Security when applications become web sites
|
|
- Paula Newton
- 5 years ago
- Views:
Transcription
1 1/20 Security when applications become web sites Andrea Bittau, Arti Gupta, and David Mazières April 30, 2010
2 Web and apps perceived differently 2/20 Users know software can do bad things. Conservative: only install trusted software. Users believe web sites cannot do bad things to system. Liberal about visiting dubious web sites.
3 Web and apps converging 3/20 The Web s evolution: rich apps (e.g., Gmail, games) Ever increasing functionality and performance demand. Security problems will only get worse. Browser becoming platform for running applications Gmail Google Docs Flash game
4 NaCl: run x86 in browser Google Native Client run x86 code in browser: High performance. Easy porting of legacy code. 4/20 Quake 91,582 LoC
5 NaCl: run x86 in browser, securely 5/20 Problem: how to sandbox x86 code? /etc/passwd quake.nexe mov $0, %ecx # O_RDONLY mov "/etc/passwd", %ebx mov $5, %eax # open int $0x80 # syscall Solution: 1 Compile code to verifiable form. 2 Verify code prior to launch. quake.c nacl-gcc quake.nexe sel ldr
6 Our work: add syscalls, securely 6/20 Problem: how to securely allow syscalls? game1.sav quake.nexe Quake server
7 Our work: add syscalls, securely 6/20 Problem: how to securely allow syscalls? game1.sav quake.nexe Quake server
8 Our work: add syscalls, securely 6/20 Problem: how to securely allow syscalls? game1.sav quake.nexe /etc/passwd smtp.victim.com Quake server Challenge: figure out policy and enforce it
9 Motivating examples 7/20 Quake Online gaming. VOIP client Live support while shopping online. Peer-to-peer streaming video player No need for server bandwidth. Photo editor and publisher No need for server CPU expense.
10 Example: Hypothetical Flickr 8/20 1. Visit Flickr s NaCl web site 2. Choose file to upload 3. Edit picture 4. Upload!
11 Architecture 9/20 browser Apps Policy modules NaCl sandbox API Kernel
12 User actions specify user s intent 10/20 Security: carry out user intentions and nothing more. User wants to open pic.jpg User expects app will read pic.jpg User action: select pic.jpg via file chooser.
13 User actions grant privileges 11/20 Give applications privileges based on user actions [Karp06] Endorsement filechooser:///pic.jpg Policy module Privilege read:///pic.jpg User action File chooser Textbox Link text Button Example of possible capability granted Read file Allow connection to host Allow connection to peers specified in torrent file obtained from link Allow microphone access Policy modules: generic and small (e.g., bittorrent 100 LoC)
14 Trusted UI gives user action proof 12/20 Code add trusted(textbox, "SMTP server"); User interface displayed Endorsements ( privileges) textbox://smtp server/smtp.com tcp://smtp.com:25
15 Trusted UI gives user action proof 12/20 Code add trusted(textbox, "SMTP server"); add trusted(textbox, "Type warez.com to continue"); User interface displayed Endorsements ( privileges) textbox://smtp server/smtp.com tcp://smtp.com:25 textbox://type warez.com to continue/warez.com
16 Allow controlled sharing using IFC 13/20 flickr.com flickr.nexe pass.txt pic.jpg
17 Allow controlled sharing using IFC 13/20 How to allow sharing data, and avoid exfiltration? flickr.com stats.com flickr.nexe desksearch.nexe pass.txt pic.jpg index.db
18 Allow controlled sharing using IFC 13/20 How to allow sharing data, and avoid exfiltration? flickr.com stats.com search.com flickr.nexe desksearch.nexe websearch.nexe pass.txt pic.jpg index.db
19 Allow controlled sharing using IFC 13/20 How to allow sharing data, and avoid exfiltration? flickr.com stats.com search.com flickr.nexe desksearch.nexe websearch.nexe pass.txt pic.jpg index.db
20 Allow controlled sharing using IFC 13/20 How to allow sharing data, and avoid exfiltration? flickr.com stats.com search.com flickr.nexe desksearch.nexe websearch.nexe pass.txt pic.jpg index.db Need Information Flow Control (IFC).
