Towards Provably Secure and Correct Systems. Avik Chaudhuri
|
|
- Antonia Riley
- 6 years ago
- Views:
Transcription
1 Towards Provably Secure and Correct Systems Avik Chaudhuri
2 Systems we rely on Opera<ng systems Storage systems Web applica<on frameworks Mobile device plaaorms Clouds These systems run our code. What security and correctness guarantees do they provide?
3 Aim of my research Develop founda:ons of secure and correct systems Analysis of systems (specifica4on + verifica4on) Construc<on of systems (design + implementa4on) Exploit programming languages as lens principles, techniques
4 This talk Overview of past and ongoing work on system analysis Storage systems (Plutus, OSD, PCFS) Opera4ng systems (Windows Vista, Asbestos) Mobile device plaforms (Android) Web applica4on frameworks (Ruby on Rails) Systems as programming languages Program analyses for system guarantees Similar ideas can guide system design
5 Analogy: Communica4on Model cryptography with equa<ons decrypt (encrypt (x, k), k) = x Programming language to describe protocols create new names (keys) build terms with func<on symbols (hashing, encryp4on) communicate terms over channels compose parallel processes [applied pi calculus]
6 Specifica4on and Verifica4on Adversary (arbitrary unspecified context) Language seman:cs defines the power of the adversary Specifica<on (types, logical asser<ons) Proof techniques (type systems, abstract interpreta<on) Tools (ProVerif, F7) Can verify protocols, their implementa:ons, and their uses This approach can be extended to other systems!
7 Storage systems Analysis of secure file sharing on untrusted storage [with B. Blanchet: S&P 08] various aoacks, precise guarantees Correct implementa<on of distributed access control [with M. Abadi: FMSE 05, FORTE 06; FCS 08] pifalls, general design principles Language support for proof carrying authoriza<on [with D. Garg: ESORICS 09] automa4c proof management
8 Opera4ng systems Analysis of opera<ng system security models [with S. Rajamani and others: CCS 08] decidability results, tool for system design Type system for enforcing security on an opera<ng system [with S. Rajamani and others: PLAS 08] formaliza4on of design inten4ons and best prac4ces
9 Mobile device plaforms Security verifica<on of mobile device applica<ons [PLAS 09; ongoing work with J. Foster and others] cer4fied installa4on with security guarantees
10 Web applica4on frameworks Security and correctness verifica<on of web applica<ons [with J. Foster and others: ASE 09, ongoing work] elimina4on of various classes of aoacks and bugs
11 Storage Reduc<onist: Storage is, arer all, communica<on write/read a file send/receive on a channel storage on untrusted disks communica4on over insecure networks Should be able to leverage previous work on communica:on Pragma<st: Careful! Why do we need dynamic access control? Expect dynamic specifica:ons (e.g., dynamic trust assump:ons)
12 Storage on Untrusted Disks Alice Bob Server: untrusted Clients: some trusted, some untrusted
13 Storage on Untrusted Disks Files: encrypted/signed Alice Bob Server: untrusted Clients: some trusted, some untrusted
14 Storage on Untrusted Disks Files: encrypted/signed Reader (knows read key) Alice Writer (knows write key) Bob Server: untrusted Clients: some trusted, some untrusted
15 Storage on Untrusted Disks Reader (knows read key) David Carol Alice Files: encrypted/signed Writer (knows write key) Eve Bob Server: untrusted Clients: some trusted, some untrusted
16 Storage on Untrusted Disks Reader (knows read key) Owner (creates/distributes keys) Writer (knows write key) David Eve Carol Alice Bob Files: encrypted/signed Server: untrusted Clients: some trusted, some untrusted
17 Storage on Untrusted Disks Reader David Alice Files: encrypted/signed Owner Writer Eve Carol Bob Server: untrusted Clients: some trusted, some untrusted
18 Storage on Untrusted Disks Reader (knows new read key) David Alice Files: encrypted/signed Owner (creates/distributes new keys) Writer (knows new write key) Eve Carol Bob Server: untrusted Clients: some trusted, some untrusted
19 Storage on Untrusted Disks David Files: encrypted/signed Reader Alice Owner Carol Writer Eve Bob Server: untrusted Clients: some trusted, some untrusted
20 Storage on Untrusted Disks David Files: encrypted/signed Reader (knows new read key) Alice Owner (creates/distributes new keys) Carol Writer (knows new write key) Eve Bob Server: untrusted Clients: some trusted, some untrusted
21 Op4miza4ons in Plutus Are files immediately re secured with new keys? No! Files secured with new keys on subsequent writes lazy revoca<on How do readers decide which keys to use? Throw away old keys, derive from new keys as required key rota<on Does the protocol implement these op4miza4ons correctly? What are the security implica4ons of these op4miza4ons?
