231 research outputs found
Blocking Java Applets at the Firewall
This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet
Heap . . . Hop! Heap Is Also Vulnerable
International audienceSeveral logical attacks against Java based smart card have been published recently. Most of them are based on the hypothesis that the type verification was not performed, thus allowing to obtain dynamically a type confusion. To mitigate such attacks, typed stack have been introduced on recent smart card. We propose here a new attack path for performing a type confusion even in presence of a typed stack. Then we propose using a Fault Tree Analysis a way to design efficiently counter measure in a top down approach. These counter measures are then evaluated on a Java Card virtual machin
Recommended from our members
Distributed Firewalls
Conventional firewalls rely on the notions of restricted topology and controlled entry points to function. More precisely, they rely on the assumption that everyone on one side of the entry point—the firewall—is to be trusted, and that anyone on the other side is, at least potentially, an enemy. The vastly expanded Internet connectivity in recent years has called that assumption into question. We propose a "distributed firewall", using IPSEC, a policy language, and system management tools. A distributed firewall preserves central control of access policy, while reducing or eliminating any dependency on topology
Overview of modern teaching equipment that supports distant learning
Laboratory is a key element of engineering and applied sciences educational systems. With the development of Internet and connecting IT technologies, the appearance of remote laboratories was inevitable. Virtual laboratories are also available; they place the experiment in a simulated environment. However, this writing focuses on remote experiments not virtual ones. From the students’ point of view, it is a great help not only for those enrolling in distant or online courses but also for those studying in a more traditional way. With the spread of smart, portable devices capable of connection to the internet, students can expand or restructure time spent on studying. This is a huge help to them and also allows them to individually divide their time up, to learn how to self-study. This independent approach can prepare them for working environments. It offers flexibility and convenience to the students. From the universities’ point of view, it helps reduce maintenance costs and universities can share experiments which also helps the not so well-resourced educational facilities
Protecting browsers from dns rebinding attacks
DNS rebinding attacks subvert the same-origin policy of browsers, converting them into open network proxies. Using DNS rebinding, an attacker can circumvent organizational and personal firewalls, send spam email, and defraud pay-per-click advertisers. We evaluate the cost effectiveness of mounting DNS rebinding attacks, finding that an attacker requires less than $100 to hijack 100,000 IP addresses. We analyze defenses to DNS rebinding attacks, including improvements to the classic “DNS pinning, ” and recommend changes to browser plug-ins, firewalls, and Web servers. Our defenses have been adopted by plug-in vendors and by a number of open-source firewall implementations
A study of the security implications involved with the use of executable World Wide Web content
Malicious executable code is nothing new. While many consider that the concept of malicious code began in the 1980s when the first PC viruses began to emerge, the concept does in fact date back even earlier. Throughout the history of malicious code, methods of hostile code delivery have mirrored prevailing patterns of code distribution. In the 1980s, file infecting and boot sector viruses were common, mirroring the fact that during this time, executable code was commonly transferred via floppy disks. Since the 1990s email has been a major vector for malicious code attacks. Again, this mirrors the fact that during this period of time email has been a common means of sharing code and documents. This thesis examines another model of executable code distribution. It considers the security risks involved with the use of executable code embedded or attached to World Wide Web pages. In particular, two technologies are examined. Sun Microsystems\u27 Java Programming Language and Microsoft\u27s ActiveX Control Architecture are both technologies that can be used to connect executable program code to World Wide Web pages. This thesis examines the architectures on which these technologies are based, as well as the security and trust models that they implement. In doing so, this thesis aims to assess the level of risk posed by such technologies and to highlight similar risks that might occur with similar future technologies. ()
Secure object sharing development kit for Java Card
Nowadays, JavaCard Platform-based SmartCards are multi-application and support inter-applet collaboration. The JavaCard framework enforces applet isolation by means of the Applet Firewall to prevent highly sensitive data in one applet to be leaked to another. Theframework provides the Shareable Interface Object mechanism to allow developers to shareservices through the îrewall protection. The working of the mechanism presents serious °aws, which have been addressed and partially solved in work we shall in turn discuss in this paper. We present the Secure Object Sharing Development Kit, which constitutes a programming setting for the formulation of inter-applet collaboration. Its conception elaborates on the solutions proposed for improving the Shareable Interface Object mechanism, which can be applied, and even enriched, when implementing cooperating applets using the framework provided by the kit. We also discuss challenge/response authentication mechanisms, which are a basic ingredient of the various sharing mechanisms presented in this work
- …