JavaScript: Bringing Object-Level Security to the Browser

JavaScript has evolved from a simple language intended to give web browsers basic hinteraction into a fully featured dynamic language that allows the browser to become an application delivery platform. With innovations such as asynchronous JavaScript and XML (AJAX) and JavaScript Object Notation (JSON), JavaScript has become the de facto standard for creating interactive web applications. With its new found power and popularity, JavaScript has been the target of many attacks. In this paper, we present a framework that allows programmers to define secure properties of JavaScript objects such that they are more immune to malicious activity and require a smaller footprint that existing solutions. We then use our framework and apply it to an already built JavaScript system to analyze its properties and effectiveness.unpublishednot peer reviewe

Giftedness as property: Troubling whiteness, wealth, and gifted education in the US

The purposes of this article are to illumine the racist genealogy of gifted education policies and practices in the United States, to demonstrate how deficit discourses continue today, and to provide personal examples from the field of how educators can begin to question the status quo, resist taken-for-granted assumptions, and alternatively make substantive changes at the local level. I also aim to demonstrate how giftedness is an example of whiteness as property, or unearned white privilege, that, unintentionally or not, maintains a social caste system in school

Reforming Juvenile Detention in Florida

The National Council on Crime and Delinquency was sponsored by the Jessie Ball duPont Fund to independently study and assess the quality of care in juvenile detention facilities in Florida and how effectively resources are being used. This study is a fair assessment of the conditions of confinement, needs of youth entering the system, and services received as reported by youth and staff

Shining Light On Shadow Stacks

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge,i.e., indirect calls through function pointers and virtual calls. Protecting the backward edge is left to stack canaries, which are easily bypassed through information leaks. Shadow Stacks are a fully precise mechanism for protecting backwards edges, and should be deployed with CFI mitigations. We present a comprehensive analysis of all possible shadow stack mechanisms along three axes: performance, compatibility, and security. For performance comparisons we use SPEC CPU2006, while security and compatibility are qualitatively analyzed. Based on our study, we renew calls for a shadow stack design that leverages a dedicated register, resulting in low performance overhead, and minimal memory overhead, but sacrifices compatibility. We present case studies of our implementation of such a design, Shadesmar, on Phoronix and Apache to demonstrate the feasibility of dedicating a general purpose register to a security monitor on modern architectures, and the deployability of Shadesmar. Our comprehensive analysis, including detailed case studies for our novel design, allows compiler designers and practitioners to select the correct shadow stack design for different usage scenarios.Comment: To Appear in IEEE Security and Privacy 201

THE HIDDEN INEQUALITY IN SOCIALISM

In the same time period over which the former socialist countries of Eastern Europe and Central Asia became freer, measured inequality of income for those countries increased. Researchers linked the increase to the egalitarian values of socialism and to the process of economic and political liberalization. We question that link, because we question whether socialism was egalitarian. The inequalities in socialism were hidden but, nevertheless, were real.Transition, Inequality, Socialism, Measurement