22 Specifica4on and Verifica4on Automated security analysis of Plutus with ProVerif applied pi calculus programs + expected proper<es Horn logic clauses + queries with Results Weaker secrecy than claimed writers can act for readers, secrets may eventually leak Serious axack on integrity (clever exploit of subtle bug) adversary can collude with readers to become writers
23 Key idea: Model Corrup4on Specify code for each role in the protocol owners trusted readers trusted or corrupt writers trusted or corrupt (trusted = follows protocol, corrupt = leaks keys) Adversary unspecified, controls any run of the protocol (e.g., chooses which principals to corrupt and when) Specify security despite corrup<on Security viola:on Precise lower bounds on corrup:on
24 Distributed Access Control Networked Storage (e.g., OSD) Access Control Authority Client capability Disk Server Capability: unforgeable/verifiable authoriza<on cer4ficate Revoca:on is tricky How do we specify and verify correctness of implementa4ons?
25 Implementa4on as Refinement Ideal Storage Client Access Control Authority + Disk Server Study preserva<on of trace proper<es, equivalences Results Various ways to break full abstrac:on Nevertheless, correct implementa<ons exist with General design principles: Distributed implementa:on of stateful computa:ons
26 Proof Carrying Authoriza4on Distributed Access Control Authori4es Client File System File system requires authoriza<on proofs Tremendous burden on user Solu<on with PCAL: Language/compiler support for PCA systems user writes script, compiler manages proofs & instruments script Tricky! (e.g., proofs at compile 4me may be invalid at run 4me)
27 Opera4ng Systems Various levels of trust (ordered) Process Loca4on System Admin User Web Protec<on mechanisms (e.g., labels for access control) intend to restrict informa:on flow across levels of trust but oaen do not! (too restric4ve)
28 Access Control for Integrity no write up no execute down Browser security Web data cannot overwrite User loca4on Web code cannot be run by Admin process Browser func:onality? User needs to download data from Web (e.g., aoachment) Admin needs to install code from Web (e.g., game applica4on)
29 Dynamic Control of Labels Windows Vista Process Loca4on Admin can install code from Web User can save data from Web spawn untrusted process (execute less trusted code) trust untrusted loca4on (verify trust by other means) read untrusted loca4on (only overwrite untrusted data)
30 Dynamic Control of Labels Windows Vista Process Loca4on Admin can install code from Web User can save data from Web spawn untrusted process (execute less trusted code) trust untrusted loca4on (verify trust by other means) Implicit design inten:ons, best prac:ces? (Similar ideas in other opera4ng systems, e.g., Asbestos) read untrusted loca4on (only overwrite untrusted data)
31 Specifica4on and Verifica4on System Designer: What guarantees can the system provide? model behaviors (dynamic seman4cs) analyze restric<ons (sta4c seman4cs) ProVerif undecidable query evalua:on can be a problem! Solu<on Eon: dynamic logic programming expressive enough decidable query evalua:on with
32 Eon Eon = Datalog + new + next + some syntac4c restric4ons (unary dynamic predicates, monotonicity) new: create constants ini4alized with some predicates next: update predicates for such constants Datalog: enforce constraints Query evalua:on: reduc:on to Datalog query sa:sfiability (new = existen<al quan<fier, next = state transformer)
33 Automated Analysis with Eon Experiments model behaviors (dynamic seman4cs) analyze restric<ons (sta4c seman4cs) Results Windows Vista Adacks can be blamed on trusted processes (interes4ng design principle) Sound monitoring of trusted processes to eliminate adacks Explicit design inten4ons, best prac4ces!
34 Code Analysis for Security Windows Vista AOacks can be eliminated by restric4ng trusted code Idea Enforce restric:ons on code via a security type system types = security invariants soundness = type preserva<on with
35 Access Control + Security Types Programming language to describe code running on system create processes/loca<ons that are protected with labels update labels (access control) pack code as data (compila4on) read/write/execute contents at loca4ons Access control encoded in dynamic seman<cs Security types enforce sta<c seman<cs Hybrid typechecking (soundness, precision, op4miza4on)
36 Access Control + Security Types Security type T L (data of type T, trusted sta<cally at level L) Type Loc T L (loca<on that contains data of security type T L ) If loc : Loc T L, then dynamic label of loc L By access control, levels < L cannot write to loc control dynamic label of loc By typechecking, ensure that levels L always write data that flows from levels L to loc maintain dynamic label of loc L
37 Examples [System] [User] [Web] ini4alize cmd.exe ini4alize url ie.exe contains code: reads url & executes contents executes ie.exe at Web virus.exe contains code: overwrites cmd.exe url contains virus.exe Code typechecks [Web cannot write to cmd.exe]
38 Examples [System] [Admin] [User] [Web] ini4alize home ini4alize url ini4alize setup.exe ie.exe contains code: reads url & copies contents to setup.exe trusts setup.exe & executes it executes ie.exe at Web virus.exe contains code: overwrites home url contains virus.exe Code does not typecheck [Admin can write to home]
