SandTrap: Securing JavaScript-driven Trigger-Action Platforms

Trigger-Action Platforms (TAPs) seamlessly connect a wide variety of otherwise unconnected devices and services, ranging from IoT devices to cloud services and social networks. TAPs raise critical security and privacy concerns because a TAP is effectively a “person-in-the-middle” between trigger and action services. Third-party code, routinely deployed as “apps” on TAPs, further exacerbates these concerns. This paper focuses on JavaScript-driven TAPs. We show that the popular IFTTT and Zapier platforms and an open-source alternative Node-RED are susceptible to attacks ranging from exfiltrating data from unsuspecting users to taking over the entire platform. We report on the changes by the platforms in response to our findings and present an empirical study to assess the implications for Node-RED. Motivated by the need for a secure yet flexible way to integrate third-party JavaScript apps, we propose SandTrap, a novel JavaScript monitor that securely combines the Node.js vm module with fully structural proxy-based two-sided membranes to enforce fine-grained access control policies. To aid developers, SandTrap includes a policy generation mechanism. We instantiate SandTrap to IFTTT, Zapier, and Node-RED and illustrate on a set of benchmarks how SandTrap enforces a variety of policies while incurring a tolerable runtime overhead

Declassification of Faceted Values in JavaScript

This research addresses the issues with protecting sensitive information at the language level using information flow control mechanisms (IFC). Most of the IFC mechanisms face the challenge of releasing sensitive information in a restricted or limited manner. This research uses faceted values, an IFC mechanism that has shown promising flexibility for downgrading the confidential information in a secure manner, also called declassification. In this project, we introduce the concept of first-class labels to simplify the declassification of faceted values. To validate the utility of our approach we show how the combination of faceted values and first-class labels can build various declassification mechanisms

FACT -- Operation of the First G-APD Cherenkov Telescope

Since more than two years, the First G-APD Cherenkov Telescope (FACT) is operating successfully at the Canary Island of La Palma. Apart from its purpose to serve as a monitoring facility for the brightest TeV blazars, it was built as a major step to establish solid state photon counters as detectors in Cherenkov astronomy. The camera of the First G-APD Cherenkov Telesope comprises 1440 Geiger-mode avalanche photo diodes (G-APD aka. MPPC or SiPM) for photon detection. Since properties as the gain of G-APDs depend on temperature and the applied voltage, a real-time feedback system has been developed and implemented. To correct for the change introduced by temperature, several sensors have been placed close to the photon detectors. Their read out is used to calculate a corresponding voltage offset. In addition to temperature changes, changing current introduces a voltage drop in the supporting resistor network. To correct changes in the voltage drop introduced by varying photon flux from the night-sky background, the current is measured and the voltage drop calculated. To check the stability of the G-APD properties, dark count spectra with high statistics have been taken under different environmental conditions and been evaluated. The maximum data rate delivered by the camera is about 240 MB/s. The recorded data, which can exceed 1 TB in a moonless night, is compressed in real-time with a proprietary loss-less algorithm. The performance is better than gzip by almost a factor of two in compression ratio and speed. In total, two to three CPU cores are needed for data taking. In parallel, a quick-look analysis of the recently recorded data is executed on a second machine. Its result is publicly available within a few minutes after the data were taken. [...]Comment: 19th IEEE Real-Time Conference, Nara, Japan (2014