Rethinking Security of Web-Based System Applications

Many modern desktop and mobile platforms, including Ubuntu, Google Chrome, Windows, and Firefox OS, support so called Web-based system applications that run outside the Web browser and enjoy direct access to native objects such as files, camera, and ge-olocation. We show that the access-control models of these plat-forms are (a) incompatible and (b) prone to unintended delega-tion of native-access rights: when applications request native ac-cess for their own code, they unintentionally enable it for untrusted third-party code, too. This enables malicious ads and other third-party content to steal users ’ OAuth authentication credentials, ac-cess camera on their devices, etc. We then design, implement, and evaluate POWERGATE, a new access-control mechanism for Web-based system applications. It solves two key problems plaguing all existing platforms: security and consistency. First, unlike the existing platforms, POWERGATE correctly protects native objects from unauthorized access. Second, POWERGATE provides uniform access-control semantics across all platforms and is 100 % backward compatible. POWERGATE en-ables application developers to write well-defined native-object ac-cess policies with explicit principals such as “application’s own lo-cal code ” and “third-party Web code, ” is easy to configure, and incurs negligible performance overhead

Participation in the Supplemental Nutrition Assistance Program (SNAP) and Unemployment Insurance How Tight Are the Strands of the Recessionary Safety Net?

This report provides nationally representative annual estimates for 2004-09 of households’ multi-program or “joint” participation patterns in both the Supplemental Nutrition Assistance Program (SNAP) and the Unemployment Insurance (UI) program, including breakouts of household types categorized by household income relative to poverty, race/ethnicity, and education level. SNAP and UI are two strands of the Nation’s recessionary safety net—the subset of safety-net programs for which participation is responsive to the business cycle. Using data from the Annual Social and Economic (ASEC) Supplement to the Current Population Survey, the study found that an estimated 14.4 percent of SNAP households also received UI at some time in 2009 (a recessionary year), an increase of 6.6 percentage points from 2005 (a full-employment year). Conversely, an estimated 13.4 percent of UI households also received SNAP in 2009, an increase of 2.3 percentage points from 2005. SNAP households with lower annual income relative to poverty or with householders who did not complete high school were relatively less likely to also have UI, indicating that these populations were relatively more likely to rely on SNAP benefits alone (without UI)

Participation in SNAP and Unemployment Insurance: How Tight Are the Strands of the Recessionary Safety Net?

This report provides nationally representative annual estimates for 2004-09 of households’ multi-program or “joint” participation patterns in both the Supplemental Nutrition Assistance Program (SNAP) and the Unemployment Insurance (UI) program, including breakouts of household types categorized by household income relative to poverty, race/ethnicity, and education level. SNAP and UI are two strands of the Nation’s recessionary safety net —the subset of safety-net programs for which participation is responsive to the business cycle. Using data from the Annual Social and Economic (ASEC) Supplement to the Current Population Survey, the study found that an estimated 14.4 percent of SNAP households also received UI at some time in 2009 (a recessionary year), an increase of 6.6 percentage points from 2005 (a full-employment year). Conversely, an estimated 13.4 percent of UI households also received SNAP in 2009, an increase of 2.3 percentage points from 2005. SNAP households with lower annual income relative to poverty or with householders who did not complete high school were relatively less likely to also have UI, indicating that these populations were relatively more likely to rely on SNAP benefits alone (without UI)