias.m.kaiser@daimler.com) HackPra - Recent Java Exploitation Techniques 1 about me Matthias Kaiser @matthias_kaiser working as Lead Expert Offensive Security at
Interactively Verifying Absence of Explicit Information Flows in Android Apps
Interactively Verifying Absence of Explicit Information Flows in Android Apps Osbert Bastani, Saswat Anand, and Alex Aiken Stanford University OOPSLA 2015 Problem Google Play Store > 1 million apps on
An Introduction to Runtime Application Self-Protection (RASP)
Product Analysis June 2016 An Introduction to Runtime Application Self-Protection (RASP) The Transformational Application Security Technology that Improves Protection and Operations Highly accurate. Easy
Modeling and Analyzing Security Requirements for Java
Modeling and Analyzing Security Requirements for Java A Major Qualifying Project Submitted to the Faculty of Worcester Polytechnic Institute In partial fulfilment of the requirements for the Degree of
Decomposition Instead of Self- Composition for Proving the Absence of Timing Channels
Decomposition Instead of Self- Composition for Proving the Absence of Timing Channels PLDI June 20th, 2017 Timos Antonopoulos, Yale Paul Gazzillo, Yale Michael Hicks, UMD Eric Koskinen, Yale Tachio Terauchi,
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages Kangjie Lu, Chengyu Song, Taesoo Kim, Wenke Lee School of Computer Science, Georgia Tech Any Problem Here? /* File: drivers/usb/core/devio.c*/
Data Structure. Recitation IV
Data Structure Recitation IV Topic Java Generics Java error handling Stack Lab 2 Java Generics The following code snippet without generics requires casting: List list = new ArrayList(); list.add("hello");
Android Kernel Security
Jeff Vander Stoep and Sami Tolvanen Android Kernel Security Linux Security Summit Aug 2018 Acknowledgements People who have reported security vulnerabilities to Android security: https://source.android.com/security/overview/acknowledgements
SafeDispatch Securing C++ Virtual Calls from Memory Corruption Attacks by Jang, Dongseok and Tatlock, Zachary and Lerner, Sorin
SafeDispatch Securing C++ Virtual Calls from Memory Corruption Attacks by Jang, Dongseok and Tatlock, Zachary and Lerner, Sorin in NDSS, 2014 Alexander Hefele Fakultät für Informatik Technische Universität
Saving Time and Costs with Virtual Patching and Legacy Application Modernizing
Case Study Virtual Patching/Legacy Applications May 2017 Saving Time and Costs with Virtual Patching and Legacy Application Modernizing Instant security and operations improvement without code changes
InvokeDynamic support in Soot
InvokeDynamic support in Soot Eric Bodden Secure Software Engineering Group European Center for Security and Privacy by Design (EC SPRIDE) Technische Universität Darmstadt Darmstadt, Germany eric.bodden@ec-spride.de
1. GOALS and MOTIVATION
AppSeer: Discovering Interface Defects among Android Components Vincenzo Chiaramida, Francesco Pinci, Ugo Buy and Rigel Gjomemo University of Illinois at Chicago 4 September 2018 Slides by: Vincenzo Chiaramida
Lecture 20. Java Exceptional Event Handling. Dr. Martin O Connor CA166
Lecture 20 Java Exceptional Event Handling Dr. Martin O Connor CA166 www.computing.dcu.ie/~moconnor Topics What is an Exception? Exception Handler Catch or Specify Requirement Three Kinds of Exceptions
Security and the.net Framework
Security and the.net Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other
Security and the.net Framework
Security and the.net Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other
CS Algorithms and Complexity
CS 350 - Algorithms and Complexity Graph Theory, Midterm Review Sean Anderson 2/6/18 Portland State University Table of contents 1. Graph Theory 2. Graph Problems 3. Uninformed Exhaustive Search 4. Informed
Information-Flow Analysis of Android Applications in DroidSafe
Information-Flow Analysis of Android Applications in DroidSafe Michael I. Gordon, Deokhwan Kim, Jeff Perkins, and Martin Rinard MIT CSAIL Limei Gilham Kestrel Institute Nguyen Nguyen Global InfoTek, Inc.