21 Track data and control export 14/20 To prevent data disclosure: 1 Label data. 2 Taint processes that hold labeled data. 3 Deny tainted processes from talking to network. flickr.com stats.com search.com flickr.nexe desksearch.nexe websearch.nexe pic.jpg index.db
22 Track data and control export 14/20 To prevent data disclosure: 1 Label data. 2 Taint processes that hold labeled data. 3 Deny tainted processes from talking to network. flickr.com stats.com search.com flickr.nexe desksearch.nexe websearch.nexe pic.jpg index.db
23 Track data and control export 14/20 To prevent data disclosure: 1 Label data. 2 Taint processes that hold labeled data. 3 Deny tainted processes from talking to network. flickr.com stats.com search.com flickr.nexe desksearch.nexe websearch.nexe pic.jpg index.db
24 Track data and control export 14/20 To prevent data disclosure: 1 Label data. 2 Taint processes that hold labeled data. 3 Deny tainted processes from talking to network. flickr.com stats.com search.com flickr.nexe desksearch.nexe websearch.nexe pic.jpg index.db
25 Labels control information flow 15/20 Red on previous slide represents a category of taint. Category An arbitrary string, e.g., secret. Label A set of integrity and secrecy categories. desksearch.nexe S [flickr video], I [] pic.jpg S [flickr], I [flickr] stats.com S [], I [] Information can flow from x to y if: Secrecy categories of x y. Integrity categories of y x.
26 Category owners control data export 16/20 Category owners can export data. They can remove owned categories from their label. pic.jpg S [flickr], I [flickr] flickr.nexe S [flickr], I [flickr] O [flickr] flickr.com S [], I [] NaCl applications own the following categories: Category HTTP origin Hash of app binary Certificate that signed app Allows sharing between in same page Instances of same application from same vendor
27 Telephoning from your browser 17/20 Make and receive calls from your browser: Live phone support while shopping online. Sales callbacks. NaCl benefits: Can reuse SIP libraries: 347,501 LoC. Need performance for audio codecs.
28 Client-based video streaming 18/20 Watch and stream videos using bittorrent. No need for server bandwidth. High performance for video codecs. Security requirements: Restrict network traffic to bittorrent peers. Restrict disk access to bittorrent files. movie.torrent: tracker.com:
29 NaCl bittaurent player 19/20 Policy module tracker.nexe (100 LoC; cf. 327,000 untrusted): Connects only to trackers authorized by user. Grants privileges only for IPs returned by tracker. bitplayer.nexe S [], I [] tracker.nexe S [], I []
30 NaCl bittaurent player 19/20 Policy module tracker.nexe (100 LoC; cf. 327,000 untrusted): Connects only to trackers authorized by user. Grants privileges only for IPs returned by tracker. bitplayer.nexe S [], I [[click://rocky]] tracker.nexe S [], I []
31 NaCl bittaurent player 19/20 Policy module tracker.nexe (100 LoC; cf. 327,000 untrusted): Connects only to trackers authorized by user. Grants privileges only for IPs returned by tracker. get rocky bitplayer.nexe OK S [], I [[click://rocky], [tcp:// ], [tcp:// ], [tcp:// ]] tracker.nexe S [], I [] tracker.com:
32 NaCl bittaurent player Policy module tracker.nexe (100 LoC; cf. 327,000 untrusted): Connects only to trackers authorized by user. Grants privileges only for IPs returned by tracker. 19/20 bitplayer.nexe S [], I [[click://rocky], [tcp:// ], [tcp:// ], [tcp:// ]] get rocky OK get evil NO! tracker.nexe S [], I [] tracker.com: evil.com:
33 Summary 20/20 Convergence of applications and web sites is inevitable. Web apps need more performance and functionality. Threatens to undermine already tenuous browser security. Information flow control transcends complex module interactions. Infer user s intent from actions. 1 User action generates endorsement. 2 Policy modules translate endorsements to privileges.
Sandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018
Sandboxing CS-576 Systems Security Instructor: Georgios Portokalidis Sandboxing Means Isolation Why? Software has bugs Defenses slip Untrusted code Compartmentalization limits interference and damage!