39 Mobile Device PlaForms Android opera4ng system + core apps SDK: Java APIs to develop new apps Alice (user) Apps can share components Sharing controlled sta<cally (at install 4me) app store Can Alice know whether Bob s app is safe? Can Bob convince Alice that the app is safe? Bob (developer)
40 Cer4fied Installa4on (PCC) Bob constructs a proof that his app is safe Alice verifies the proof before installing the app (proofs may be implemented as cer<ficates) Requirements Opera<onal seman<cs for apps running on Android formal specifica<ons of APIs provided by SDK Separate verifica:on of APIs for efficiency Sta<c analysis of Android apps for safety formalized as a security type system Soundness of analysis provides necessary proofs
41 Android Applica4ons code may belong to other apps run with permissions of those apps components inherited classes, overridden methods pool of listeners manifest declare necessary permissions specify access controls for other apps stack of windows data sta<c dynamic
42 Sta4c Analysis with concrete code [Java] abstract code (typecheck) Security specifica<ons derived from manifests of installed apps Typechecking guarantees that access controls enforce security Suppose that reading my contacts list requires permission P Then only apps installed with permission P can know my contacts Droid: cer<fied installer for Android apps (in progress)
43 Web Applica4on Frameworks Ruby on Rails Ruby: dynamically typed OO scrip<ng language Rails: Ruby APIs for automa<ng development of web apps Models, Views, Controllers models connected to database tables views described by code embedded markup controllers route requests to responses Conven:on over Configura:on request response controllers models views database
44 Sta4c Analysis Rails makes extensive use of meta programming in Ruby Direct analysis is difficult DRails: translate to explicit Ruby code that is easier to analyze concrete code [Ruby on Rails] translated code [Ruby] (typecheck) [DRuby] with Typechecking guarantees that method calls succeed But almost everything is a method call in Ruby! Results Bugs that crash exis4ng apps (confirmed by developers)
45 Sta4c Analysis with concrete code [Ruby on Rails] translated code [Ruby] (execute and verify) Simple typechecking cannot catch logical errors/security aoacks Advanced type systems difficult to build for Ruby Rubyx: symbolic verifica<on of Ruby scripts (in progress) Key idea: executable specifica<ons
46 Systems of the Future Influence of programming languages Principles Core, expressive abstrac4ons Strong guarantees of security and correctness Implementa4ons as refinements Techniques Rich types/invariants for specifica4on and verifica4on Combina4ons of sta4c and dynamic mechanisms
47 Systems of the Future Influence of programming languages Revisit academic programming languages strong founda4ons reduce complexity, spur inven4ons View system design as language design generaliza4ons provide insight, set trends Opportunity to make las:ng contribu:ons
Language-Based Security on Android (call for participation) Avik Chaudhuri
+ Language-Based Security on Android (call for participation) Avik Chaudhuri + What is Android? Open-source platform for mobile devices Designed to be a complete software stack Operating system Middleware
More informationAlterna(ve Architectures
Alterna(ve Architectures COMS W4118 Prof. Kaustubh R. Joshi krj@cs.columbia.edu hep://www.cs.columbia.edu/~krj/os References: Opera(ng Systems Concepts (9e), Linux Kernel Development, previous W4118s Copyright
More informationMylar. xd5d1db5abce2356d51db5aab23d abbce23352abc x435acb734352a12cad5d1db5abce2356d51db acb2312aaab23!
Mylar Building web applica/ons on top of encrypted data xd5d1db5abce2356d51db5aab23d5321535abbce23352abc4352314987 x435acb734352a12cad5d1db5abce2356d51db5345323acb2312aaab23! Raluca Ada Popa, Emily Stark,
More informationTypes for Security: from Crypto Protocols to Web Applica8ons
Types for Security: from Crypto Protocols to Web Applica8ons Karthikeyan Bhargavan INRIA Paris- Rocquencourt Joint work with C Fournet, AD Gordon, J Bengtson, S Maffeis, R Corin, E Zalinescu, A Piron8,
More informationSecure Distributed Computa2ons (and their Proofs)
Secure Distributed Computa2ons (and their Proofs) Pedro Adao Gilles Barthe Ricardo Corin Pierre- Malo Deniélou Gurvan le Guernic Nataliya Guts Eugen Zalinescu San2ago Zanella Béguelin Karthik Bhargavan
More informationVulnerability Analysis (III): Sta8c Analysis
Computer Security Course. Vulnerability Analysis (III): Sta8c Analysis Slide credit: Vijay D Silva 1 Efficiency of Symbolic Execu8on 2 A Sta8c Analysis Analogy 3 Syntac8c Analysis 4 Seman8cs- Based Analysis
More informationProac&vely Accountable Anonymous Messaging in Verdict
Proac&vely Accountable Anonymous Messaging in Verdict Henry Corrigan- Gibbs, David Isaac Wolinsky, and Bryan Ford Department of Computer Science Yale University 22 nd USENIX Security Symposium 14 August
More informationEnforcing declara.ve data policies
Enforcing declara.ve data policies Peter Druschel with Anjo Vahldiek, Eslam Elnikety, Aastha Mehta, Deepak Garg, MPI- SWS (with contribu@ons from Rodrigo Rodrigues Nova Lisboa, Johannes Gehrke Cornell/Microso>,
More informationComposite Compliance: Demonstra1ng Suitability of Cloud Layering for Sensi1ve and Regulated Workloads