UNDEFINED BEHAVIOR IS AWESOME
UNDEFINED BEHAVIOR IS AWESOME Piotr Padlewski piotr.padlewski@gmail.com, @PiotrPadlewski ABOUT MYSELF Currently working in IIIT developing C++ tooling like clang-tidy and studying on University of Warsaw.
Challenges updating your code to work with Java 9 Jigsaw
Challenges updating your code to work with Java 9 Jigsaw Uwe Schindler Apache Lucene PMC & Apache Software Foundation Member uschindler@apache.org https://www.thetaphi.de, http://blog.thetaphi.de @ThetaPh1
jgap freetts gruntspud jedit columba jfreechart
SQL injections 100% 80% 60% 40% 20% 0% jgap freetts gruntspud jedit columba jfreechart !" #$ %& "" '( ()(* +, - ./0 static Class Class.forName(String classname) java.lang.class 0 +**Class.forName( java.lang.string
Binary heaps (chapters ) Leftist heaps
Binary heaps (chapters 20.3 20.5) Leftist heaps Binary heaps are arrays! A binary heap is really implemented using an array! 8 18 29 20 28 39 66 Possible because of completeness property 37 26 76 32 74
Tech Announcement 2018_1
Tech Announcement 2018_1 Windows updates cause data communication problems with zenon www.copadata.com pm@copadata.com History Date Comment 09.01.2018 Document Version 1 16.01.2018 Document Version 2 19.02.2018
Finding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
Oracle BI 11g R1: Build Repositories
Oracle University Contact Us: 02 6968000 Oracle BI 11g R1: Build Repositories Duration: 5 Days What you will learn This course provides step-by-step procedures for building and verifying the three layers
Understanding ClassLoaders WebSphere 5.1, 6.0 and 6.1
IBM Software Group Understanding ClassLoaders WebSphere 5.1, 6.0 and 6.1 Speaker: Paul Van Norman WebSphere Support Technical Exchange Agenda Classloader overview Classloader delegation mode & policies
CMPSC 497: Static Analysis
CMPSC 497: Static Analysis Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Page 1 Our Goal In this course,
Automatically Identifying Critical Input and Code Regions in Applications
Automatically Identifying Critical Input and Code Regions in Applications Michael Carbin and Martin Rinard Massachusetts Institute of Technology! Computer Science and Artificial Intelligence Laboratory
COMP : Trees. COMP20012 Trees 219
COMP20012 3: Trees COMP20012 Trees 219 Trees Seen lots of examples. Parse Trees Decision Trees Search Trees Family Trees Hierarchical Structures Management Directories COMP20012 Trees 220 Trees have natural
Java Internals. Frank Yellin Tim Lindholm JavaSoft
Java Internals Frank Yellin Tim Lindholm JavaSoft About This Talk The JavaSoft implementation of the Java Virtual Machine (JDK 1.0.2) Some companies have tweaked our implementation Alternative implementations
Module: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
CO 445H SECURE DESIGN PRINCIPLES JAVA SECURITY ROP AND ADVANCED EXPLOITS. Dr. Ben Livshits
CO 445H SECURE DESIGN PRINCIPLES JAVA SECURITY ROP AND ADVANCED EXPLOITS Dr. Ben Livshits 2 Some Survey Responses Sunsetting Google+ 3 https://www.blog.google/technology/safety-security/project-strobe/
Security Vulnerability Notice
Security Vulnerability Notice SE-2013-01-ORACLE-2 [Security vulnerabilities in Oracle Java Cloud Service, Issues 29-30] DISCLAIMER INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY
Oracle Critical Patch Updates: Insight and Understanding. Stephen Kost Integrigy Corporation
Oracle Critical Patch Updates: Insight and Understanding Stephen Kost Integrigy Corporation Introduction Stephen Kost Chief Technology Officer of Integrigy Corporation 11 years experience with Oracle Applications
Java RMI. Algorithmen und Programmierung V Netzprogrammierung. Volker Roth. Wintersemester 2009/2010. Institut für Informatik Freie Universität Berlin
Java RMI Algorithmen und Programmierung V Netzprogrammierung Volker Roth Institut für Informatik Freie Universität Berlin Wintersemester 2009/2010 Overview 1. Factory design pattern 2. Codebases 3. Remote
Waratek Runtime Protection Platform