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More information6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014
6.858 Quiz 2 Review Android Security Haogang Chen Nov 24, 2014 1 Security layers Layer Role Reference Monitor Mandatory Access Control (MAC) for RPC: enforce access control policy for shared resources
More informationISOLATION DEFENSES GRAD SEC OCT
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Setting Possibly with multiple tenants OS: users / processes Browser: webpages / browser extensions Cloud:
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationMaxoid: Transparently Confining Mobile Applications with Custom Views of State
Maxoid: Transparently Confining Mobile Applications with Custom Views of State Yuanzhong Xu and Emmett Witchel University of Texas at Austin 4/24/2015 Bordeaux, France Focus of this work Security problems:
More informationTolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationShowNTell - An easy-to-use tool for answering students questions with voiceover
+ ShowNTell - An easy-to-use tool for answering students questions with voiceover recording Dr BHOJAN ANAND LIFT & TEG Grant: Start date: June 2014 End date: Dec 2015 + ShowNTell Problem Statement & Motivation
More informationSECURING SOFTWARE AGAINST LIBRARY ATTACKS
SECURING SOFTWARE AGAINST LIBRARY ATTACKS Roland Yap School of Computing National University of Singapore ryap@comp.nus.edu.sg Session ID: DAS W05 Session Classification: Advanced Untrusted Libraries Software
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationOnce you have entered your Google and password, you can click the Sign In button to continue.
Slide 1 Welcome to the Creating and Uploading with Google Docs Tutorial. Google Docs allows you to create documents, spreadsheets, presentations, draw pictures, create forms, and much more directly within
More informationGetting Started Guide. Version January 4, 2015
Getting Started Guide Version 2.9.1 January 4, 2015 2. Entering the Scheduled Meeting Room and Joining the Conference Participants enter the room: Note: If Moderator publishes the meeting (via Advanced
More information4. Jump to *RA 4. StackGuard 5. Execute code 5. Instruction Set Randomization 6. Make system call 6. System call Randomization
04/04/06 Lecture Notes Untrusted Beili Wang Stages of Static Overflow Solution 1. Find bug in 1. Static Analysis 2. Send overflowing input 2. CCured 3. Overwrite return address 3. Address Space Randomization
More informationWedge: Splitting Applications into Reduced-Privilege Compartments
Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko Mark Handley Brad Karp University College London April 17, 2008 Vulnerabilities threaten sensitive data Exploits
More informationProtocols and Layers. Networked Systems (H) Lecture 2
Protocols and Layers Networked Systems (H) Lecture 2 This work is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/4.0/
More informationStefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology
Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology One of the most popular application platforms Easy to deploy and access Almost anything
More informationConfiguring Web services
Configuring Web services (Week 15, Monday 4/17/2006) Abdou Illia, Spring 2006 1 Learning Objectives Install FTP & NNTP Services Configure FTP sites Configure Web sites 70-216:8 @0-13:16/28:39 2 Internet
More informationSecurity as a Architectural Concern, Chrome Arch, and NFP Measurement Reid Holmes
Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice - Krzysztof Czarnecki Security as a Architectural Concern, Chrome Arch, and NFP Measurement Reid Holmes
More informationLecture 17: Peer-to-Peer System and BitTorrent
CSCI-351 Data communication and Networks Lecture 17: Peer-to-Peer System and BitTorrent (I swear I only use it for Linux ISOs) The slide is built with the help of Prof. Alan Mislove, Christo Wilson, and
More informationCyberLink. Screen Recorder 4. User's Guide
CyberLink Screen Recorder 4 User's Guide Copyright and Disclaimer All rights reserved. To the extent allowed by law, Screen Recorder IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
More informationSugar: Secure GPU Acceleration in Web Browsers
Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao, Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1 WebGL was released in 2011 2 Source:
More informationProtocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017
CSC 401 Data and Computer Communications Networks Protocol Layers, Security Sec:1.5-1.6 Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017 Outline Computer Networks and the Internet (Ch 1) 1.1
More informationA Haskell and Information Flow Control Approach to Safe Execution of Untrusted Web Applications
A Haskell and Information Flow Control Approach to Safe Execution of Untrusted Web Applications Deian Stefan Stanford University April 11, 2011 Joint work with David Mazières, Alejandro Russo, Daniel B.
