122,447 research outputs found
A Better Facet of Dynamic Information Flow Control
International audienceMultiple Facets (MF) is a dynamic enforcement mechanism which has proved to be a good fit for implementing information flow security for JavaScript. It relies on multi executing the program, once per each security level or view, to achieve soundness. By looking inside programs, MF encodes the views to reduce the number of needed multi-executions. In this work, we extend Multiple Facets in three directions. First, we propose a new version of MF for arbitrary lattices, called Gener-alised Multiple Facets, or GMF. GMF strictly generalizes MF, which was originally proposed for a specific lattice of principals. Second, we propose a new optimization on top of GMF that further reduces the number of executions. Third, we strengthen the security guarantees provided by Multiple Facets by proposing a termination sensitive version that eliminates covert channels due to termination
Implementation of Faceted Values in Node.JS.
Information flow analysis is the study of mechanisms by which developers may protect sensitive data within an ecosystem containing untrusted third-party code. Secure multi-execution is one such mechanism that reliably prevents undesirable information flows, but a programmerâs use of secure multi-execution is itself challenging and prone to error. Faceted values have been shown to provide an alternative to secure multi-execution which is, in theory, functionally equivalent. The purpose of this work is to show that the theory holds in practice by implementing usable faceted values in JavaScript via source code transformation. The primary contribution of this project is to provide a library that makes these transformations possible in any standard JavaScript runtime without requiring native support. We build a pipeline that takes JavaScript code with syntactic support for faceted values and, through source code transformation, produces platform-independent JavaScript code containing functional faceted values. Our findings include a method by which we may optimize the use of faceted values through static analysis of the programâs information flow
Declassification of Faceted Values in JavaScript
This research addresses the issues with protecting sensitive information at the language level using information flow control mechanisms (IFC). Most of the IFC mechanisms face the challenge of releasing sensitive information in a restricted or limited manner. This research uses faceted values, an IFC mechanism that has shown promising flexibility for downgrading the confidential information in a secure manner, also called declassification.
In this project, we introduce the concept of first-class labels to simplify the declassification of faceted values. To validate the utility of our approach we show how the combination of faceted values and first-class labels can build various declassification mechanisms
The Anatomy and Facets of Dynamic Policies
Information flow policies are often dynamic; the security concerns of a
program will typically change during execution to reflect security-relevant
events. A key challenge is how to best specify, and give proper meaning to,
such dynamic policies. A large number of approaches exist that tackle that
challenge, each yielding some important, but unconnected, insight. In this work
we synthesise existing knowledge on dynamic policies, with an aim to establish
a common terminology, best practices, and frameworks for reasoning about them.
We introduce the concept of facets to illuminate subtleties in the semantics of
policies, and closely examine the anatomy of policies and the expressiveness of
policy specification mechanisms. We further explore the relation between
dynamic policies and the concept of declassification.Comment: Technical Report of publication under the same name in Computer
Security Foundations (CSF) 201
A Comprehensive Workflow for General-Purpose Neural Modeling with Highly Configurable Neuromorphic Hardware Systems
In this paper we present a methodological framework that meets novel
requirements emerging from upcoming types of accelerated and highly
configurable neuromorphic hardware systems. We describe in detail a device with
45 million programmable and dynamic synapses that is currently under
development, and we sketch the conceptual challenges that arise from taking
this platform into operation. More specifically, we aim at the establishment of
this neuromorphic system as a flexible and neuroscientifically valuable
modeling tool that can be used by non-hardware-experts. We consider various
functional aspects to be crucial for this purpose, and we introduce a
consistent workflow with detailed descriptions of all involved modules that
implement the suggested steps: The integration of the hardware interface into
the simulator-independent model description language PyNN; a fully automated
translation between the PyNN domain and appropriate hardware configurations; an
executable specification of the future neuromorphic system that can be
seamlessly integrated into this biology-to-hardware mapping process as a test
bench for all software layers and possible hardware design modifications; an
evaluation scheme that deploys models from a dedicated benchmark library,
compares the results generated by virtual or prototype hardware devices with
reference software simulations and analyzes the differences. The integration of
these components into one hardware-software workflow provides an ecosystem for
ongoing preparative studies that support the hardware design process and
represents the basis for the maturity of the model-to-hardware mapping
software. The functionality and flexibility of the latter is proven with a
variety of experimental results
Policy-agnostic programming on the client-side
Browser security has become a major concern especially due to web pages becoming more complex. These web applications handle a lot of information, including sensitive data that may be vulnerable to attacks like data exfiltration, cross-site scripting (XSS), etc. Most modern browsers have security mechanisms in place to prevent such attacks but they still fall short in preventing more advanced attacks like evolved variants of data exfiltration. Moreover, there is no standard that is followed to implement security into the browser.
A lot of research has been done in the field of information flow security that could prove to be helpful in solving the problem of securing the client-side. Policy- agnostic programming is a programming paradigm that aims to make implementation of information flow security in real world systems more flexible. In this paper, we explore the use of policy-agnostic programming on the client-side and how it will help prevent common client-side attacks. We verify our results through a client-side salary management application. We show a possible attack and how our solution would prevent such an attack
Wall Orientation and Shear Stress in the Lattice Boltzmann Model
The wall shear stress is a quantity of profound importance for clinical
diagnosis of artery diseases. The lattice Boltzmann is an easily parallelizable
numerical method of solving the flow problems, but it suffers from errors of
the velocity field near the boundaries which leads to errors in the wall shear
stress and normal vectors computed from the velocity. In this work we present a
simple formula to calculate the wall shear stress in the lattice Boltzmann
model and propose to compute wall normals, which are necessary to compute the
wall shear stress, by taking the weighted mean over boundary facets lying in a
vicinity of a wall element. We carry out several tests and observe an increase
of accuracy of computed normal vectors over other methods in two and three
dimensions. Using the scheme we compute the wall shear stress in an inclined
and bent channel fluid flow and show a minor influence of the normal on the
numerical error, implying that that the main error arises due to a corrupted
velocity field near the staircase boundary. Finally, we calculate the wall
shear stress in the human abdominal aorta in steady conditions using our method
and compare the results with a standard finite volume solver and experimental
data available in the literature. Applications of our ideas in a simplified
protocol for data preprocessing in medical applications are discussed.Comment: 9 pages, 11 figure
- âŠ