Waratek Runtime Protection Platform Cirosec TrendTage - March 2018 Waratek Solves the Application Security Problems That No One Else Can Prateep Bandharangshi Director of Client Security Solutions March,
SECURE INTEGRATION OF CRYPTOGRAPHIC SOFTWARE
SECURE INTEGRATION OF CRYPTOGRAPHIC SOFTWARE Speaker: Stefan Krüger Folie 1 When a Developer Uses a Crypto API Uses Electronic Codebook (ECB) Folie 2 The Average Developer is no Crypto Expert 88% of Android
Fast and Scalable Static Analysis using Deterministic Concurrency
DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2017 Fast and Scalable Static Analysis using Deterministic Concurrency PATRIK ACKLAND KTH ROYAL INSTITUTE
CS102 Binary Search Trees
CS102 Binary Search Trees Prof Tejada 1 To speed up insertion, removal and search, modify the idea of a Binary Tree to create a Binary Search Tree (BST) Binary Search Trees Binary Search Trees have one
Introduction to Programming Using Java (98-388)
Introduction to Programming Using Java (98-388) Understand Java fundamentals Describe the use of main in a Java application Signature of main, why it is static; how to consume an instance of your own class;
Refinement-Based Context-Sensitive Points-To Analysis for Java
Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodík UC Berkeley PLDI 2006 1 What Does Refinement Buy You? Increased scalability: enable new clients Memory: orders
Chapter 3.4: Exceptions
Introduction to Software Security Chapter 3.4: Exceptions Loren Kohnfelder loren.kohnfelder@gmail.com Elisa Heymann elisa@cs.wisc.edu Barton P. Miller bart@cs.wisc.edu Revision 1.0, December 2017. Objectives
Inference of Memory Bounds
Research Review 2017 Will Klieber, software security researcher Joint work with Will Snavely public release and unlimited distribution. 1 Copyright 2017 Carnegie Mellon University. All Rights Reserved.
Secure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
BEAJRockit SDK. Using the Monitoring and Management APIs
BEAJRockit SDK Using the Monitoring and Management APIs Version 1.4.2 April 2004 Copyright Copyright 2003 BEA Systems, Inc. All Rights Reserved. Restricted Rights Legend This software and documentation
Google App Engine (GAE)
Google App Engine (GAE) It is possible to run, least, a simple Struts 2 applicion on GAE with a little work. Namely, you need to tell OGNL to not do security manager permission checks, which will fail
Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015
Monitoring Hypervisor Integrity at Runtime Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Motivation - Server Virtualization Trend x86 servers were virtualized
Identity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
Bionic. Christoph. Code analysis, quality and security overview. July 26 th 2017
Bionic Code analysis, quality and security overview Christoph July 26 th 2017 stat /proc/self PhD on reflective OS architectures FOSS enthusiast (Linux fan since kernel 0.95) Tech support @ FraLUG (including
IOActive Security Advisory
IOActive Security Advisory Title Severity Discovered by Protocol Handling Issues in X Window System Servers Medium/High Ilja van Sprundel Advisory Date December 9, 2014 Affected Products Impact 1. X server
Karthik Bharathy Program Manager, SQL Server Microsoft
Karthik Bharathy Program Manager, SQL Server Microsoft Key Session takeaways Understand the many views of SQL Server Look at hardening SQL Server At the network level At the access level At the data level
Lecture Embedded System Security
Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2011 Overview Introduction Android Software Stack Android
Application Virtualization and Desktop Security
Application Virtualization and Desktop Security Karl MacMillan kmacmillan@tresys.com Tresys Technology 1 Application Virtualization Introduction Encapsulates a single application Bundles application into
2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
Name: Class: Date: 2. Today, a bug refers to any sort of problem in the design and operation of a program.