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationtcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
tcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt the vast majority of TCP traffic? Performance
More informationApril 14, 2018 Product Release Notes. Brainshark Coaching Machine Analysis with Topic Detection and Machine Scoring (Limited Release/BETA)
NEW April 14, 2018 Product Release Notes Brainshark Coaching Machine Analysis with Topic Detection and Machine Scoring (Limited Release/BETA) Machine Analysis with Topic Detection is a new component of
More informationWebcaster Frequently Asked Questions
FAQs Webcaster Frequently Asked Questions Getting Started At a minimum, what do I need to start a live webcast? A live webcast requires a live audio/video source. This could be a webcam, an external video
More informationIdentity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
More informationThe case for ubiquitous transport-level encryption
1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt
More information3.2 COMMUNICATION AND INTERNET TECHNOLOGIES
3.2 COMMUNICATION AND INTERNET TECHNOLOGIES 3.2.1 PROTOCOLS PROTOCOL Protocol a set of rules governing the way that devices communicate with each other. With networks and the Internet, we need to allow
More informationTCP Meets Mobile Code
The Key Idea TCP Meets Mobile Code! Transport protocols, such as TCP, need a better upgrade mechanism Parveen Patel Jay Lepreau (Univ. of Utah) David Wetherall Andrew Whitaker (Univ. of Washington)! Untrusted
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationMultimedia Networking
CE443 Computer Networks Multimedia Networking Behnam Momeni Computer Engineering Department Sharif University of Technology Acknowledgments: Lecture slides are from Computer networks course thought by
More informationEfficient Software Based Fault Isolation. Software Extensibility
Efficient Software Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham Software Extensibility Operating Systems Kernel modules Device drivers Unix vnodes Application Software
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationOperating Systems. Part 8. Operating Systems. What is an operating system? Interact with Applications. Vector Tables. The master software
Part 8 Operating Systems Operating Systems The master software Operating Systems What is an operating system? Master controller for all of the activities that take place within a computer Basic Duties:
More informationEmbedded Management Interfaces
Stanford Computer Security Lab Embedded Management Interfaces Emerging Massive Insecurity Stanford Computer Security Lab What this talk is about? What this talk is about? Massively deployed devices What
More informationWorldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System
Your world, Secured 2016 Worldwide Release System Overview Wi-Fi interception system is developed for police operations and searching of information leaks in the office premises, government agencies and
More informationSandboxing untrusted code: policies and mechanisms
Sandboxing untrusted code: policies and mechanisms Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2011 1 Overview Introduction Java and.net Sandboxing Runtime monitoring Information Flow Control
More informationReal Time, Secure Collaboration
Real Time, Secure Collaboration Michael Meeks General Manager michael.meeks@collabora.com Skype - mmeeks, G+ - mejmeeks@gmail.com LibreOffice Conference 2015, Aarhus Michael Meeks www.collaboraoffice.com
More informationSalesforce.com Summer '10 Release Notes
Salesforce.com: Summer '10 Salesforce.com Summer '10 Release Notes Last updated: July 20, 2010 Copyright 2000-2010 salesforce.com, inc. All rights reserved. Salesforce.com is a registered trademark of
More informationWhat s Over-The-Top (OTT) voice and SMS?
