A study of the security implications involved with the use of executable World Wide Web content

Malicious executable code is nothing new. While many consider that the concept of malicious code began in the 1980s when the first PC viruses began to emerge, the concept does in fact date back even earlier. Throughout the history of malicious code, methods of hostile code delivery have mirrored prevailing patterns of code distribution. In the 1980s, file infecting and boot sector viruses were common, mirroring the fact that during this time, executable code was commonly transferred via floppy disks. Since the 1990s email has been a major vector for malicious code attacks. Again, this mirrors the fact that during this period of time email has been a common means of sharing code and documents. This thesis examines another model of executable code distribution. It considers the security risks involved with the use of executable code embedded or attached to World Wide Web pages. In particular, two technologies are examined. Sun Microsystems\u27 Java Programming Language and Microsoft\u27s ActiveX Control Architecture are both technologies that can be used to connect executable program code to World Wide Web pages. This thesis examines the architectures on which these technologies are based, as well as the security and trust models that they implement. In doing so, this thesis aims to assess the level of risk posed by such technologies and to highlight similar risks that might occur with similar future technologies. ()

Fireguard - A Secure Browser with Reduced Forensic Footprint

Fireguard is a secure portable browser designed to reduce both data leakage from browser data remnants and cyber attacks from malicious code exploiting vulnerabilites in browser plug-ins, extensions and software updates. A browser can leave data remnants on a host PC hard disk drive, often unbeknown to a user, in the form of cookies, histories, saved passwords, cached web pages and downloaded objects. Forensic analysis, using freely available computer forensic tools, may reveal sensitive and confidential information. A browser’s capability to increase its features through plug-ins and extensions and perform patch management or upgrade to a new release via a software update provides an opportunity for an attacker to embed malicious software and subsequently launch a cyber attack. Fireguard has been implemented using both Mozilla Firefox and the storage and protection capabilities of the Mini-SDV, a secure Portable Execution and Storage Environment (PESE). In this paper the design and development of Fireguard is discussed. The requirement for a secure PESE and the functionality of the Mini-SDV is presented. An overview is given of the motivation for the development of Fireguard. The reasons Firefox was selected and the Firefox structure and security vulnerabilities are summarised. The implementation approach adopted is discussed and the results of an analysis of the Firefox implementation are presented. The Mini-SDV configuration for Fireguard and an outline of the concept of operation is given. The changes made to Firefox to implement Fireguard as a browser that reduces the opportunity for data leakage and cyber attack, and minimises its forensic footprint are discussed. The paper concludes by considering the strengths and limitations of the Fireguard implementation

Heap . . . Hop! Heap Is Also Vulnerable

International audienceSeveral logical attacks against Java based smart card have been published recently. Most of them are based on the hypothesis that the type verification was not performed, thus allowing to obtain dynamically a type confusion. To mitigate such attacks, typed stack have been introduced on recent smart card. We propose here a new attack path for performing a type confusion even in presence of a typed stack. Then we propose using a Fault Tree Analysis a way to design efficiently counter measure in a top down approach. These counter measures are then evaluated on a Java Card virtual machin

The Learning Log

This teaching tip deals with the use of a learning log in an information systems security class. This technique supports the individual topic expert teaching tip contributed by Denise R. McGinnis. A learning log is a tightly focused academic journal that is created as the student becomes knowledgeable on an individually assigned topic. The log can serve as the basis for generating Frequently Asked Questions (FAQs), support class discussion, and provide the basis for the creation of a class presentation and web site

Memory Forensics of a Java Card Dump

International audienceNowadays several papers have shown the ability to dump the EEPROM area of several Java Cards leading to the disclosure of already loaded applet and data structure of the card. Such a reverse engineering process is costly and prone to errors. Currently there are no tools available to help the process. We propose here an approach to find in the raw data obtained after a dump, the area containing the code and the data. Then, once the code area has been identified, we propose to rebuilt the original binary Cap file in order to be able to obtain the source code of the applet stored in the card

Evaluation of the Ability to Transform SIM Applications into Hostile Applications

Part 1: Smart Cards System SecurityInternational audienceThe ability of Java Cards to withstand attacks is based on software and hardware countermeasures, and on the ability of the Java platform to check the correct behavior of Java code (by using byte code verification). Recently, the idea of combining logical attacks with a physical attack in order to bypass byte code verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using a laser beam. Such applications become mutant applications, with a different control flow from the original expected behaviour. This internal change could lead to bypass controls and protections and thus offer illegal access to secret data and operations inside the chip. This paper presents an evaluation of the application ability to become mutant and a new countermeasure based on the runtime checks of the application control flow to detect the deviant mutations

IVOA Recommendation: SAMP - Simple Application Messaging Protocol Version 1.3

SAMP is a messaging protocol that enables astronomy software tools to interoperate and communicate. IVOA members have recognised that building a monolithic tool that attempts to fulfil all the requirements of all users is impractical, and it is a better use of our limited resources to enable individual tools to work together better. One element of this is defining common file formats for the exchange of data between different applications. Another important component is a messaging system that enables the applications to share data and take advantage of each other's functionality. SAMP builds on the success of a prior messaging protocol, PLASTIC, which has been in use since 2006 in over a dozen astronomy applications and has proven popular with users and developers. It is also intended to form a framework for more general messaging requirements