Composite Compliance: Demonstra1ng Suitability of Cloud Layering for Sensi1ve and Regulated Workloads Heather Hinton, PhD hhinton@us.ibm.com IBM Dis1nguished Engineer Master Inventor, Member IBM AoT 7
More informationDynamic Languages. CSE 501 Spring 15. With materials adopted from John Mitchell
Dynamic Languages CSE 501 Spring 15 With materials adopted from John Mitchell Dynamic Programming Languages Languages where program behavior, broadly construed, cannot be determined during compila@on Types
More informationJava. Package, Interface & Excep2on
Java Package, Interface & Excep2on Package 2 Package Java package provides a mechanism for par55oning the class name space into more manageable chunks Both naming and visibility control mechanism Define
More informationProject: Embedded SMC
Project: Embedded SMC What is Secure Computa1on [SMC] A Compute f(a, B) Without revealing A to Bob and B to Alice B 2 Using a Trusted Third Party A B f(a, B) f(a, B) A Compute f(a, B) Without revealing
More informationSta$c Verifica$on for Web Scrip$ng Languages. Ravi Chugh
Sta$c Verifica$on for Web Scrip$ng Languages Ravi Chugh Web Pla=orm 2 Web Pla=orm 3 My Goal: Rigorous Founda2ons Web Pla=orm 4 1995 Web Page = Sta$c HTML Web Page + Links Web Page + Client- Side Code
More informationCon$nuous Integra$on Development Environment. Kovács Gábor
Con$nuous Integra$on Development Environment Kovács Gábor kovacsg@tmit.bme.hu Before we start anything Select a language Set up conven$ons Select development tools Set up development environment Set up
More information10/7/15. MediaItem tostring Method. Objec,ves. Using booleans in if statements. Review. Javadoc Guidelines
Objec,ves Excep,ons Ø Wrap up Files Streams MediaItem tostring Method public String tostring() { String classname = getclass().tostring(); StringBuilder rep = new StringBuilder(classname); return rep.tostring();
More informationA Compiler and Run- 1me System for Network Programming Languages
A Compiler and Run- 1me System for Network Programming Languages Christopher Monsanto, Princeton Nate Foster, Cornell Rob Harrison, West Point David Walker, Princeton 1 SoFware- Defined Networks Controller
More informationBuilding an encrypted pa0ent survey applica0on with Mylar
Building an encrypted pa0ent survey applica0on with Mylar xd5d1db5abce2356d51db5aab23d5321535abbce23352abc4352314987 x435acb734352a12cad5d1db5abce2356d51db5345323acb2312aaab23 Raluca Ada Popa, Hari Balakrishnan,
More informationAWS Iden)ty And Access Management (IAM) Manohar Rapolu
AWS Iden)ty And Access Management (IAM) Manohar Rapolu Topics Introduc5on Principals Authen5ca5on Authoriza5on Other Key Feature -> Mul5 Factor Authen5ca5on -> Rota5ng Keys -> Resolving Mul5ple Permissions
More informationDesign Principles & Prac4ces
Design Principles & Prac4ces Robert France Robert B. France 1 Understanding complexity Accidental versus Essen4al complexity Essen%al complexity: Complexity that is inherent in the problem or the solu4on
More informationM 2 R: Enabling Stronger Privacy in MapReduce Computa;on
M 2 R: Enabling Stronger Privacy in MapReduce Computa;on Anh Dinh, Prateek Saxena, Ee- Chien Chang, Beng Chin Ooi, Chunwang Zhang School of Compu,ng Na,onal University of Singapore 1. Mo;va;on Distributed
More informationSta$c Analysis Dataflow Analysis
Sta$c Analysis Dataflow Analysis Roadmap Overview. Four Analysis Examples. Analysis Framework Soot. Theore>cal Abstrac>on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis. Overview Sta>c
More informationObject Oriented Design (OOD): The Concept
Object Oriented Design (OOD): The Concept Objec,ves To explain how a so8ware design may be represented as a set of interac;ng objects that manage their own state and opera;ons 1 Topics covered Object Oriented
More informationFix- point engine in Z3. Krystof Hoder Nikolaj Bjorner Leonardo de Moura
μz Fix- point engine in Z3 Krystof Hoder Nikolaj Bjorner Leonardo de Moura Mo?va?on Horn EPR applica?ons (Datalog) Points- to analysis Security analysis Deduc?ve data- bases and knowledge bases (Yago)
More informationLeviathan redux. John L. Manferdelli Intel Science and Technology Center for Secure Compu;ng UC, Berkeley
Leviathan redux John L. Manferdelli Intel Science and Technology Center for Secure Compu;ng UC, Berkeley Joint work with Tom Roeder (Google), Fred Schneider (Cornell) And Kevin Walsh of Mt Holyoke College
More informationMulG-Vendor Key Management with KMIP
MulG-Vendor Key Management with KMIP Tim Hudson CTO Cryptso2 tjh@cryptso2.com GS13A 19-May-2016 1:35pm Key Management 1000011010100100101100101010000010101000101001101001111010001100 Key Management Standards
More informationOracle VM Workshop Applica>on Driven Virtualiza>on
Oracle VM Workshop Applica>on Driven Virtualiza>on Simon COTER Principal Product Manager Oracle VM & VirtualBox simon.coter@oracle.com hnps://blogs.oracle.com/scoter November 25th, 2015 Copyright 2014
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs How to run untrusted programs and not harm your system? Answer: Confinement (some:mes called
More informationEDAN65: Compilers, Lecture 13 Run;me systems for object- oriented languages. Görel Hedin Revised:
EDAN65: Compilers, Lecture 13 Run;me systems for object- oriented languages Görel Hedin Revised: 2014-10- 13 This lecture Regular expressions Context- free grammar ATribute grammar Lexical analyzer (scanner)
More informationGenericity. Philippe Collet. Master 1 IFI Interna3onal h9p://dep3nfo.unice.fr/twiki/bin/view/minfo/sofeng1314. P.
