Isolating JavaScript with Filters, Rewriting, and Wrappers

Abstract. We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implemented properly, filters can prevent dangerous code from loading into the execution environment, while rewriting allows greater expressiveness by inserting run-time checks. Wrapping properties of the execution environment can prevent misuse without requiring changes to imported JavaScript. Using a formal semantics for the ECMA 262-3 standard language, we prove security properties of a subset of JavaScript, comparable in expressiveness to Facebook FBJS, obtained by combining three isolation mechanisms. The isolation guarantees of the three mechanisms are interdependent, with rewriting and wrapper functions relying on the absence of JavaScript constructs eliminated by language filters.

A Formal Semantics for the SmartFrog Configuration Language

System configuration languages are now widely used to drive the deployment and evolution of large computing infrastructures. Most such languages are highly informal, making it difficult to reason about configurations, and introducing an important source of failure. We claim that a more rigorous approach to the development and specification of these languages will help to avoid these difficulties and bring a number of additional benefits. In order to test this claim, we present a formal semantics for the core of the SmartFrog configuration language. We demonstrate how this can be used to prove important properties such as termination of the compilation process. To show that this also contributes to the practical development of clear and correct compilers, we present three independent implementations, and verify their equivalence with each other, and with the semantics. Supported by an extended example from a real configuration scenario, we demonstrate how the process of developing the semantics has improved understanding of the language, highlighted problem areas, and suggested alternative interpretations. This leads us to advocate this approach for the future development of practical configuration languages

A foundation for runtime monitoring

Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitor-ing, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (a syntactic variant of the modal μ-calculus) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated.peer-reviewe

A Foundation for Runtime Monitoring

Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitoring, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (a syntactic variant of the mmucalc) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated

Understanding and predicting ciprofloxacin minimum inhibitory concentration in Escherichia coli with machine learning

It is important that antibiotics prescriptions are based on antimicrobial susceptibility data to ensure effective treatment outcomes. The increasing availability of next-generation sequencing, bacterial whole genome sequencing (WGS) can facilitate a more reliable and faster alternative to traditional phenotyping for the detection and surveillance of AMR. This work proposes a machine learning approach that can predict the minimum inhibitory concentration (MIC) for a given antibiotic, here ciprofloxacin, on the basis of both genome-wide mutation profiles and profiles of acquired antimicrobial resistance genes. We analysed 704 Escherichia coli genomes combined with their respective MIC measurements for ciprofloxacin originating from different countries. The four most important predictors found by the model, mutations in gyrA residues Ser83 and Asp87, a mutation in parC residue Ser80 and presence of the qnrS1 gene, have been experimentally validated before. Using only these four predictors in a linear regression model, 65% and 93% of the test samples' MIC were correctly predicted within a two- and a four-fold dilution range, respectively. The presented work does not treat machine learning as a black box model concept, but also identifies the genomic features that determine susceptibility. The recent progress in WGS technology in combination with machine learning analysis approaches indicates that in the near future WGS of bacteria might become cheaper and faster than a MIC measurement

Program models for compositional verification

Compositional verification is crucial for guaranteeing the security of systems where new components can be loaded dynamically. In earlier work, we developed a compositional verification principle for control-flow properties of sequential control flow graphs with procedures. This paper discusses how the principle can be generalised to richer program models. We first present a generic program model, of which the original program model is an instantiation, and explicate under what conditions the compositional verification principle applies. We then present two other example instantiations of the generic model: with exceptional and with multi-threaded control flow, and show that for these particular instantiations the conditions hold. The program models we present are specifically tailored to our compositional verification principle; however, they are sufficiently intuitive and standard to be useful on their own. Tool support and practical application of the method are discussed

Aspect-oriented runtime monitor certification

Abstract. In-lining runtime monitors into untrusted binary programs via aspect-weaving is an increasingly popular technique for efficiently and flexibly securing untrusted mobile code. However, the complexity of the monitor implementation and in-lining process in these frameworks can lead to vulnerabilities and low assurance for code-consumers. This paper presents a machine-verification technique for aspect-oriented inlined reference monitors based on abstract interpretation and modelchecking. Rather than relying upon trusted advice, the system verifies semantic properties expressed in a purely declarative policy specification language. Experiments on a variety of real-world policies and Java applications demonstrate that the approach is practical and effective

The effect of lower extremity masses and volumes on the balance performance of athletes

Our study aims to investigate the effects of lower extremity mass and volume characteristics of elite athletes on the balance performances. The study has included 42 elite athletes totally with an average age of 23.45 ± 2.50 years, average height of 173.64 ± 6.96 cm, average weight of 79.55 ± 14.19 kg and average body mass index of 26.22 ± 3.06. The calf, femur, foot and leg volumes of the subjects included in the study have been determined by means of Frustum method however, calf, femur, foot and leg masses of the subjects have been determined by means of Hanavan method. The static and dynamic balance performance of athletes has been measured by Biodex Balance System. Dynamic balance performance has been detected in the levels of 2, 4 and 8. When dynamic balance performances have been evaluated, it has been found that there is a significant difference in low-level balance test (p>0.05), and a positive difference has been found between the masses and volumes of calf (r=0.437), femur (r=0.609), foot (r=0.344) and leg (r=0.607) in terms of good and moderate level of balance performances (p<0.05). According to the results obtained, the masses and volumes of calf, femur, foot and leg of the athletes have affected the balance performances and, as the difficulty level of the balance performance increases, the lower extremity mass and volumes affect the balance performance much more. In conclusion, it has been found that lower extremity masses and volumes affect the balance performance of the athletes positively, and lower extremity mass and volumes are required to be improved enough in the branches that put an emphasis on balance. © 2016, Scientific Publishers of India. All rights reserved

The comparison of the pulmonary functions of the individuals having regular exercises and sedentary individuals

The object of our study is to determine the differences between the pulmonary functions of individuals having regular and long-term exercises, and sedentary individuals. The study included 29 athletes having regular and long-term exercises, and 27 sedentary individuals who are not interested in any sports branches actively. The parameters such as Forced Expiratory Volume in 1st Second (FEV1), Forced Vital Capacity (FVC), Peak Expiratory Flow (PEF), Vital Capacity (VC), and Maximum Voluntary Ventilation (MVV) of the individuals included in the study have been examined and the results have been analysed with MIR MiniSpir (Via del Maggiolino Roma-Italy) Spirometer. The arithmetic means and standard deviations of data have been obtained in the statistical evaluation. As a result of the findings obtained, Independent Samples t-test has been applied. No significant difference has been found among the age, height, body weight, Body Mass Index (BMI), FEV1 and PEF values of the groups at the end of the test (P&gt;0.05); however, a significant difference has been found among MVV, FVC, and VC values (P&lt;0.05). When the results of the study are evaluated in accordance with literature data, it has been found out that no difference is present between the FEV1 and PEF values of individuals having long-term and regular exercises, and sedentary individuals; however, there is a significant difference among MVV, FVC and VC values. Therefore, it has been found out that the pulmonary functions (MVV, FVC, and VC) of individuals having regular exercises have improved better than that of sedentary individuals. © 2016, Scientific Publishers of India. All rights reserved