What s Over-The-Top (OTT) voice and SMS? OTT refers to services being carried over the top of another carrier s network, without the provider being actively involved in the network s operations. The openness
More informationof WebRTC-based Video Conferencing
Performance Evaluation of WebRTC-based Video Conferencing Delft University of Technology Bart Jansen Fernando Kuipers Columbia University Timothy Goodwin Varun Gupta Gil Zussman IFIP WG 7.3 Performance
More information"The Internet. All the piracy and none of the scurvy." -- Anonymous
Bridges To Computing General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use this presentation to promote
More informationPolaris Under the Hood. Prepared by: Wes Osborn
Polaris Under the Hood Prepared by: Wes Osborn Overview Client Communication Kerberos Authentication SQL Profiler SIP Service !! WARNING!! Help -> About Where to start Click on the Application Server link
More informationPAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY:
PAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY: K.VENU 10JE1A0555 Venu0555@gmail.com B.POTHURAJU 10JE1A0428 eswr10je1a0410@gmail.com ABSTRACT early prototypes, basic building blocks of an android
More informationApplication Notes for Polycom Trio Conference Phones and Avaya IP Office TM Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Polycom Trio Conference Phones and Avaya IP Office TM Issue 1.0 Abstract These Application Notes describe the procedures for configuring
More informationIPv6 at Google. Lorenzo Colitti
IPv6 at Google Lorenzo Colitti lorenzo@google.com Why? IPv4 address space predictions (G. Huston) To put it into perspective... Iljitsch van Beijnum, Ars Technica Why IPv6? Cost Buying addresses will be
More informationPolicy Based Device Access Security Position Paper to Device Access Policy Working Group
1 (8) Policy Based Device Access Security Position Paper to Device Access Policy Working Group 2 (8) 1. INTRODUCTION Nokia has implemented a policy-based device access security model for its Web runtime
More informationThis is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett.
This is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett. For more information or to buy the paperback or ebook editions, visit
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More informationIntroduction to the Application Layer. Computer Networks Term B14
Introduction to the Application Layer Computer Networks Term B14 Intro to Application Layer Outline Current Application Layer Protocols Creating an Application Application Architectures Client-Server P2P
More informationCS261 Scribe Notes: Secure Computation 1
CS261 Scribe Notes: Secure Computation 1 Scriber: Cameron Rasmussen October 24, 2018 1 Introduction It is often the case that code is being run locally on our system that isn t completely trusted, a prime
More informationMobile Peer-to-Peer Business Models T Network Services Business Models. Mikko Heikkinen
Mobile Peer-to-Peer Business Models T-109.4300 Network Services Business Models Mikko Heikkinen 26.03.2009 Outline Definitions What is peer-to-peer? What is mobile peer-to-peer? Motivation STOF and MP2P
More informationIdentity Management and WebRTC
Identity Management and WebRTC 10/30/2014 Title Version No: 0.1/ Status: DRAFT Email: peter.dunkley@acision.com Twitter: @pdunkley 1 Acision at-a-glance Heritage & history 20 year history 270 customers
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationHow to send flickr photos to adt touch screen
P ford residence southampton, ny How to send flickr photos to adt touch screen InformationWeek.com: News, analysis and research for business technology professionals, plus peer-to-peer knowledge sharing.
More informationHow to Make a Two Button Communication Board for Go Talk Now By Rebecca Mcguffin
Rebecca McGuffin EIPT 5513 Needs Analysis Handout April 3, 2015 How to Make a Two Button Communication Board for Go Talk Now By Rebecca Mcguffin 1 How to Make a Two Button Communication Board for 1. This
More informationWeb & Automotive. Paris, April Dave Raggett
Web & Automotive Paris, April 2012 Dave Raggett 1 Aims To discuss potential for Web Apps in cars Identify what kinds of Web standards are needed Discuss plans for W3C Web & Automotive Workshop
More informationStart Here. Accessing Cisco Show and Share. Prerequisites CHAPTER
CHAPTER 1 Revised: May 31, 2011 Accessing Cisco Show and Share, page 1-1 Cisco Show and Share Quick Start, page 1-4 Sign In to Cisco Show and Share, page 1-20 Set Your Personal Preferences, page 1-22 Accessing
More informationApplication Layer: P2P File Distribution
Application Layer: P2P File Distribution EECS 3214 Slides courtesy of J.F Kurose and K.W. Ross, All Rights Reserved 29-Jan-18 1-1 Chapter 2: outline 2.1 principles of network applications 2.2 Web and HTTP
More informationThe case for ubiquitous transport level encryption. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt all the traffic on the Internet,
More informationSecuring Untrusted Code
Securing Untrusted Code Untrusted Code May be untrustworthy Intended to be benign, but may be full of vulnerabilities These vulnerabilities may be exploited by attackers (or other malicious processes)
More informationYour Apps and the Future of macos Security
#WWDC18 Your Apps and the Future of macos Security Pierre-Olivier Martel, Security Engineering Manager Kelly Yancey, OS Security Garrett Jacobson, Trusted Execution 2018 Apple Inc. All rights reserved.
