71 Hits in 7.3 sec

Modular Preservation of Safety Properties by Cookie-Based DoS-Protection Wrappers [chapter]

Rohit Chadha, Carl A. Gunter, Jose Meseguer, Ravinder Shankesi, Mahesh Viswanathan
2008 Lecture Notes in Computer Science  
In particular, we show how a common DoS protection mechanism based on cookies can be applied to a protocol while provably preserving safety properties (including confidentiality and integrity) that it  ...  This modular wrapping is based on the "onion skin" model of actor reflection.  ...  We also benefited from comments by anonymous reviewers. Rohit Chadha was supported in part by NSF CCF04-29639 and NSF CCF04-48178.  ... 
doi:10.1007/978-3-540-68863-1_4 fatcat:t2ehmpkiubhonfnxkdya3oqphm

Stable Availability under Denial of Service Attacks through Formal Patterns [chapter]

Jonas Eckhardt, Tobias Mühlbauer, Musab AlTurki, José Meseguer, Martin Wirsing
2012 Lecture Notes in Computer Science  
Availability is an important security property for Internet services and a key ingredient of most service level agreements. It can be compromised by distributed Denial of Service (DoS) attacks.  ...  In this work we propose a formal pattern-based approach to study defense mechanisms against DoS attacks.  ...  In [8] it is shown that adding cookies to a client-server system preserves all safety properties. We conjecture that the same holds for the ASV and ASV + SR protocols.  ... 
doi:10.1007/978-3-642-28872-2_6 fatcat:4r4otfp6ubcg7onwdgvdgd6woe

Gradual typing embedded securely in JavaScript

Nikhil Swamy, Cedric Fournet, Aseem Rastogi, Karthikeyan Bhargavan, Juan Chen, Pierre-Yves Strub, Gavin Bierman
2014 Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL '14  
idiomatic JavaScript, while providing strong safety guarantees by virtue of typing.  ...  The proof of our main theorem employs a form of type-preserving compilation, wherein we prove all the runtime invariants of the translation of TS to JavaScript by showing that translated programs are well-typed  ...  This is enabled by static safety and dynamic safety, two properties (in addition to memory isolation) provided by TS .  ... 
doi:10.1145/2535838.2535889 dblp:conf/popl/SwamyFRBCSB14 fatcat:ijdjwahimvfxdkguhpo6k62kli

Privacy-preserving browser-side scripting with BFlow

Alexander Yip, Neha Narula, Maxwell Krohn, Robert Morris
2009 Proceedings of the fourth ACM european conference on Computer systems - EuroSys '09  
To evaluate BFlow's confidentiality protection and flexibility, we have built a BFlow-protected blog that supports Blogger's third party JavaScript extensions.  ...  BFlow allows untrusted JavaScript to compute with, render, and store confidential data, while preventing leaks of that data.  ...  This work was supported by a National Science Foundation fellowship and Nokia.  ... 
doi:10.1145/1519065.1519091 dblp:conf/eurosys/YipNKM09 fatcat:f47pai5pbnftvdb7udtfbji7oi

Food Packaging?Roles, Materials, and Environmental Issues

Kenneth Marsh, Betty Bugusu
2007 Journal of Food Science  
Protection/preservation Food packaging can retard product deterioration, retain the beneficial effects of processing, extend shelf-life, and maintain or increase the quality and safety of food.  ...  Inadequate preservation/protection, storage, and transportation have been cited as causes of food waste.  ... 
doi:10.1111/j.1750-3841.2007.00301.x pmid:17995809 fatcat:q4i4eugwhnavddsf2efpcmswza

A Server-Side JavaScript Security Architecture for Secure Integration of Third-Party Libraries

Neline van Ginkel, Willem De Groef, Fabio Massacci, Frank Piessens
2019 Security and Communication Networks  
The Node.js framework is a popular JavaScript server-side framework with an efficient runtime for cloud-based event-driven architectures.  ...  One of its strengths is the presence of thousands of third-party libraries which allow developers to quickly build and deploy applications.  ...  Acknowledgments This work has been partly supported by the EU-FP7-NESSOS project and by the FWO-SBO Tearless project.  ... 
doi:10.1155/2019/9629034 fatcat:3f66yf7scbgvxbwliqk5eg3r44

LDA Mallet implementation on Design Discussions on StackOverflow [article]

Rohith Pudari, Roshan Lasrado, Dave Cheng
2020 Zenodo  
We then perform a qualitative analysis of the various identified design-related topics to glean the kind of challenges faced by the developers.  ...  We replicate the methods used by a previous study (Bangash et al., 2019) for the domain of Software Design.  ...  authentication user sends username password receives http cookie session session needs stored database issue option cookies automatically sent browser therefore need protection place using synchronizer  ... 
doi:10.5281/zenodo.4314692 fatcat:pnr2rfescbe5fhlj76jzchmq5u

