4,163 research outputs found
SwiftCloud: Fault-Tolerant Geo-Replication Integrated all the Way to the Client Machine
Client-side logic and storage are increasingly used in web and mobile
applications to improve response time and availability. Current approaches tend
to be ad-hoc and poorly integrated with the server-side logic. We present a
principled approach to integrate client- and server-side storage. We support
mergeable and strongly consistent transactions that target either client or
server replicas and provide access to causally-consistent snapshots
efficiently. In the presence of infrastructure faults, a client-assisted
failover solution allows client execution to resume immediately and seamlessly
access consistent snapshots without waiting. We implement this approach in
SwiftCloud, the first transactional system to bring geo-replication all the way
to the client machine. Example applications show that our programming model is
useful across a range of application areas. Our experimental evaluation shows
that SwiftCloud provides better fault tolerance and at the same time can
improve both latency and throughput by up to an order of magnitude, compared to
classical geo-replication techniques
PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software
Paphos, Cyprus. March 201
Truncating TLS Connections to Violate Beliefs in Web Applications
We identify logical web application flaws which can be exploited by TLS truncation attacks to desynchronize the user- and server-perspective of an applicationâs state. It follows immediately that servers may make false assumptions about users, hence, the flaw constitutes a security vulnerability. Moreover, in the context of authentication systems, we exploit the vulnerability to launch the following practical attacks: we exploit the Helios electronic voting system to cast votes on behalf of honest voters, take full control of Microsoft Live accounts, and gain temporary access to Google accounts
Idris 2 : Quantitative Type Theory in practice
Funding: This work was funded by EPSRC grant EP/T007265/1.Dependent types allow us to express precisely what a function is intended to do. Recent work on Quantitative Type Theory (QTT) extends dependent type systems with linearity, also allowing precision in expressing when a function can run. This is promising, because it suggests the ability to design and reason about resource usage protocols, such as we might find in distributed and concurrent programming, where the state of a communication channel changes throughout program execution. As yet, however, there has not been a full-scale programming language with which to experiment with these ideas. Idris 2 is a new version of the dependently typed language Idris, with a new core language based on QTT, supporting linear and dependent types. In this paper, we introduce Idris 2, and describe how QTT has influenced its design. We give examples of the benefits of QTT in practice including: expressing which data is erased at run time, at the type level; and, resource tracking in the type system leading to type-safe concurrent programming with session types.Publisher PD
Towards a Safe and Secure web semantic framework
This thesis describes the work I did during my internship at the INRIA research center in Sophia-Antipolis, within the INDES team and under the supervision of Ilaria Castellani and Tamara Rezk.The main objectives of the INDES team is to study models and develop languages for Diffuse computing, a computing paradigm in which it is necessary to manage and maintain computing structures distributed on several heterogeneous nodes that usually do not trust each other. INDES focuses on the study of the different concurrency models that underlie these systems and pays particular attention to Multitier programming, an emerging programming paradigm that aims to reduce complexity in the development of web applications by adopting a single language to program all their components. The role played by security issues (and particularly the protection of confidentiality and integrity of data) is crucial in these applications, and ensuring security of web applications is another important goal of the INDES team.
My internship took place in the context of the ANR CISC project, whose objective is to provide semantics, languages and attack models for the Internet of Things (IoT), a term that refers to systems composed of a set of interconnected devices, which interact with the environment in which they are placed by means of different sensors and actuators.
My individual research took place within Webi, a semantic framework that aims at a primitive simulation of the interactions that take place between servers and clients on the web, developed by Tamara Rezk and her colleagues. In particular, I concentrated on an extension of Webi called WebiLog, which allows one to represent authenticated sessions and to formalize attacks aimed at compromising their integrity
- âŚ