Preventing SQL Injection through Automatic Query Sanitization with ASSIST

Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL injection vulnerabilities in code. In our technique, a combination of static analysis and program transformation are used to automatically instrument web applications with sanitization code. We have implemented this technique in a tool named ASSIST (Automatic and Static SQL Injection Sanitization Tool) for protecting Java-based web applications. Our experimental evaluation showed that our technique is effective against SQL injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

Semantics and Security Issues in JavaScript

There is a plethora of research articles describing the deep semantics of JavaScript. Nevertheless, such articles are often difficult to grasp for readers not familiar with formal semantics. In this report, we propose a digest of the semantics of JavaScript centered around security concerns. This document proposes an overview of the JavaScript language and the misleading semantic points in its design. The first part of the document describes the main characteristics of the language itself. The second part presents how those characteristics can lead to problems. It finishes by showing some coding patterns to avoid certain traps and presents some ECMAScript 5 new features.Comment: Deliverable Resilience FUI 12: 7.3.2.1 Failles de s\'ecurit\'e en JavaScript / JavaScript security issue

Securing Multi-Application Smart Cards by Security-by-Contract

La tecnología de Java Card ha evolucionado hasta el punto de permitir la ejecución de servidores y clientes Web en una tarjeta inteligente. Sin embargo, desarrollos concretos de tarjetas inteligentes multiaplicación no son aún muy corrientes dado el modelo de negocio de descarga asíncrona y actualización de aplicaciones por diferentes partes que requiere que el control de las interacciones entre las aplicaciones sea hecho después de la expedición de la tarjeta. Los modelos y técnicas de seguridad actuales no soportan dicho tipo de evolución en la tartjeta. Un enfoque prometedor para resolver este problema parece ser la idea de Seguridad-mediante-Contrato (SxC). SxC es un entorno en el que se hace obligatorio que cualquier modificación de una aplicación tras la expedición de la tarjeta traiga consigo una especificación de su comportamiento en lo que concierne a seguridad, llamado contrato. Este se debe ajustar a la política de seguridad de la tarjeta multiaplicación. A causa de los recursos limitados de estos dispositivos, el enfoque de SxC puede ser aplicado a diferentes niveles de abstracción, según un jerarquía de modelos la cual proporciona beneficios en términos de complejidad computacional o expresividad del lenguaje. El nivel de más detalle (mayor expresividad) requiere algoritmos demasiado complejos para ser ejecutados en la tarjeta, por lo que es necesario enviar datos de forma privada a una tercera parte de confianza que será la responsable de realizar la comparación del contrato y la política de la tarjeta (proceso llamado Comparación Contrato-Política) con objeto de decidir si la modificación se ajusta a la política de seguridad o no; es decir, si el cambio es aceptable según el comportamiento esperado por la tarjeta y expresado en su política. El propósito del proyecto es desarrollar un sistema el cual resuelva el problema de externalizar el proceso de Comparación Contrato-Política a una entidad externa para tarjetas inteligentes multiaplicación de Java. Este sistema debe garantizar una comunicación segura entre la tarjeta y alguna tercera parte de confianza sobre un medio inseguro. La comunicación tiene que ser segura en términos de autenticación, integridad y confidencialidad. Lograr este objetivo requiere resolver problemas tales como la gestión de identidades y claves y el uso de funciones criptográficas para hacer segura la comunicación de datos privados almacenados en la tarjeta inteligente. Es por ello que los objetivos del proyecto son: Diseñar un sistema que resuelva el problema, implementar un prototipo que demuestre la validez del sistema y validar el prototipo y valorar su idoneidad en cuestión de espacio

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.Comment: IEEE Transactions on Software Engineering (2014). arXiv admin note: substantial text overlap with arXiv:1206.582

Git as an Encrypted Distributed Version Control System

This thesis develops and presents a secure Git implementation, Git Virtual Vault (GV2), for users of Git to work on sensitive projects with repositories located in unsecure distributed environments, such as in cloud computing. This scenario is common within the Department of Defense, as much work is of a sensitive nature. In order to provide security to Git, additional functionality is added for confidentiality and integrity protection. This thesis examines existing Git encryption implementations and baselines their performance compared to unencrypted Git. Real-world Git repositories are examined to characterize typical Git usage and determine if the existing Git encryption implementations are capable of efficient performance with regards to typical Git usage. This research shows that the existing Git encryption implementations do not provide efficient performance. This research develops an improved secure Git implementation, GV2, with transparent authenticated encryption. The fundamental contribution of this research is developing GV2 to perform Git garbage collection on plaintext data before encrypting the data. The result is a secure Git implementation that is transparent to the user with only a minor performance penalty, compared to unencrypted Git

A Component-Based Approach for Securing Indoor Home Care Applications

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.This work was financed under project DPI2015-68602-R (MINECO/FEDER, UE), UPV/EHU under project PPG17/56 and GV/EJ under recognized research group IT914-16

Serfs: Dynamically-Bound Parameterized Components

Parameterization is an effective technique for decoupling design decisions in software. Several languages such as C++ and Ada (and Java and C# more recently) offer language constructs for building parameterized software. Using template or generic constructs, one can postpone committing to specific design choices until the software system is ready for deployment. However, in cases where such choices are influenced by the execution environment, deployment time may not be late enough. Moreover, in the context of software systems that have to satisfy high availability constraints, or are long-running, changes in design choices may be warranted even after deployment. In this paper, we present a design pattern-based methodology for building parameterized components that support dynamic binding of parameters. Moreover, the methodology also supports dynamic re-binding of parameters in the event that such online change is required

Serfs: Dynamically-Bound Parameterized Components

Parameterization is an effective technique for decoupling design decisions in software. Several languages such as C++ and Ada (and Java and C# more recently) offer language constructs for building parameterized software. Using template or generic constructs, one can postpone committing to specific design choices until the software system is ready for deployment. However, in cases where such choices are influenced by the execution environment, deployment time may not be late enough. Moreover, in the context of software systems that have to satisfy high availability constraints, or are long-running, changes in design choices may be warranted even after deployment. In this paper, we present a design pattern-based methodology for building parameterized components that support dynamic binding of parameters. Moreover, the methodology also supports dynamic re-binding of parameters in the event that such online change is required