More informationCS378 -Mobile Computing. What's Next?
CS378 -Mobile Computing What's Next? Fragments Added in Android 3.0, a release aimed at tablets A fragment is a portion of the UI in an Activity multiple fragments can be combined into multi-paned UI fragments
More informationGoogle Docs: Access, create, edit, and print
Google Docs: Access, create, edit, and print There are several kinds of Google documents: Docs, Sheets, Slides, Drawings, and Forms. We ll use a basic Google Doc to show you how to get started with various
More informationIGME-330. Rich Media Web Application Development I Week 1
IGME-330 Rich Media Web Application Development I Week 1 Developing Rich Media Apps Today s topics Tools we ll use what s the IDE we ll be using? (hint: none) This class is about Rich Media we ll need
More informationMobility best practice. Tiered Access at Google
Mobility best practice Tiered Access at Google How can IT leaders enable the productivity of employees while also protecting and securing corporate data? IT environments today pose many challenges - more
More informationMore performance options
More performance options OpenCL, streaming media, and native coding options with INDE April 8, 2014 2014, Intel Corporation. All rights reserved. Intel, the Intel logo, Intel Inside, Intel Xeon, and Intel
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationIntroduction to the Internet. Part 1. What is the Internet?
Introduction to the Internet Part 1 What is the Internet? A means of connecting a computer to any other computer anywhere in the world via dedicated routers and servers. When two computers are connected
More informationDefinition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
More informationLecture Notes for 04/04/06: UNTRUSTED CODE Fatima Zarinni.
Lecture Notes for 04/04/06 UNTRUSTED CODE Fatima Zarinni. Last class we started to talk about the different System Solutions for Stack Overflow. We are going to continue the subject. Stages of Stack Overflow
More informationJUGAT Adobe Technology Platform for Rich Internet Applications
JUGAT Adobe Technology Platform for Rich Internet Applications Dieter Hovorka Sr.Systems Engineer Technical Sales dieter.hovorka@adobe.com May 2008 2006 Adobe Systems Incorporated. All Rights Reserved.
More informationTelnet & FTP. Department of Educational Multimedia Faculty of Education
Telnet & FTP Department of Educational Multimedia Faculty of Education TCP/IP Applications World Wide Web's Hypertext Transfer Protocol (HTTP) Simple Mail Transfer Protocol (SMTP) File Transfer Protocol
More informationCSE 227 Computer Security Spring 2010 S f o t ftware D f e enses I Ste St f e an f Sa v Sa a v g a e g
CSE 227 Computer Security Spring 2010 Software Df Defenses I Stefan Savage Kinds of defenses Eliminate violation of runtime model Better languages, code analysis Don t allow bad input Input validation
More informationTrusted Computing and O/S Security
Computer Security Spring 2008 Trusted Computing and O/S Security Aggelos Kiayias University of Connecticut O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationKeep Calm and Call On! IBM Sametime Communicate Softphone Made Simple. Frank Altenburg, IBM
Keep Calm and Call On! IBM Sametime Communicate Softphone Made Simple Frank Altenburg, IBM Agenda Voice and Video an effective way to do business! Sametime Softphone Computer is your phone! Sametime Voice
More informationUsing the Cisco Unified Videoconferencing 5000 MCU
2 CHAPTER Using the Cisco Unified Videoconferencing 5000 MCU This section describes how to create, join and manage video conferences on the MCU. Cisco Unified Videoconferencing 5000 MCU Access Levels,
More informationTrusted Computing and O/S Security. Aggelos Kiayias Justin Neumann
Trusted Computing and O/S Security Aggelos Kiayias Justin Neumann O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each layer may try to verify the outer layer
More informationRealPresence CloudAXIS Suite Release Notes
RELEASE NOTES Software 1.1 April 2013 3725-03317-001 Rev A RealPresence CloudAXIS Suite Release Notes Trademarks 2013, Polycom, Inc. All rights reserved. POLYCOM, the Polycom logo and the names and marks
More informationAndroid System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015
Android System Architecture Android Application Fundamentals Applications in Android All source code, resources, and data are compiled into a single archive file. The file uses the.apk suffix and is used
More informationOutside the Box: Networks and The Internet
Outside the Box: Networks and The Internet Don Mason Associate Director Copyright 2011 National Center for Justice and the Rule of Law All Rights Reserved Inside vs. Outside Inside the Box What the computer
More informationPetros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song
Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song Secure Data Capsules @ HotOS2011 3 Secure Data Capsules @ HotOS2011 4 Secure Data Capsules @ HotOS2011 5 Secure Data
More informationNPS Apps - Google Docs Facilitated by Liza Zandonella Newtown High School May, 2013
NPS Apps - Google Docs Facilitated by Liza Zandonella Newtown High School May, 2013 Creating, Uploading and Sharing Documents To open Google Docs, select Drive on the menu bar of your Google Mail browser.
