Between Worlds: Securing Mixed JavaScript/ActionScript Multi-Party Web Content

Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of dynamic features unique to each platform has popularized it for myriad Web development projects. Although Flash and JavaScript security has been examined extensively, the security of untrusted content that combines both has received considerably less attention. This article considers this fusion in detail, outlining several practical scenarios that threaten the security of Web applications. The severity of these attacks warrants the development of new techniques that address the security of Flash-JavaScript content considered as a whole, in contrast to prior solutions that have examined Flash or JavaScript security individually. Toward this end, the article presents FlashJaX, a cross-platform solution that enforces fine-grained, history-based policies that span both Flash and JavaScript. Using in-lined reference monitoring, FlashJaX safely embeds untrusted JavaScript and Flash content in Web pages without modifying browser clients or using special plug-ins. The architecture of FlashJaX, its design and implementation, and a detailed security analysis are exposited. Experiments with advertisements from popular ad networks demonstrate that FlashJaX is transparent to policy-compliant advertisement content, yet blocks many common attack vectors that exploit the fusion of these Web platforms

Leveraging Static Analysis Tools for Improving Usability of Memory Error Sanitization Compilers

Memory errors such as buffer overruns are notorious security vulnerabilities. There has been considerable interest in having a compiler to ensure the safety of compiled code either through static verification or through instrumented runtime checks. While certifying compilation has shown much promise, it has not been practical, leaving code instrumentation as the next best strategy for compilation. We term such compilers Memory Error Sanitization Compilers (MESCs). MESCs are available as part of GCC, LLVM and MSVC suites. Due to practical limitations, MESCs typically apply instrumentation indiscriminately to every memory access, and are consequently prohibitively expensive and practical to only small code bases. This work proposes a methodology that applies state-of-the-art static analysis techniques to eliminate unnecessary runtime checks, resulting in more efficient and scalable defenses. The methodology was implemented on LLVM\u27s Safecode, Integer Overflow, and Address Sanitizer passes, using static analysis of Frama-C and Codesurfer. The benchmarks demonstrate an improvement in runtime performance that makes incorporation of runtime checks a viable option for defenses

Electronic sculpting of ligand-GPCR subtype selectivity:the case of angiotensin II

GPCR subtypes possess distinct functional and pharmacological profiles, and thus development of subtype-selective ligands has immense therapeutic potential. This is especially the case for the angiotensin receptor subtypes AT1R and AT2R, where a functional negative control has been described and AT2R activation highlighted as an important cancer drug target. We describe a strategy to fine-tune ligand selectivity for the AT2R/AT1R subtypes through electronic control of ligand aromatic-prolyl interactions. Through this strategy an AT2R high affinity (<i>K</i>_i = 3 nM) agonist analogue that exerted 18,000-fold higher selectivity for AT2R versus AT1R was obtained. We show that this compound is a negative regulator of AT1R signaling since it is able to inhibit MCF-7 breast carcinoma cellular proliferation in the low nanomolar range

Small-scale solar magnetic fields

As we resolve ever smaller structures in the solar atmosphere, it has become clear that magnetism is an important component of those small structures. Small-scale magnetism holds the key to many poorly understood facets of solar magnetism on all scales, such as the existence of a local dynamo, chromospheric heating, and flux emergence, to name a few. Here, we review our knowledge of small-scale photospheric fields, with particular emphasis on quiet-sun field, and discuss the implications of several results obtained recently using new instruments, as well as future prospects in this field of research.Comment: 43 pages, 18 figure

Cognitive impairment induced by delta9-tetrahydrocannabinol occurs through heteromers between cannabinoid CB1 and serotonin 5-HT2A receptors

Delta-9-tetrahydrocannabinol (THC), the main psychoactive compound of marijuana, induces numerous undesirable effects, including memory impairments, anxiety, and dependence. Conversely, THC also has potentially therapeutic effects, including analgesia, muscle relaxation, and neuroprotection. However, the mechanisms that dissociate these responses are still not known. Using mice lacking the serotonin receptor 5-HT2A, we revealed that the analgesic and amnesic effects of THC are independent of each other: while amnesia induced by THC disappears in the mutant mice, THC can still promote analgesia in these animals. In subsequent molecular studies, we showed that in specific brain regions involved in memory formation, the receptors for THC and the 5-HT2A receptors work together by physically interacting with each other. Experimentally interfering with this interaction prevented the memory deficits induced by THC, but not its analgesic properties. Our results highlight a novel mechanism by which the beneficial analgesic properties of THC can be dissociated from its cognitive side effects