15,870 research outputs found
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines
Web-based single sign-on (SSO) services such as Google Sign-In and Log In
with Paypal are based on the OpenID Connect protocol. This protocol enables
so-called relying parties to delegate user authentication to so-called identity
providers. OpenID Connect is one of the newest and most widely deployed single
sign-on protocols on the web. Despite its importance, it has not received much
attention from security researchers so far, and in particular, has not
undergone any rigorous security analysis.
In this paper, we carry out the first in-depth security analysis of OpenID
Connect. To this end, we use a comprehensive generic model of the web to
develop a detailed formal model of OpenID Connect. Based on this model, we then
precisely formalize and prove central security properties for OpenID Connect,
including authentication, authorization, and session integrity properties.
In our modeling of OpenID Connect, we employ security measures in order to
avoid attacks on OpenID Connect that have been discovered previously and new
attack variants that we document for the first time in this paper. Based on
these security measures, we propose security guidelines for implementors of
OpenID Connect. Our formal analysis demonstrates that these guidelines are in
fact effective and sufficient.Comment: An abridged version appears in CSF 2017. Parts of this work extend
the web model presented in arXiv:1411.7210, arXiv:1403.1866,
arXiv:1508.01719, and arXiv:1601.0122
PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software
Paphos, Cyprus. March 201
Towards a Safe and Secure web semantic framework
This thesis describes the work I did during my internship at the INRIA research center in Sophia-Antipolis, within the INDES team and under the supervision of Ilaria Castellani and Tamara Rezk.The main objectives of the INDES team is to study models and develop languages for Diffuse computing, a computing paradigm in which it is necessary to manage and maintain computing structures distributed on several heterogeneous nodes that usually do not trust each other. INDES focuses on the study of the different concurrency models that underlie these systems and pays particular attention to Multitier programming, an emerging programming paradigm that aims to reduce complexity in the development of web applications by adopting a single language to program all their components. The role played by security issues (and particularly the protection of confidentiality and integrity of data) is crucial in these applications, and ensuring security of web applications is another important goal of the INDES team.
My internship took place in the context of the ANR CISC project, whose objective is to provide semantics, languages and attack models for the Internet of Things (IoT), a term that refers to systems composed of a set of interconnected devices, which interact with the environment in which they are placed by means of different sensors and actuators.
My individual research took place within Webi, a semantic framework that aims at a primitive simulation of the interactions that take place between servers and clients on the web, developed by Tamara Rezk and her colleagues. In particular, I concentrated on an extension of Webi called WebiLog, which allows one to represent authenticated sessions and to formalize attacks aimed at compromising their integrity
CookiExt: Patching the browser against session hijacking attacks
Session cookies constitute one of the main attack targets against client authentication on the Web. To counter these attacks, modern web browsers implement native cookie protection mechanisms based on the HttpOnly and Secure flags. While there is a general understanding about the effectiveness of these defenses, no formal result has so far been proved about the security guarantees they convey. With the present paper we provide the first such result, by presenting a mechanized proof of noninterference assessing the robustness of the HttpOnly and Secure cookie flags against both web and network attackers with the ability to perform arbitrary XSS code injection. We then develop CookiExt, a browser extension that provides client-side protection against session hijacking, based on appropriate flagging of session cookies and automatic redirection over HTTPS for HTTP requests carrying these cookies. Our solution improves over existing client-side defenses by combining protection against both web and network attacks, while at the same time being designed so as to minimise its effects on the user's browsing experience. Finally, we report on the experiments we carried out to practically evaluate the effectiveness of our approach
Recommended from our members
Selection of EAP-authentication methods in WLANs
IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer
authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the
question of how to select the authentication method that suits an organisationâs requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples
Trusted Execution Development: Designing a Secure, High-Performance Remote Attestation Protocol
Intel Software Guard Extensions (SGX) are a Trusted Execution Environment (TEE) technology that allow programs to protect execution process and data from other processes on the platform. We propose a method to combine SGX attestation with Transport Layer Security (TLS). Doing so will combine guarantees about the program, runtime environment, and machine identity into a normal TLS handshake. We implemented a basic server using SGX/TLS and provide performance details and lessons learned during development
CONFLLVM: A Compiler for Enforcing Data Confidentiality in Low-Level Code
We present an instrumenting compiler for enforcing data confidentiality in
low-level applications (e.g. those written in C) in the presence of an active
adversary. In our approach, the programmer marks secret data by writing
lightweight annotations on top-level definitions in the source code. The
compiler then uses a static flow analysis coupled with efficient runtime
instrumentation, a custom memory layout, and custom control-flow integrity
checks to prevent data leaks even in the presence of low-level attacks. We have
implemented our scheme as part of the LLVM compiler. We evaluate it on the SPEC
micro-benchmarks for performance, and on larger, real-world applications
(including OpenLDAP, which is around 300KLoC) for programmer overhead required
to restructure the application when protecting the sensitive data such as
passwords. We find that performance overheads introduced by our instrumentation
are moderate (average 12% on SPEC), and the programmer effort to port OpenLDAP
is only about 160 LoC.Comment: Technical report for CONFLLVM: A Compiler for Enforcing Data
Confidentiality in Low-Level Code, appearing at EuroSys 201
- âŚ