More informationMobile and Wireless Systems Programming
to Android Android is a software stack for mobile devices that includes : an operating system middleware key applications Open source project based on Linux kernel 2.6 Open Handset Alliance (Google, HTC,
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationSystem Requirements. SuccessMaker 7
System Requirements SuccessMaker 7 Copyright 2015 Pearson Education, Inc. or one or more of its direct or indirect affiliates. All rights reserved. Pearson and SuccessMaker are registered trademarks, in
More informationMulti-tenancy Virtualization Challenges & Solutions. Daniel J Walsh Mr SELinux, Red Hat Date
Multi-tenancy Virtualization Challenges & Solutions Daniel J Walsh Mr SELinux, Red Hat Date 06.28.12 What is Cloud? What is IaaS? IaaS = Infrastructure-as-a-Service What is PaaS? PaaS = Platform-as-a-Service
More informationAvalanche Remote Control User Guide. Version 4.1
Avalanche Remote Control User Guide Version 4.1 ii Copyright 2012 by Wavelink Corporation. All rights reserved. Wavelink Corporation 10808 South River Front Parkway, Suite 200 South Jordan, Utah 84095
More informationOpen Mic Webcast. Jumpstarting Audio- Video Deployments Tony Payne March 9, 2016
Open Mic Webcast Jumpstarting Audio- Video Deployments Tony Payne March 9, 2016 Agenda The Challenges of Audio and Video Architecture Bill of Materials Component Descriptions Deployment Sample Deployment
More information1080P P2P Wifi Pinhole Hidden Alarm Clock Camera
1080P P2P Wifi Pinhole Hidden Alarm Clock Camera 1 PRODUCT OVERVIEW Features: Real-time Audio & Video Recording Complete Digital Clock Function Wifi IP Network Function IR Night Vision Support Smartphone
More informationEngineering Quality of Experience: A Brief Introduction
Engineering Quality of Experience: A Brief Introduction Neil Davies and Peter Thompson November 2012 Connecting the quality of user experience to parameters a network operator can directly measure and
More informationCPS 510 final exam, 4/27/2015
CPS 510 final exam, 4/27/2015 Your name please: This exam has 25 questions worth 12 points each. For each question, please give the best answer you can in a few sentences or bullets using the lingo of
More informationSecurity Association Creation
1 Security Association Creation David L. Black November 2006 2 The Big Picture: Three Proposals Framework: 06-369 specifies Security Associations (SAs) Connect key generation to key usage (and identify
More informationTechnical Guide 20/02/2013
Technical Guide 20/02/2013 Technical Requirements Operating Systems Windows XP SP2 Windows Vista Windows 7 32bit Windows 7 64bit Mac OS X 10.5 and above Linux Ubuntu 1 32bit Linux Ubuntu 1 64bit Linux
More informationComputer Security Exam 3 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 2017 Exam 3 Review Paul Krzyzanowski Rutgers University Spring 2017 April 18, 2018 CS 419 2017 Paul Krzyzanowski 1 Exam 3: Grade vs. Completion Time 5 Question 1 A high False Reject Rate
More information