Name: Class: Date: Chapter 6 Test Bank True/False Indicate whether the statement is true or false. 1. You might be able to write statements using the correct syntax, but be unable to construct an entire,
Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
SECURITY ADVISORY Processor based Speculative Execution Vulnerabilities AKA Spectre and Meltdown Version 1.4 Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
INF 212 ANALYSIS OF PROG. LANGS PROCEDURES & FUNCTIONS. Instructors: Kaj Dreef Copyright Instructors.
INF 212 ANALYSIS OF PROG. LANGS PROCEDURES & FUNCTIONS Instructors: Kaj Dreef Copyright Instructors. Subroutines aka Procedures Historically: blocks of instructions executed several times during program
MCAFEE FOUNDSTONE FSL UPDATE
2018-JAN-15 FSL version 7.5.994 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary
Formal Methods for Java
Formal Methods for Java Lecture 17: Advanced Key Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg December 21, 2011 Jochen Hoenicke (Software Engineering) Formal Methods for Java
CS313D: ADVANCED PROGRAMMING LANGUAGE
CS313D: ADVANCED PROGRAMMING LANGUAGE Computer Science Department Lecture 3: C# language basics Lecture Contents 2 C# basics Conditions Loops Methods Arrays Dr. Amal Khalifa, Spr 2015 3 Conditions and
CMPSC 497: Java Security
CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Enforcement Mechanisms Static mechanisms
School of Informatics, University of Edinburgh
CS1Ah Lecture Note 29 Streams and Exceptions We saw back in Lecture Note 9 how to design and implement our own Java classes. An object such as a Student4 object contains related fields such as surname,
Pointer Analysis in the Presence of Dynamic Class Loading. Hind Presented by Brian Russell
Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan and Michael Hind Presented by Brian Russell Claim: First nontrivial pointer analysis dealing with all Java language features
Breaking Apart the Monolith with Modularity and Microservices CON3127
Breaking Apart the Monolith with Modularity and Microservices CON3127 Neil Griffin Software Architect, Liferay Inc. Specification Lead, JSR 378 Portlet 3.0 Bridge for JavaServer Faces 2.2 Michael Han Vice
Mitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVM Apostolos Giannakidis @cyberapostle BSides Luxembourg 20th October 2017 1 Who is BACKGROUND Security Architect at Waratek AppSec Runtime protection
CS111: PROGRAMMING LANGUAGE II
CS111: PROGRAMMING LANGUAGE II Computer Science Department Lecture 1(c): Java Basics (II) Lecture Contents Java basics (part II) Conditions Loops Methods Conditions & Branching Conditional Statements A
Lessons Learned Implementing StreamBase. Matt Fowles StreamBase Systems JVM Languages 2012
Lessons Learned Implementing StreamBase Matt Fowles StreamBase Systems JVM Languages 2012 Agenda What is StreamBase? Lessons Learned Spaghetti code is bad; Spaghetti code generation is worse Choose between
r = obj2.m( 0, 1 ); s = obj2.f; r = obj2.m( ); r = obj2.anothermethod( 0, 1 ); s = obj2.anotherfield;
REFLECTION ! Objects(access(fields( and(methods(of(other( objects((! A(safe(language( detects(situa7ons( where(the(receiver( object(does(not(have( the(accessed(field(or( method((! Type(systems(can(be(
RBS Rockwell Automation FactoryTalk Services Platform RNADiagnostics Module Missing Size Field Validation Remote Denial of Service.
RBS 2013 002 Rockwell Automation FactoryTalk Services Platform RNADiagnostics Module Missing Size Field Validation Remote Denial of Service 1 of 7 Table of Contents Table of Contents 2 About Risk Based
School of Informatics, University of Edinburgh
CS1Bh Solution Sheet 4 Software Engineering in Java This is a solution set for CS1Bh Question Sheet 4. You should only consult these solutions after attempting the exercises. Notice that the solutions
Meltdown or "Holy Crap: How did we do this to ourselves" Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory
Meltdown or "Holy Crap: How did we do this to ourselves" Abstract Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory locations Breaks all security assumptions given
Vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder
Vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder What is a vulnerability? Management information stored in-band with regular information? Programming the weird machine?