54 research outputs found
Development of security extensions based on Chrome APIs
Client-side attacks against web sessions are a real concern for many applications. Realizing protection mechanisms on the client side, e.g. as browser extensions, has become a popular approach for securing the Web. In this paper we report on our experience in the implementation of SessInt, an extension for Google Chrome that protects users against a variety of client-side attacks, and we discuss some limitations of the browser APIs that negatively impacted on the design process
WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring
We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability
Firewall management with FireWall synthesizer
Firewalls are notoriously hard to configure and maintain. Policies are written in low-level, system-specific languages where rules are inspected and enforced along non-trivial control flow paths. Moreover, firewalls are tightly related to Network Address Translation (NAT) since filters need to be specified taking into account the possible translations of packet addresses, further complicating the task of network administrators. To simplify this job, we propose FIRE WALL SYNTHESIZER (FWS), a tool that decompiles real firewall configurations from different systems into an abstract specification. This representation highlights the meaning of a configuration, i.e., the allowed connections with possible address translations. We show the usage of FWS in analyzing and maintaining a configuration on a simple (yet realistic) scenario and we discuss how the tool scales on real-world policies
The First AGILE Solar Flare Catalog
We report the Astrorivelatore Gamma ad Immagini LEggero (AGILE) observations
of solar flares, detected by the on board anticoincidence system in the 80-200
keV energy range, from 2007 May 1st to 2022 August 31st. In more than 15 yr,
AGILE detected 5003 X-ray, minute-lasting transients, compatible with a solar
origin. A cross-correlation of these transients with the Geostationary
Operational Environmental Satellites (GOES) official solar flare database
allowed to associate an intensity class (i.e., B, C, M, or X) to 3572 of them,
for which we investigated the main temporal and intensity parameters. The AGILE
data clearly revealed the solar activity covering the last stages of the 23rd
cycle, the whole 24th cycle, and the beginning of the current 25th cycle. In
order to compare our results with other space missions operating in the
high-energy range, we also analyzed the public lists of solar flares reported
by RHESSI and Fermi Gamma-ray Burst Monitor. This catalog reports 1424 events
not contained in the GOES official dataset, which, after statistical
comparisons, are compatible with low-intensity, short-duration solar flares.
Besides providing a further dataset of solar flares detected in the hard
X-ray range, this study allowed to point out two main features: a longer
persistence of the decay phase in the high-energy regime, with respect to the
soft X-rays, and a tendency of the flare maximum to be reached earlier in the
soft X-rays with respect to the hard X-rays. Both these aspects support a
two-phase acceleration mechanism of electrons in the solar atmosphere.Comment: 22 pages, 10 figure
Study of radiation damage and substrate resistivity effects from beam test of silicon microstrip detectors using LHC readout electronics
We present the beam test results of single-sided silicon microstrip detectors, with different substrate resistivities. The effects of radiation damage are studied for a detector irradiated to a fluence of 2.4 multiplied by 10**1**4 n/cm**2. The detectors are read out with the APV6 chip, which is compatible with the 40 MHz LHC clock. The performance of different detectors and readout modes are studied in terms of signal-to-noise ratio and efficiency
Assembly of the Inner Tracker Silicon Microstrip Modules
This note describes the organization of the mechanical assembly of the nearly 4000 silicon microstrip modules that were constructed in Italy for the Inner Tracker of the CMS experiment. The customization and the calibration of the robotic system adopted by the CMS Tracker community, starting from a general pilot project realized at CERN, is described. The step-by-step assembly procedure is illustrated in detail. Finally, the results for the mechanical precision of all assembled modules are reported
Surviving the Web: A Journey into Web Session Security
In this article, we survey the most common attacks against web sessions, that is, attacks that target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions that prevent or mitigate the different attacks by evaluating them along four different axes: Protection, usability, compatibility, and ease of deployment. We also assess several defensive solutions that aim at providing robust safeguards against multiple attacks. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way
- …