Implementation of Faceted Values in Node.JS.

Information flow analysis is the study of mechanisms by which developers may protect sensitive data within an ecosystem containing untrusted third-party code. Secure multi-execution is one such mechanism that reliably prevents undesirable information flows, but a programmer’s use of secure multi-execution is itself challenging and prone to error. Faceted values have been shown to provide an alternative to secure multi-execution which is, in theory, functionally equivalent. The purpose of this work is to show that the theory holds in practice by implementing usable faceted values in JavaScript via source code transformation. The primary contribution of this project is to provide a library that makes these transformations possible in any standard JavaScript runtime without requiring native support. We build a pipeline that takes JavaScript code with syntactic support for faceted values and, through source code transformation, produces platform-independent JavaScript code containing functional faceted values. Our findings include a method by which we may optimize the use of faceted values through static analysis of the program’s information flow

Verifying Data Secure Flow in AUTOSAR Models by Static Analysis

This paper presents a method to check data secure flow in security annotated AUTOSAR models. The approach is based on information flow analysis and abstract interpretation. The analysis computes the lowest security level of data sent on a communication, according to the annotations in the model and the code of runnables. An abstract interpreter executes runnables on abstract domains that abstract from real values and consider only data dependency levels. Data secure flow is verified if data sent on a communication always satisfy the security annotation in the model. The work has been developed in the EU project Safure, where modeling extensions to AUTOSAR have been proposed to improve security in automotive communications

Dynamic Information Flow Analysis in Ruby

With the rapid increase in usage of the internet and online applications, there is a huge demand for applications to handle data privacy and integrity. Applications are already complex with business logic; adding the data safety logic would make them more complicated. The more complex the code becomes, the more possibilities it opens for security-critical bugs. To solve this conundrum, we can push this data safety handling feature to the language level rather than the application level. With a secure language, developers can write their application without having to worry about data security. This project introduces dynamic information flow analysis in Ruby. I extend the JRuby implementation, which is a widely used implementation of Ruby written in Java. Information flow analysis classifies variables used in the program into different security levels and monitors the data flow across levels. Ruby currently supports data integrity by a tainting mechanism. This project extends this tainting mechanism to handle implicit data flows, enabling it to protect confidentiality as well as integrity. Experimental results based on Ruby benchmarks are presented in this paper, which show that: This project protects confidentiality but at the cost of 1.2 - 10 times slowdown in execution time

A sound dependency analysis for secure information flow (extended version)

In this paper we present a flow-sensitive analysis for secure information flow for Java bytecode. Our approach consists in computing, at different program points, a dependency graph which tracks how input values of a method may influence its outputs. This computation subsumes a points-to analysis (reflecting how objects depend on each others) by addressing dependencies arising from data of primitive type and from the control flow of the program. Our graph construction is proved to be sound by establishing a non-interference theorem stating that an output value is unrelated with an input one in the dependency graph if the output remains unchanged when the input is modified. In contrast with many type-based information flow techniques, our approach does not require security levels to be known during the computation of the graph: security aspects of information flow are checked by labeling "a posteriori" the dependency graph with security levels

Integration of XML streams in information flow analysis for Java

In this report we present an extension of an existing flow-sensitive analysis for secure information flow for Java bytecode that deals with flows of data from and to XML streams governed by an access control mechanism. Our approach consists in computing, at different program points, an abstract XML content graph (AXCG) which tracks data read from and written to XML streams relying on data tracked in the existing information flow analysis. The extension we propose to manage XML content is generic enough to permit connection with any role-based access control mechanism for XML. On the contrary to many information flow techniques, our approach does not require security levels to be known during the analysis: security aspects of information flow and access control mechanisms for XML are checked a posteriori with security levels either inferred from access control policies for XML streams, or given by the information flow policy for the rest of the program

PROJECTED CASH FLOWS AND PROFITABILITY FOR REPRESENTATIVE LOUISIANA FARMS, 2001.

