Information Flow Control in WebKit's JavaScript Bytecode

Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this paper, we develop, formalize and implement a dynamic IFC mechanism for the JavaScript engine of a production Web browser (specifically, Safari's WebKit engine). Our IFC mechanism works at the level of JavaScript bytecode and hence leverages years of industrial effort on optimizing both the source to bytecode compiler and the bytecode interpreter. We track both explicit and implicit flows and observe only moderate overhead. Working with bytecode results in new challenges including the extensive use of unstructured control flow in bytecode (which complicates lowering of program context taints), unstructured exceptions (which complicate the matter further) and the need to make IFC analysis permissive. We explain how we address these challenges, formally model the JavaScript bytecode semantics and our instrumentation, prove the standard property of termination-insensitive non-interference, and present experimental results on an optimized prototype

Out-Of-Place debugging: a debugging architecture to reduce debugging interference

Context. Recent studies show that developers spend most of their programming time testing, verifying and debugging software. As applications become more and more complex, developers demand more advanced debugging support to ease the software development process. Inquiry. Since the 70's many debugging solutions were introduced. Amongst them, online debuggers provide a good insight on the conditions that led to a bug, allowing inspection and interaction with the variables of the program. However, most of the online debugging solutions introduce \textit{debugging interference} to the execution of the program, i.e. pauses, latency, and evaluation of code containing side-effects. Approach. This paper investigates a novel debugging technique called \outofplace debugging. The goal is to minimize the debugging interference characteristic of online debugging while allowing online remote capabilities. An \outofplace debugger transfers the program execution and application state from the debugged application to the debugger application, both running in different processes. Knowledge. On the one hand, \outofplace debugging allows developers to debug applications remotely, overcoming the need of physical access to the machine where the debugged application is running. On the other hand, debugging happens locally on the remote machine avoiding latency. That makes it suitable to be deployed on a distributed system and handle the debugging of several processes running in parallel. Grounding. We implemented a concrete out-of-place debugger for the Pharo Smalltalk programming language. We show that our approach is practical by performing several benchmarks, comparing our approach with a classic remote online debugger. We show that our prototype debugger outperforms by a 1000 times a traditional remote debugger in several scenarios. Moreover, we show that the presence of our debugger does not impact the overall performance of an application. Importance. This work combines remote debugging with the debugging experience of a local online debugger. Out-of-place debugging is the first online debugging technique that can minimize debugging interference while debugging a remote application. Yet, it still keeps the benefits of online debugging ( e.g. step-by-step execution). This makes the technique suitable for modern applications which are increasingly parallel, distributed and reactive to streams of data from various sources like sensors, UI, network, etc

CookiExt: Patching the browser against session hijacking attacks

Session cookies constitute one of the main attack targets against client authentication on the Web. To counter these attacks, modern web browsers implement native cookie protection mechanisms based on the HttpOnly and Secure flags. While there is a general understanding about the effectiveness of these defenses, no formal result has so far been proved about the security guarantees they convey. With the present paper we provide the first such result, by presenting a mechanized proof of noninterference assessing the robustness of the HttpOnly and Secure cookie flags against both web and network attackers with the ability to perform arbitrary XSS code injection. We then develop CookiExt, a browser extension that provides client-side protection against session hijacking, based on appropriate flagging of session cookies and automatic redirection over HTTPS for HTTP requests carrying these cookies. Our solution improves over existing client-side defenses by combining protection against both web and network attacks, while at the same time being designed so as to minimise its effects on the user's browsing experience. Finally, we report on the experiments we carried out to practically evaluate the effectiveness of our approach

miR-127 protects proximal tubule cells against ischemia/reperfusion : identification of Kinesin family member 3B as miR-127 target

Ischemia/reperfusion (I/R) is at the basis of renal transplantation and acute kidney injury. Molecular mechanisms underlying proximal tubule response to I/R will allow the identification of new therapeutic targets for both clinical settings. microRNAs have emerged as crucial and tight regulators of the cellular response to insults including hypoxia. Here, we have identified several miRNAs involved in the response of the proximal tubule cell to I/R. Microarrays and RT-PCR analysis of proximal tubule cells submitted to I/R mimicking conditions in vitro demonstrated that miR-127 is induced during ischemia and also during reperfusion. miR-127 is also modulated in a rat model of renal I/R. Interference approaches demonstrated that ischemic induction of miR-127 is mediated by Hypoxia Inducible Factor-1alpha (HIF-1α) stabilization. Moreover, miR-127 is involved in cell-matrix and cell-cell adhesion maintenance, since overexpression of miR-127 maintains focal adhesion complex assembly and the integrity of tight junctions. miR-127 also regulates intracellular trafficking since miR-127 interference promotes dextran-FITC uptake. In fact, we have identified the Kinesin Family Member 3B (KIF3B), involved in cell trafficking, as a target of miR-127 in rat proximal tubule cells. In summary, we have described a novel role of miR-127 in cell adhesion and its regulation by HIF-1α. We also identified for the first time KIF3B as a miR-127 target. Both, miR-127 and KIF3B appear as key mediators of proximal epithelial tubule cell response to I/R with potential al application in renal ischemic damage management