Genericity Philippe Collet Master 1 IFI Interna3onal 2013-2014 h9p://dep3nfo.unice.fr/twiki/bin/view/minfo/sofeng1314 P. Collet 1 Agenda Introduc3on Principles of parameteriza3on Principles of genericity
More informationSandboxing untrusted code: policies and mechanisms
Sandboxing untrusted code: policies and mechanisms Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2011 1 Overview Introduction Java and.net Sandboxing Runtime monitoring Information Flow Control
More informationcsc444h: so(ware engineering I matt medland
csc444h: so(ware engineering I matt medland matt@cs.utoronto.ca http://www.cs.utoronto.ca/~matt/csc444 tes2ng top- 10 infrastructure source code control including other types of testing reproducible builds
More informationModern Type Systems for Dynamic Languages. Ravi Chugh
Modern Type Systems for Dynamic Languages Ravi Chugh Web Pla0orm 2 Goal: Rigorous Founda
More informationSQLite with a Fine-Toothed Comb. John Regehr Trust-in-So1 / University of Utah
SQLite with a Fine-Toothed Comb John Regehr Trust-in-So1 / University of Utah Feasible states for a system we care about No execu
More informationRV: A Run'me Verifica'on Framework for Monitoring, Predic'on and Mining
RV: A Run'me Verifica'on Framework for Monitoring, Predic'on and Mining Patrick Meredith Grigore Rosu University of Illinois at Urbana Champaign (UIUC) Run'me Verifica'on, Inc. (joint work with Dongyun
More informationData Flow Analysis. Suman Jana. Adopted From U Penn CIS 570: Modern Programming Language Implementa=on (Autumn 2006)
Data Flow Analysis Suman Jana Adopted From U Penn CIS 570: Modern Programming Language Implementa=on (Autumn 2006) Data flow analysis Derives informa=on about the dynamic behavior of a program by only
More informationCon$nuous Audi$ng and Risk Management in Cloud Compu$ng
Con$nuous Audi$ng and Risk Management in Cloud Compu$ng Marcus Spies Chair of Knowledge Management LMU University of Munich Scien$fic / Technical Director of EU Integrated Research Project MUSING Cloud
More informationModifying an Exis.ng Commercial Product for Cryptographic Module Evalua.on
Modifying an Exis.ng Commercial Product for Cryptographic Module Evalua.on ICMC16 O?awa, Canada 18-20 May 2016 Presented by Alan Gornall Introduc.on I provide cer.fica.on support to my clients: compliance
More informationSecure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
More informationUPCRC. Illiac. Gigascale System Research Center. Petascale computing. Cloud Computing Testbed (CCT) 2
Illiac UPCRC Petascale computing Gigascale System Research Center Cloud Computing Testbed (CCT) 2 www.parallel.illinois.edu Mul2 Core: All Computers Are Now Parallel We con'nue to have more transistors
More informationCryptographically Sound Implementations for Typed Information-Flow Security
FormaCrypt, Nov 30. 2007 Cryptographically Sound Implementations for Typed Information-Flow Security Cédric Fournet Tamara Rezk Microsoft Research INRIA Joint Centre http://msr-inria.inria.fr/projects/sec/cflow
More informationTrust Eleva,on Architecture v03
Trust Eleva,on Architecture v03 DISCUSSION DRAFT 2015-01- 27 Andrew Hughes 1 Purpose of this presenta,on To alempt to explain the Trust Eleva,on mechanism as a form of ALribute Based Access Control To
More informationRaceMob: Crowdsourced Data Race Detec,on
RaceMob: Crowdsourced Data Race Detec,on Baris Kasikci, Cris,an Zamfir, and George Candea School of Computer & Communica3on Sciences Data Races to shared memory loca,on By mul3ple threads At least one
More informationConcrete cryptographic security in F*
Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels
More informationHow to sleep *ght and keep your applica*ons running on IPv6 transi*on. The importance of IPv6 Applica*on Tes*ng
How to sleep *ght and keep your applica*ons running on IPv6 transi*on The importance of IPv6 Applica*on Tes*ng About this presenta*on It presents a generic methodology to test the IPv6 func*onality of
More informationSecurity does not live on UI level T
Security does not live on UI level T-1105220 LECTURE 28032013 Jarmo Parkkinen What would google do? Google 2 step sign in surface Normal website user name + password Verifica9on code SMS or voice 6 digits
More informationAutomated System Analysis using Executable SysML Modeling Pa8erns
Automated System Analysis using Executable SysML Modeling Pa8erns Maged Elaasar* Modelware Solu