Securing Multiparty Online Services Via Certification of Symbolic Transactions

Eric Y. Chen, Shuo Chen, Shaz Qadeer, Rui Wang
2015 2015 IEEE Symposium on Security and Privacy  
CST tries to verify a protocol-independent safety property jointly defined over all parties, thus avoids the burden of individually specifying every party's property for every protocol; CST invokes static  ...  Our security analysis shows that 12 out of 14 logic flaws reported in the literature will be prevented by CST.  ...  Eric Chen was supported in part by the Microsoft Research internship program.  ... 
doi:10.1109/sp.2015.56 dblp:conf/sp/ChenCQ015 fatcat:cr33vgfug5ey3ao2j6genuulym

Inlined Information Flow Monitoring for JavaScript

Andrey Chudnov, David A. Naumann
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
On this basis it should be possible to conduct experiments at scale to evaluate feasibility of both NSU and inlined monitoring.  ...  If the monitor does not detect a violation on a given run, then (1) the outputs are the same as for the original program (a safety property) and (2) all outputs do occur (a liveness property).  ...  Access controls can be more nuanced, but it is well-known that access control policies are safety properties whereas IF policies are hyperproperties [19] , defined in terms of multiple executions.  ... 
doi:10.1145/2810103.2813684 dblp:conf/ccs/ChudnovN15 fatcat:zdvqrhvq4vf75pz3t2ehclu75q

Access permission contracts for scripting languages

Phillip Heidegger, Annette Bieniusa, Peter Thiemann
2012 SIGPLAN notices  
We propose a novel kind of contract for object-based languages that specifies the side effects of an operation with access permissions.  ...  An access permission contract uses sets of access paths to express read and write permissions for the properties of the objects accessible from the operation.  ...  Technically, this protection is achieved by changing the body s to if (hoP(o,i)) { s }. The functions pRead and pAssign also safeguard the special property infos .  ... 
doi:10.1145/2103621.2103671 fatcat:qmf5pbph7rg4vakx2o7p3l5ahm

Comparative Studies of 10 Programming Languages within 10 Diverse Criteria - a Team 10 COMP6411-S10 Term Report [article]

Rana Naim, Mohammad Fahim Nizam, Sheetal Hanamasagar, Jalal Noureddine, Marinela Miladinova
2010 arXiv   pre-print
, OOP-based abstractions, reflection, aspect orientation, functional programming, declarative programming, batch scripting, and UI prototyping.  ...  We study these languages in the context of the above mentioned criteria and the level of support they provide for each one of them.  ...  In fact, statically-typed languages increased in popularity by 2.5% since last year.  ... 
arXiv:1008.3561v1 fatcat:5k7an2up5bbchboz6f2mzuehza

Web Application Security (Dagstuhl Seminar 12401)

Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld, Marc Herbstritt
2013 Dagstuhl Reports  
This report documents the program and the outcomes of Dagstuhl Seminar 12401 "Web Application Security".  ...  As web application security is a broad research domain, a diverse set of recent research results was presented during the talks, covering the web security vulnerability landscape, information-flow control  ...  In Proceedings of the ACM international conference on Object oriented programming systems languages and applications, OOPSLA '12, New '10, pages 126-150.  ... 
doi:10.4230/dagrep.2.10.1 dblp:journals/dagstuhl-reports/DesmetJLS12 fatcat:qkke5ohg6fcblf5prpes3a4znm

A systematic analysis of the science of sandboxing

Michael Maass, Adam Sales, Benjamin Chung, Joshua Sunshine
2016 PeerJ Computer Science  
We systematically analyze a decade of sandbox research from five top-tier security and systems conferences using qualitative content analysis, statistical clustering, and graph-based metrics to answer  ...  of vulnerabilities.  ...  The colors represent clusters based on topics of interest (modularity = 0.33).  ... 
doi:10.7717/peerj-cs.43 fatcat:ti4q2hdnwngy7awrsrddzan7km

Preventing injection attacks with syntax embeddings

Martin Bravenboer, Eelco Dolstra, Eelco Visser
2010 Science of Computer Programming  
We describe a more natural style of programming that yields code that is impervious to injections by construction. Our approach embeds the grammars of the guest languages (e.g.  ...  SQL) into that of the host language (e.g.  ...  The PHP grammar used by our StringBorg prototype was developed by Eric Bouwers, sponsored by the Google Summer of Code 2006.  ... 
doi:10.1016/j.scico.2009.05.004 fatcat:fcn3mbcqpvastavmsk37ifxlf4

Comparative Studies of 10 Programming Languages within 10 Diverse Criteria -- a Team 7 COMP6411-S10 Term Report [article]

Sleiman Rabah, Jiang Li, Mingzhi Liu, Yuanwei Lai
2010 arXiv   pre-print
For example, Default more secure programming practices, Web applications development, OO-based abstraction and etc.  ...  -Concordia University Libraries for access to the invaluable digital libraries of ACM, IEEE, Springer and others to do our research. -Wikipedia contributors with the wealth of information.  ...  -Our poor families, wives, husbands, children, parents, and pets to help us to get through the suering and sleepless nights and oer all their help and understanding while we were away from them while doing  ... 
arXiv:1009.0305v1 fatcat:lcelqyy3ybb6jakrekezv22ajm
« Previous Showing results 1 — 15 out of 71 results