A study of the security implications involved with the use of executable World Wide Web content

Malicious executable code is nothing new. While many consider that the concept of malicious code began in the 1980s when the first PC viruses began to emerge, the concept does in fact date back even earlier. Throughout the history of malicious code, methods of hostile code delivery have mirrored prevailing patterns of code distribution. In the 1980s, file infecting and boot sector viruses were common, mirroring the fact that during this time, executable code was commonly transferred via floppy disks. Since the 1990s email has been a major vector for malicious code attacks. Again, this mirrors the fact that during this period of time email has been a common means of sharing code and documents. This thesis examines another model of executable code distribution. It considers the security risks involved with the use of executable code embedded or attached to World Wide Web pages. In particular, two technologies are examined. Sun Microsystems\u27 Java Programming Language and Microsoft\u27s ActiveX Control Architecture are both technologies that can be used to connect executable program code to World Wide Web pages. This thesis examines the architectures on which these technologies are based, as well as the security and trust models that they implement. In doing so, this thesis aims to assess the level of risk posed by such technologies and to highlight similar risks that might occur with similar future technologies. ()

Formal models and analysis of secure multicast in wired and wireless networks

The spreading of multicast technology enables the development of group communication and so dealing with digital streams becomes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity, and confidentiality of the digital contents. This paper shows a formal capability of capturing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through proto- cols dealing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security properties and compositional principles for evaluating if a property is satisfied over a system with more than two components

IVOA Recommendation: SAMP - Simple Application Messaging Protocol Version 1.3

SAMP is a messaging protocol that enables astronomy software tools to interoperate and communicate. IVOA members have recognised that building a monolithic tool that attempts to fulfil all the requirements of all users is impractical, and it is a better use of our limited resources to enable individual tools to work together better. One element of this is defining common file formats for the exchange of data between different applications. Another important component is a messaging system that enables the applications to share data and take advantage of each other's functionality. SAMP builds on the success of a prior messaging protocol, PLASTIC, which has been in use since 2006 in over a dozen astronomy applications and has proven popular with users and developers. It is also intended to form a framework for more general messaging requirements

Hostile Protected Persons or Extra-Conventional Persons: How Unlawful Combatants in the War on Terrorism Posed Extraordinary Challenges for Military Attorneys and Commanders

First, this Article reviews policymakers\u27 and commentators\u27 categorization of participants in Operation Enduring Freedom, the armed conflict in Afghanistan against al Qaeda and Taliban fighters. This Article concentrate specifically on the status of participants operating at the fringes of the categories of persons protected by the Geneva Conventions. It shows, for example, how al Qaeda and the Taliban fighters tested the bounds of the Conventions by employing methods of “warfare” which rendered them non-distinct and therefore made a determination of their status unclear. This Article demonstrates how policymakers and ultimately the U.S. President created a class of persons--so-called extra-conventional persons--who participated in hostilities yet failed to qualify for protection under any of the applicable Geneva Conventions. Second, this Article presents the training and education available to the judge advocates who faced these legal issues. it further presents perspectives on the law of war as it appeared from the resources, education, and training commonly available to deployed judge advocates. This Article ultimately concludes that international law and U.S. military doctrine classify many who participate in hostilities as “protected persons” under the Fourth Geneva Convention--a concept ultimately at odds with the determination made by U.S. policymakers.Third, and in concert with the two issues identified above, this Article describes the enormous challenges these issues created for U.S. military persons participating in Operation Iraqi Freedom. Specifically, it illustrates operational and legal challenges faced by military attorneys and the commanders they advised. It then explores legal issues that arose during the detention and occupation operations with respect to fighters associated with Saddam Fedayeen. Observing apparent similarities between Saddam Fedayeen and Taliban fighters earlier categorized as extra-conventional, this Article describes how, despite similarities in applicable law and attributes, judge advocates determined that these irregular fighters were protected persons under the Fourth Geneva Convention. It concludes that judge advocates dealt with these challenges responsibly, providing sound legal advice that balanced commanders\u27 mission requirements with the humanitarian spirit of the law of war

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

Formal models and analysis of secure multicast in wired and wireless networks

The spreading of multicast technology enables the develop- ment of group communication and so, dealing with digital streams be- comes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed in the last few years, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity and confidentiality of the digital contents. This paper shows a formal capability of captur- ing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through protocols deal- ing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security proper- ties and compositional principles for evaluating if a property is satisfied over a system with more than two components