Implementation of Faceted Values in Node.JS.

Information flow analysis is the study of mechanisms by which developers may protect sensitive data within an ecosystem containing untrusted third-party code. Secure multi-execution is one such mechanism that reliably prevents undesirable information flows, but a programmer’s use of secure multi-execution is itself challenging and prone to error. Faceted values have been shown to provide an alternative to secure multi-execution which is, in theory, functionally equivalent. The purpose of this work is to show that the theory holds in practice by implementing usable faceted values in JavaScript via source code transformation. The primary contribution of this project is to provide a library that makes these transformations possible in any standard JavaScript runtime without requiring native support. We build a pipeline that takes JavaScript code with syntactic support for faceted values and, through source code transformation, produces platform-independent JavaScript code containing functional faceted values. Our findings include a method by which we may optimize the use of faceted values through static analysis of the program’s information flow

Mayall:a framework for desktop JavaScript auditing and post-exploitation analysis

Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime --- an increasingly popular server-side technology. In bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. The paper also exposes fifteen highly popular Electron applications and demonstrates that two thirds of applications were found to be using known vulnerable elements with high CVSS scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed

The Path of Most Resistance: The Long Road Toward Gender Equity in Intercollegiate Athletics

While sports have long played an important role in educating boys and young men in leadership, physical fitness and competitive skills, only recent- ly have girls and young women had the chance to benefit from athletic opportunities. Over two decades of experience with a federal statute pro- hibiting sex discrimination in school sports programs have brought important successes in opening doors for female athletes. However, enforcement of equal opportunity in this area has encountered strong resistance from the athletic establishment, which has fought efforts to equalize resources and opportunities for young women. Heightened enforcement of equal athletic opportunity in the 1990s has rekindled old opposition to basic notions of gender fairness in sports. React- ing to the recent successes of female athletes in the courts, both college foot- ball and other men\u27s sports advocates have taken the offensive in challeng- ing the law\u27s requirements, arguing that men are more interested in sports than women and therefore deserve the lion\u27s share of resources and opportu- nities. While such challenges have not succeeded, future progress toward gender equity in sports requires a renewed commitment to the underlying principle that female athletes are as deserving of sports opportunities as their male counterparts. This Article discusses the recent backlash against the legal requirements governing sex discrimination in intercollegiate athletic programs in the con- text of the history and enforcement of the law. Part I discusses the require- ments of the law, its legislative and interpretive history, and recent advances in enforcement. Part ..

Information flow analysis for a dynamically typed language with staged metaprogramming

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly dynamic nature of the language, particularly its support for runtime code generation via eval. In order to deal with this, we propose to investigate security analyses for languages with more principled forms of dynamic code generation. To this end, we present a static information flow analysis for a dynamically typed functional language with prototype-based inheritance and staged metaprogramming. We prove its soundness, implement it and test it on various examples designed to show its relevance to proving security properties, such as noninterference, in JavaScript. To demonstrate the applicability of the analysis, we also present a general method for transforming a program using eval into one using staged metaprogramming. To our knowledge, this is the first fully static information flow analysis for a language with staged metaprogramming, and the first formal soundness proof of a CFA-based information flow analysis for a functional programming language

Improving dynamic code analysis by code abstraction

In this paper, our aim is to propose a model for code abstraction, based on abstract interpretation, allowing us to improve the precision of a recently proposed static analysis by abstract interpretation of dynamic languages. The problem we tackle here is that the analysis may add some spurious code to the string-to-execute abstract value and this code may need some abstract representations in order to make it analyzable. This is precisely what we propose here, where we drive the code abstraction by the analysis we have to perform

The Path of Most Resistance: The Long Road Toward Gender Equity in Intercollegiate Athletics