More informationPrac%cal Control Flow Integrity & Randomiza%on for Binary Executables
Prac%cal Control Flow Integrity & Randomiza%on for Binary Executables Chao Zhang Tao Wei Zhaofeng Chen Lei Duan Peking University Peking University UC Berkeley Peking University Peking University László
More informationSecuring Hadoop. Keys Botzum, MapR Technologies Jan MapR Technologies - Confiden6al
Securing Hadoop Keys Botzum, MapR Technologies kbotzum@maprtech.com Jan 2014 MapR Technologies - Confiden6al 1 Why Secure Hadoop Historically security wasn t a high priority Reflec6on of the type of data
More informationLecture 4: Build Systems, Tar, Character Strings
CIS 330:! / / / / (_) / / / / _/_/ / / / / / \/ / /_/ / `/ \/ / / / _/_// / / / / /_ / /_/ / / / / /> < / /_/ / / / / /_/ / / / /_/ / / / / / \ /_/ /_/_/_/ _ \,_/_/ /_/\,_/ \ /_/ \ //_/ /_/ Lecture 4:
More informationCompila(on /15a Lecture 6. Seman(c Analysis Noam Rinetzky
Compila(on 0368-3133 2014/15a Lecture 6 Seman(c Analysis Noam Rinetzky 1 You are here Source text txt Process text input characters Lexical Analysis tokens Annotated AST Syntax Analysis AST Seman(c Analysis
More informationReview. Asser%ons. Some Per%nent Ques%ons. Asser%ons. Page 1. Automated Tes%ng. Path- Based Tes%ng. But s%ll need to look at execu%on results
Review Asser%ons Computer Science 521-621 Fall 2011 Prof. L. J. Osterweil Material adapted from slides originally prepared by Prof. L. A. Clarke Dynamic Tes%ng Execute program on real data and compare
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationW1005 Intro to CS and Programming in MATLAB. Brief History of Compu?ng. Fall 2014 Instructor: Ilia Vovsha. hip://www.cs.columbia.
W1005 Intro to CS and Programming in MATLAB Brief History of Compu?ng Fall 2014 Instructor: Ilia Vovsha hip://www.cs.columbia.edu/~vovsha/w1005 Computer Philosophy Computer is a (electronic digital) device
More informationCISC327 - So*ware Quality Assurance. Lecture 13 Black Box Unit
CISC327 - So*ware Quality Assurance Lecture 13 Black Box Unit Tes@ng Black Box Unit Tes@ng Black box method tes@ng Test harnesses Role of code- level specifica@ons (asser@ons) Automa@ng black box unit
More informationAppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware Yang Wenbo, Zhang Yuanyuan, Li Juanru, Shu Junliang, Li Bodong, Hu Wenjun, Gu Dawu Sudeep Nanjappa Jayakumar Agenda Introduc0on
More informationWhy Rails and Design for an Applica5on
Why Rails and Design for an Applica5on CITS3403 Agile Web Development Reference: Ruby et al, Chapter 5 First there was Ruby... Ruby is the interpreted scripting language for quick and easy objectoriented
More informationThe automatic security protocol verifier ProVerif
The automatic security protocol verifier ProVerif Bruno Blanchet CNRS, École Normale Supérieure, INRIA, Paris June 2010 Bruno Blanchet (CNRS, ENS, INRIA) ProVerif June 2010 1 / 43 Introduction Many techniques
More informationHomework 1 Simple code genera/on. Luca Della Toffola Compiler Design HS15
Homework 1 Simple code genera/on Luca Della Toffola Compiler Design HS15 1 Administra1ve issues Has everyone found a team- mate? Mailing- list: cd1@lists.inf.ethz.ch Please subscribe if we forgot you 2
More informationObjec&ves. Review: Security. Google s AI is wri&ng poetry SQL INJECTION ATTACK. SQL Injec&on. SQL Injec&on. Security:
Objec&ves Security: Ø Injec&on a6acks Ø Cross-site scrip&ng Ø Insecure direct object reference Group photo Review: Security Why has the Web become such a huge target? How can you protect against security
More informationCSE Compilers. Reminders/ Announcements. Lecture 15: Seman9c Analysis, Part III Michael Ringenburg Winter 2013
CSE 401 - Compilers Lecture 15: Seman9c Analysis, Part III Michael Ringenburg Winter 2013 Winter 2013 UW CSE 401 (Michael Ringenburg) Reminders/ Announcements Project Part 2 due Wednesday Midterm Friday
More informationHPCSoC Modeling and Simulation Implications
Department Name (View Master > Edit Slide 1) HPCSoC Modeling and Simulation Implications (Sharing three concerns from an academic research user perspective using free, open tools. Solutions left to the
More informationWays to implement a language
Interpreters Implemen+ng PLs Most of the course is learning fundamental concepts for using PLs Syntax vs. seman+cs vs. idioms Powerful constructs like closures, first- class objects, iterators (streams),