Changes in commodity prices and input costs along with adjustments in capital structure significantly affect farm cash flow requirements and whole farm profitability. These changes coupled with crop yield and price variability increase the need for farm business cash flow and profitability planning on a whole farm basis. Planning for profits is expected to affect both the short and long run success of the business and cash flow planning is expected to allow the manager to establish farm business cash needs for a specified period of time (production period) so that cash commitments are met as they come due. Furthermore, agricultural lenders have become increasingly concerned with loan repayment capacity and are placing relatively more emphasis on cash flow analysis in the loan evaluation process. In general, farm managers who develop cash flow and profitability projections should find it easier to justify and to secure adequate financing for their businesses. The purpose of this report is to supplement the series of annual cost projections for enterprises by providing profitability and cash flow projections for several whole farm situations throughout the state. Whole farm projections of returns and expenses are expected to provide information regarding the relative profitability of individual farming situations throughout the state. Estimates from cash flow projections provide information concerning the timing of cash flows and the distribution of cash flows for individual farm situations and comparison of estimates for these situations provide an indication of the relative cash flow positions of farms across the state. These projections are expected to be of value to farmers, agricultural credit agencies, extension personnel, researchers, and other professionals with an interest in the agricultural production industry. This report is organized into three general parts. Data sources and procedures used in the study are presented in the first section. In the second section, projected income and cash flow statements for representative farms in major crop producing areas of the state are presented and discussed. The final section summarizes the financial projections for representative farms considered in the study.Farm Management,

Access and information flow control to secure mobile web service compositions in resource constrained environments

The growing use of mobile web services such as electronic health records systems and applications like twitter, Facebook has increased interest in robust mechanisms for ensuring security for such information sharing services. Common security mechanisms such as access control and information flow control are either restrictive or weak in that they prevent applications from sharing data usefully, and/or allow private information leaks when used independently. Typically, when services are composed there is a resource that some or all of the services involved in the composition need to share. However, during service composition security problems arise because the resulting service is made up of different services from different security domains. A key issue that arises and that we address in this thesis is that of enforcing secure information flow control during service composition to prevent illegal access and propagation of information between the participating services. This thesis describes a model that combines access control and information flow control in one framework. We specifically consider a case study of an e-health service application, and consider how constraints like location and context dependencies impact on authentication and authorization. Furthermore, we consider how data sharing applications such as the e-health service application handle issues of unauthorized users and insecure propagation of information in resource constrained environments¹. Our framework addresses this issue of illegitimate information access and propagation by making use of the concept of program dependence graphs (PDGs). Program dependence graphs use path conditions as necessary conditions for secure information flow control. The advantage of this approach to securing information sharing is that, information is only propagated if the criteria for data sharing are verified. Our solution proposes or offers good performance, fast authentication taking into account bandwidth limitations. A security analysis shows the theoretical improvements our scheme offers. Results obtained confirm that the framework accommodates the CIA-triad (which is the confidentiality, integrity and availability model designed to guide policies of information security) of our work and can be used to motivate further research work in this field

Spatio-Temporal Modelling of Perfusion Cardiovascular MRI

Myocardial perfusion MRI provides valuable insight into how coronary artery and microvascular diseases affect myocardial tissue. Stenosis in a coronary vessel leads to reduced maximum blood flow (MBF), but collaterals may secure the blood supply of the myocardium but with altered tracer kinetics. To date, quantitative analysis of myocardial perfusion MRI has only been performed on a local level, largely ignoring the contextual information inherent in different myocardial segments. This paper proposes to quantify the spatial dependencies between the local kinetics via a Hierarchical Bayesian Model (HBM). In the proposed framework, all local systems are modelled simultaneously along with their dependencies, thus allowing more robust context-driven estimation of local kinetics. Detailed validation on both simulated and patient data is provided

Information Flow Analysis Based Security Checking of Health Service Composition Plans

In this paper, we present an approach to solve the problem of provably secure execution of semantic web service composition plans. The integrated components of this approach include our OWL-S service matchmaker, OWLSMX, the service composition planner, OWLS-XPlan, and the security checker module for formally verifying the compliance of the created composition plan to be executed with given data and service security policies using type-based information flow analysis. We demonstrate this approach by means of its application to a use case scenario of health service composition planning