While sports have long played an important role in educating boys and young men in leadership, physical fitness and competitive skills, only recent- ly have girls and young women had the chance to benefit from athletic opportunities. Over two decades of experience with a federal statute pro- hibiting sex discrimination in school sports programs have brought important successes in opening doors for female athletes. However, enforcement of equal opportunity in this area has encountered strong resistance from the athletic establishment, which has fought efforts to equalize resources and opportunities for young women. Heightened enforcement of equal athletic opportunity in the 1990s has rekindled old opposition to basic notions of gender fairness in sports. React- ing to the recent successes of female athletes in the courts, both college foot- ball and other men\u27s sports advocates have taken the offensive in challeng- ing the law\u27s requirements, arguing that men are more interested in sports than women and therefore deserve the lion\u27s share of resources and opportu- nities. While such challenges have not succeeded, future progress toward gender equity in sports requires a renewed commitment to the underlying principle that female athletes are as deserving of sports opportunities as their male counterparts. This Article discusses the recent backlash against the legal requirements governing sex discrimination in intercollegiate athletic programs in the con- text of the history and enforcement of the law. Part I discusses the require- ments of the law, its legislative and interpretive history, and recent advances in enforcement. Part ..

Remedies for Wage Discrimination

The thesis of this Article is that wage discrimination can be remedied by the federal courts through a process that is both practical and efficient. This can be done, without turning the federal courts into wage control agencies or bankrupting the nation\u27s employers, by treating the problem of wage discrimination in precisely the same manner as other forms of discrimination are treated. Our experience with different types of wage discrimination now permits us to generalize about the types of remedies that are appropriate to correct those typical forms of wage discrimination that have now been fully identified

Disintegration

The silver lining behind the Supreme Court\u27s decision to disintegrate the Seattle and Louisville public schools is that the decision also runs the risk of disintegrating judicial review. Parents Involved in Community Schools v. Seattle School District No. 1 holds that the Constitution bars voluntary, race-conscious efforts by two local school boards to retain the racial integration that they worked so hard to achieve after Brown. In so holding, the Court curiously reads the Equal Protection Clause as preventing the use of race to pursue actual equality, and instead insists on a type of formal equality that has historically been associated with thinly veiled efforts to disguise racial oppression--the type of oppression that the Court authorized in upholding the separate-but-equal regime of Plessy. By using the Constitution to protect passive resegregation from active integration, the current Court ends up constitutionalizing the culture\u27s regression to the days of greater racial separation--a separation that Brown found to be inherently unequal. As a result, the new Resegregation decision has not only realigned the current Court with its own racially oppressive past, but it has also distanced the Court from the nation\u27s hope for a racially progressive future. Once the decision is understood in this way, the question becomes whether the case will begin to undermine the legitimacy needed for the Court to continue its activist conception of judicial review. Because the views of the Justices seem so transparently political, the threat to judicial legitimacy that emanates from the Resegregation case may end up exceeding the nation\u27s patience for continued Supreme Court interference in the nation\u27s racial policymaking process. There can be no assurance that the case will prompt such a reconsideration of judicial review. Part I of this article describes the manner in which the Resegregation decision has marginalized the importance of racial integration. Part I.A. describes the Seattle and Louisville integration plans under consideration in the case. Part I.B. describes the various Supreme Court opinions issued in the decision invalidating those plans. Part II discusses the impact that the Resegregation decision is likely to have on the nation\u27s ever-evolving conception of equality. Part II.A. explains how the decision effectively overrules Brown--by protecting the interests of disappointed white parents at the cost of advancing racial resegregation--despite the fact that it is doctrinally difficult to support such a result. Part lI.B. argues that the plurality opinion of Chief Justice Roberts now gives official recognition to an updated form of racism, in which supposed equality is used as a tool of racial oppression. Part III discusses the effect that the decision is likely to have on the future of judicial review. Part III.A. illustrates that the decision to invalidate the integration plans at issue can best be understood as political rather than doctrinal in nature. Part III.B. expresses the hope that such transparent judicial politics will cause the Supreme Court to lose the perceived legitimacy that it needs to continue supplanting the racial policy preferences adopted by the representative branches of government. The conclusion suggests that, while one may hope for the disintegration of undemocratically activist judicial review, the long persistence of racial oppression in the United States does not afford much basis for optimism in achieving that end