More informationIdentity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
More informationOpenWorld 2015 Oracle Par22oning
OpenWorld 2015 Oracle Par22oning Did You Think It Couldn t Get Any Be6er? Safe Harbor Statement The following is intended to outline our general product direc2on. It is intended for informa2on purposes
More informationMobile Workforce Produc0vity Vision Jon Kuhn
Mobile Workforce Produc0vity Vision 2013 Jon Kuhn Any informa9on regarding pre- release Symantec offerings, future updates or other planned modifica9ons is subject to ongoing evalua9on by Symantec and
More informationTrustworthy Keyword Search for Regulatory Compliant Records Reten;on
Trustworthy Keyword Search for Regulatory Compliant Records Reten;on S. Mitra, W. Hsu, M. WinsleA Presented by Thao Pham Introduc;on Important documents: emails, mee;ng memos, must be maintained in a trustworthy
More informationIRODS USER GROUP 2014 CAMBRIDGE,MA John Burns. 6/25/14 Archive Analy3cs Solu3ons 1
IRODS USER GROUP 2014 CAMBRIDGE,MA John Burns 6/25/14 Archive Analy3cs Solu3ons 1 Credits Archive Analy3cs Solu3ons is presen3ng an archive system that embodies best prac3ce for long- term, high integrity
More informationComputer Security Course. Public Key Crypto. Slides credit: Dan Boneh
Computer Security Course. Dawn Song Public Key Crypto Slides credit: Dan Boneh Administra>ve Issues Security is a fast- changing field We cover a broad spectrum of areas in computer security Hence, there
More informationApproach starts with GEN and KILL sets
b -Advanced-DFA Review of Data Flow Analysis State Propaga+on Computer Science 5-6 Fall Prof. L. J. Osterweil Material adapted from slides originally prepared by Prof. L. A. Clarke A technique for determining
More informationPractical Mostly-Static Information Flow Control. Andrew Myers MIT Lab for Computer Science
Practical Mostly-Static Information Flow Control Andrew Myers MIT Lab for Computer Science Privacy Old problem (secrecy, confidentiality) : prevent programs from leaking data Untrusted, downloaded code:
More informationTop 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
More informationNa#ve Applica#ons WG (NAPPS) May 5/14 Paul Madsen, Ping
Na#ve Applica#ons WG (NAPPS) May 5/14 Paul Madsen, Ping NAPPS value proposi#on OAuth & Connect enable na#ve applica#ons calling APIs Popularity of na#ve applica#on model has led to an explosion enterprise
More informationProofs about Programs
Proofs about Programs Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions & Postconditions Program Verification Assignment Statements Conditional Statements Loops Composition
More informationCS6200 Informa.on Retrieval. David Smith College of Computer and Informa.on Science Northeastern University
CS6200 Informa.on Retrieval David Smith College of Computer and Informa.on Science Northeastern University Indexing Process Indexes Indexes are data structures designed to make search faster Text search
More informationStrategies to remove complexity from everyday infrastructure
Strategies to remove complexity from everyday infrastructure Nils Swart Director, Plexxi Open Network Exchange, Dallas 2013- April- 11 Why are we still here? Simplicity is the ultimate sophistication Leonardo
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationCSE P 501 Compilers. Memory Management and Garbage Collec<on Hal Perkins Winter UW CSE P 501 Winter 2016 W-1
CSE P 501 Compilers Memory Management and Garbage Collec
More informationMore Lambda Calculus and Intro to Type Systems
More Lambda Calculus and Intro to Type Systems #1 One Slide Summary The lambda calculus is a model of computation or a programming language that is as expressive as a Turing machine. The lambda calculus
More informationOverview of IPTV Forum Japan s Hybridcast Technical SpecificaAon
The fourth Web and TV Workshop Overview of IPTV Forum Japan s Hybridcast Technical SpecificaAon Kinji Matsumura, NHK 1 What is Technology pladorm for broadcast and broadband hybrid service that uses HTML5
More informationWhat is Search For? CS 188: Ar)ficial Intelligence. Constraint Sa)sfac)on Problems Sep 14, 2015
CS 188: Ar)ficial Intelligence Constraint Sa)sfac)on Problems Sep 14, 2015 What is Search For? Assump)ons about the world: a single agent, determinis)c ac)ons, fully observed state, discrete state space
More informationThe Fedlet: Real World Examples
