Towards understanding Android system vulnerabilities: Techniques and insights

National Research Foundation (NRF) Singapor

Rethinking Security of Web-Based System Applications

Many modern desktop and mobile platforms, including Ubuntu, Google Chrome, Windows, and Firefox OS, support so called Web-based system applications that run outside the Web browser and enjoy direct access to native objects such as files, camera, and ge-olocation. We show that the access-control models of these plat-forms are (a) incompatible and (b) prone to unintended delega-tion of native-access rights: when applications request native ac-cess for their own code, they unintentionally enable it for untrusted third-party code, too. This enables malicious ads and other third-party content to steal users ’ OAuth authentication credentials, ac-cess camera on their devices, etc. We then design, implement, and evaluate POWERGATE, a new access-control mechanism for Web-based system applications. It solves two key problems plaguing all existing platforms: security and consistency. First, unlike the existing platforms, POWERGATE correctly protects native objects from unauthorized access. Second, POWERGATE provides uniform access-control semantics across all platforms and is 100 % backward compatible. POWERGATE en-ables application developers to write well-defined native-object ac-cess policies with explicit principals such as “application’s own lo-cal code ” and “third-party Web code, ” is easy to configure, and incurs negligible performance overhead

New directions for higher education

Publ. comme no 85, spring 1994 de la revue New directions for higher educationBibliogr. à la fin des textesIndex: p. 133-13

Access Permission Contracts for Scripting Languages

International audienceThe ideal software contract fully specifies the behavior of an operation. Often, in particular in the context of scripting languages, a full specification may be cumbersome to state and may not even be desired. In such cases, a partial specification, which describes selected aspects of the behavior, may be used to raise the confidence in an implementation of the operation to a reasonable level.We propose a novel kind of contract for object-based languages that specifies the side effects of an operation with access permissions. An access permission contract uses sets of access paths to express read and write permissions for the properties of the objects accessible from the operation.We specify a monitoring semantics for access permission contracts and implement this semantics in a contract system for JavaScript. We prove soundness and stability of violation under increasing aliasing for our semantics.Applications of access permission contracts include enforcing modularity, test-driven development, program understanding, and regression testing. With respect to testing and understanding, we find that adding access permissions to contracts increases the effectiveness of error detection through contract monitoring by 6-13%