Securing the Next Generation Web

With the ever-increasing digitalization of society, the need for secure systems is growing. While some security features, like HTTPS, are popular, securing web applications, and the clients we use to interact with them remains difficult.To secure web applications we focus on both the client-side and server-side. For the client-side, mainly web browsers, we analyze how new security features might solve a problem but introduce new ones. We show this by performing a systematic analysis of the new Content Security Policy (CSP)\ua0 directive navigate-to. In our research, we find that it does introduce new vulnerabilities, to which we recommend countermeasures. We also create AutoNav, a tool capable of automatically suggesting navigation policies for this directive. Finding server-side vulnerabilities in a black-box setting where\ua0 there is no access to the source code is challenging. To improve this, we develop novel black-box methods for automatically finding vulnerabilities. We\ua0 accomplish this by identifying key challenges in web scanning and combining the best of previous methods. Additionally, we leverage SMT solvers to\ua0 further improve the coverage and vulnerability detection rate of scanners.In addition to browsers, browser extensions also play an important role in the web ecosystem. These small programs, e.g. AdBlockers and password\ua0 managers, have powerful APIs and access to sensitive user data like browsing history. By systematically analyzing the extension ecosystem we find new\ua0 static and dynamic methods for detecting both malicious and vulnerable extensions. In addition, we develop a method for detecting malicious extensions\ua0 solely based on the meta-data of downloads over time. We analyze new attack vectors introduced by Google’s new vehicle OS, Android Automotive. This\ua0 is based on Android with the addition of vehicle APIs. Our analysis results in new attacks pertaining to safety, privacy, and availability. Furthermore, we\ua0 create AutoTame, which is designed to analyze third-party apps for vehicles for the vulnerabilities we found

Scaling Distributed Ledgers and Privacy-Preserving Applications

This thesis proposes techniques aiming to make blockchain technologies and smart contract platforms practical by improving their scalability, latency, and privacy. This thesis starts by presenting the design and implementation of Chainspace, a distributed ledger that supports user defined smart contracts and execute user-supplied transactions on their objects. The correct execution of smart contract transactions is publicly verifiable. Chainspace is scalable by sharding state; it is secure against subsets of nodes trying to compromise its integrity or availability properties through Byzantine Fault Tolerance (BFT). This thesis also introduces a family of replay attacks against sharded distributed ledgers targeting cross-shard consensus protocols; they allow an attacker, with network access only, to double-spend resources with minimal efforts. We then build Byzcuit, a new cross-shard consensus protocol that is immune to those attacks and that is tailored to run at the heart of Chainspace. Next, we propose FastPay, a high-integrity settlement system for pre-funded payments that can be used as a financial side-infrastructure for Chainspace to support low-latency retail payments. This settlement system is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has extremely low-latency for both confirmation and payment finality. Finally, this thesis proposes Coconut, a selective disclosure credential scheme supporting distributed threshold issuance, public and private attributes, re-randomization, and multiple unlinkable selective attribute revelations. It ensures authenticity and availability even when a subset of credential issuing authorities are malicious or offline, and natively integrates with Chainspace to enable a number of scalable privacy-preserving applications

BigDipper: A hyperscale BFT system with short term censorship resistance

Byzantine-fault-tolerant (BFT) protocols underlie a variety of decentralized applications including payments, auctions, data feed oracles, and decentralized social networks. In most leader-based BFT protocols, an important property that has been missing is the censorship resistance of transaction in the short term. The protocol should provide inclusion guarantees in the next block height even if the current and future leaders have the intent of censoring. In this paper, we present a BFT system, BigDipper, that achieves censorship resistance while providing fast confirmation for clients and hyperscale throughput. The core idea is to decentralize inclusion of transactions by allowing every BFT replica to create their own mini-block, and then enforcing the leader on their inclusions. To achieve this, BigDipper creates a modular system made of three components. First, we provide a transaction broadcast protocol used by clients as an interface to achieve a spectrum of probabilistic inclusion guarantees. Afterwards, a distribution of BFT replicas will receive the client's transactions and prepare mini-blocks to send to the data availability (DA) component. The DA component characterizes the censorship resistant properties of the whole system. We design three censorship resistant DA (DA-CR) protocols with distinct properties captured by three parameters and demonstrate their trade-offs. The third component interleaves the DA-CR protocols into the consensus path of leader based BFT protocols, it enforces the leader to include all the data from the DA-CR into the BFT block. We demonstrate an integration with a two-phase Hotstuff-2 BFT protocol with minimal changes. BigDipper is a modular system that can switch the consensus to other leader based BFT protocol including Tendermint

Redefining Government\u27s Role in Health Care: Is a Dose of Competition What the Doctor Should Order?

Throughout the 1970s, the two major political parties espoused some form of national health insurance. Faced with a fiscal squeeze, however, the Carter Administration gave national health insurance a relatively low priority.The political movement for comprehensive national health insurance rests on an ideological commitment that the federal government should underwrite the cost of providing universal access to medical services. The objective is essentially redistributive in nature: equitable concerns for the disadvantaged loom as the major focus. The selective expansion of coverage to encompass those identified as needy and worthy, but only those so identified, is anathema to those who traditionally support broad national health insurance. These proponents would contend that a universal and comprehensive program is necessary to avoid a dual system of medical care delivery--one for the poor and another for then on poor. Advocates of a universal program would, in effect, compel the nonpoor to fund and participate in a governmentally sponsored program designed to benefit the poor so that the medical care system operated under government auspices would not be confined to lower income persons and, implicitly, stigmatized as welfare medicine of lower quality and lower status.The access gap between rich and poor-a disparity that underlay much of the political initiative for national health insurance-has been narrowed in recent years at least partly because of Medicaid and Medicare. Overall expenditures on medical services have escalated dramatically during the past two decades and occupy an increasingly large component of our national income. Few people would now maintain that aggregate medical care spending is substantially too low. To the contrary, skeptics point out that structural institutional relationships in the medical sector encourage ever-expanding medical expenditures. Coupled with a growing awareness of the importance of nonmedical factors in the promotion of health, this fact has led to general questioning whether individuals and society collectively are getting their money\u27s worth from surging medical services expenditures. Pragmatically, factors such as lifestyle have assumed a more visible role in affecting health status. Politically, the sense that illness is fortuitous has been challenged, which in turn has suggested a more tight-fisted response to claims for more munificent redistributive programs. Moreover, other pressing claims on public budgets and cries for tax relief have recently emerged. These nonhealth demands make less money available for public programs with strong redistributional orientations... This Article examines the market-oriented approach, describing what it is and what its rationale is. It then focuses on the problem of equity within the market system. In addition, the Article analyzes and evaluates prior regulatory experiences and examines the emerging directions of health policy. Finally, the Article considers selective developments from the perspective of the competitive alternative