The Fedlet: Real World Examples Sun Iden(ty Management User Group 12 March 2009 Agenda BIT Systems Overview Federal Agency Architecture Iden>ty Federa>on Fedlet Introduc>on Enhancing Fedlet Capabili>es
More informationLecture 10, Zero Knowledge Proofs, Secure Computation
CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationINFO/CS 4302 Web Informa6on Systems
INFO/CS 4302 Web Informa6on Systems FT 2012 Week 7: RESTful Webservice APIs - Bernhard Haslhofer - 2 3 4 Source: hmp://www.blogperfume.com/new- 27- circular- social- media- icons- in- 3- sizes/ 5 Plan
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationA System for Genera/ng Sta/c Analyzers for Machine Instruc/ons (TSL)
Seminar on A System for Genera/ng Sta/c Analyzers for Machine Instruc/ons (TSL) Junghee Lim, Univ. of Wisconsin Madison, USA and Thomas Reps, GrammaTech, USA Presenter : Anand Ramkumar S Universitat des
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz II You have 80 minutes to answer the questions in this quiz. In order to receive credit
More informationCSCE 548 Building Secure Software SQL Injection Attack
CSCE 548 Building Secure Software SQL Injection Attack Professor Lisa Luo Spring 2018 Previous class DirtyCOW is a special type of race condition problem It is related to memory mapping We learned how
More informationDesign and Implementa/on of a Consolidated Middlebox Architecture. Vyas Sekar Sylvia Ratnasamy Michael Reiter Norbert Egi Guangyu Shi
Design and Implementa/on of a Consolidated Middlebox Architecture Vyas Sekar Sylvia Ratnasamy Michael Reiter Norbert Egi Guangyu Shi 1 Need for Network Evolu/on New applica/ons Evolving threats Performance,
More informationAutomated UI tests for Mobile Apps. Sedina Oruc
Automated UI tests for Mobile Apps Sedina Oruc What I ll be covering Ø Basics Ø What are UI tests? Ø The no@on of Emulator and Simulator Ø What are our challenges? Ø PlaForm specific UI tes@ng frameworks
More informationMore Lambda Calculus and Intro to Type Systems
More Lambda Calculus and Intro to Type Systems Plan Heavy Class Participation Thus, wake up! Lambda Calculus How is it related to real life? Encodings Fixed points Type Systems Overview Static, Dyamic
More informationInstructor: Randy H. Katz hap://inst.eecs.berkeley.edu/~cs61c/fa13. Fall Lecture #7. Warehouse Scale Computer
CS 61C: Great Ideas in Computer Architecture Everything is a Number Instructor: Randy H. Katz hap://inst.eecs.berkeley.edu/~cs61c/fa13 9/19/13 Fall 2013 - - Lecture #7 1 New- School Machine Structures
More informationSearch Engines. Informa1on Retrieval in Prac1ce. Annotations by Michael L. Nelson
Search Engines Informa1on Retrieval in Prac1ce Annotations by Michael L. Nelson All slides Addison Wesley, 2008 Indexes Indexes are data structures designed to make search faster Text search has unique
More informationAccess Control. Chester Rebeiro. Indian Institute of Technology Madras
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Subjects : User/ process/ applica5on Read/Write/
More informationStateless Microservice Security via JWT, TomEE and MicroProfile
Stateless Microservice Security via JWT, TomEE and MicroProfile Jean-Louis Monteiro Tomitribe Why am I here today? Microservices architecture case Security opeons OAuth2 with JWT HTTP Signatures Demo with
More informationCSCI 136: Fundamentals of Computer Science II. Keith Vertanen Museum 102 h8p://ka<e.mtech.edu/classes/csci136
CSCI 136: Fundamentals of Computer Science II Keith Vertanen Museum 102 kvertanen@mtech.edu h8p://ka
More informationSecure and Ef icient Iris and Fingerprint Identi ication
Secure and Eficient Iris and Fingerprint Identiication Marina Blanton Department of Computer Science and Engineering, University of Notre Dame mblanton@nd.edu Paolo Gas Department of Computer Science,
More informationLecture 2: Memory in C
CIS 330:! / / / / (_) / / / / _/_/ / / / / / \/ / /_/ / `/ \/ / / / _/_// / / / / /_ / /_/ / / / / /> < / /_/ / / / / /_/ / / / /_/ / / / / / \ /_/ /_/_/_/ _ \,_/_/ /_/\,_/ \ /_/ \ //_/ /_/ Lecture 2:
More informationSymantec Data Loss Preven2on 12.5 Demo Presenta2on
Symantec Data Loss Preven2on 12.5 Demo Presenta2on 1 Our Understanding PROJECT DRIVERS & DATA TO PROTECT Regulatory compliance PCI, GLBA Data inventory and cleansing SSNs, CCNs [Replace these bullet points
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More information