Security Analysis of Web and Embedded Applications

As we put more trust in the computer systems we use the need for securityis increasing. And while security features like HTTPS are becomingcommonplace on the web, securing applications remains dicult. This thesisfocuses on analyzing dierent computer ecosystems to detect vulnerabilitiesand develop countermeasures. This includesweb browsers,web applications,and cyber-physical systems such as Android Automotive.For web browsers, we analyze how new security features might solve aproblem but introduce new ones. We show this by performing a systematicanalysis of the new Content Security Policy (CSP) directive navigate-to.In our research, we nd that it does introduce new vulnerabilities, to whichwe recommend countermeasures. We also create AutoNav, a tool capable ofautomatically suggesting navigation policies for this directive.To improve the security of web applications, we develop a novel blackboxmethod by combining the strengths of dierent black-box methods. Weimplement this in our scanner Black Widow, which we compare with otherleading web application scanners. Black Widow both improves the coverageof the web application and nds more vulnerabilities, including ones inPrestashop, WordPress, and HotCRP.For embedded systems,We analyze the new attack vectors introduced bycombining a phone OS with vehicle APIs and nd new attacks pertaining tosafety, privacy, and availability. Furthermore, we create AutoTame, which isdesigned to analyze third-party apps for vehicles for the vulnerabilities wefound

Securing the Next Generation Web

With the ever-increasing digitalization of society, the need for secure systems is growing. While some security features, like HTTPS, are popular, securing web applications, and the clients we use to interact with them remains difficult.To secure web applications we focus on both the client-side and server-side. For the client-side, mainly web browsers, we analyze how new security features might solve a problem but introduce new ones. We show this by performing a systematic analysis of the new Content Security Policy (CSP)\ua0 directive navigate-to. In our research, we find that it does introduce new vulnerabilities, to which we recommend countermeasures. We also create AutoNav, a tool capable of automatically suggesting navigation policies for this directive. Finding server-side vulnerabilities in a black-box setting where\ua0 there is no access to the source code is challenging. To improve this, we develop novel black-box methods for automatically finding vulnerabilities. We\ua0 accomplish this by identifying key challenges in web scanning and combining the best of previous methods. Additionally, we leverage SMT solvers to\ua0 further improve the coverage and vulnerability detection rate of scanners.In addition to browsers, browser extensions also play an important role in the web ecosystem. These small programs, e.g. AdBlockers and password\ua0 managers, have powerful APIs and access to sensitive user data like browsing history. By systematically analyzing the extension ecosystem we find new\ua0 static and dynamic methods for detecting both malicious and vulnerable extensions. In addition, we develop a method for detecting malicious extensions\ua0 solely based on the meta-data of downloads over time. We analyze new attack vectors introduced by Google’s new vehicle OS, Android Automotive. This\ua0 is based on Android with the addition of vehicle APIs. Our analysis results in new attacks pertaining to safety, privacy, and availability. Furthermore, we\ua0 create AutoTame, which is designed to analyze third-party apps for vehicles for the vulnerabilities we found

On the road with third-party apps: Security analysis of an in-vehicle app platform

Digitalization has revolutionized the automotive industry. Modern cars are equipped with powerful Internetconnected infotainment systems, comparable to tablets and smartphones. Recently, several car manufacturers have announced the upcoming possibility to install third-party apps onto these infotainment systems. The prospect of running third-party code on a device that is integrated into a safety critical in-vehicle system raises serious concerns for safety, security, and user privacy. This paper investigates these concerns of in-vehicle apps. We focus on apps for the Android Automotive operating system which several car manufacturers have opted to use. While the architecture inherits much from regular Android, we scrutinize the adequateness of its security mechanisms with respect to the in-vehicle setting, particularly affecting road safety and user privacy. We investigate the attack surface and vulnerabilities for third-party in-vehicle apps. We analyze and suggest enhancements to such traditional Android mechanisms as app permissions and API control. Further, we investigate operating system support and how static and dynamic analysis can aid automatic vetting of in-vehicle apps. We develop AutoTame, a tool for vehicle-specific code analysis. We report on a case study of the countermeasures with a Spotify app using emulators and physical test beds from Volvo Cars

Hardening the security analysis of browser extensions

Browser extensions boost the browsing experience by a range of features from automatic translation and grammar correction to password management, ad blocking, and remote desktops. Yet the power of extensions poses significant privacy and security challenges because extensions can be malicious and/or vulnerable. We observe that there are gaps in the previous work on analyzing the security of browser extensions and present a systematic study of attack entry points in the browser extension ecosystem. Our study reveals novel password stealing, traffic stealing, and inter-extension attacks. Based on a combination of static and dynamic analysis we show how to discover extension attacks, both known and novel ones, and study their prevalence in the wild. We show that 1,349 extensions are vulnerable to inter-extension attacks leading to XSS. Our empirical study uncovers a remarkable cluster of "New Tab"extensions where 4,410 extensions perform traffic stealing attacks. We suggest several avenues for the countermeasures against the uncovered attacks, ranging from refining the permission model to mitigating the attacks by declarations in manifest files

Spin-orbit enhancement in Si/SiGe heterostructures with oscillating Ge concentration

We show that Ge concentration oscillations within the quantum well region of a Si/SiGe heterostructure can significantly enhance the spin-orbit coupling of the low-energy conduction-band valleys. Specifically, we find that for Ge oscillation wavelengths near $\lambda = 1.57~\text{nm}$, a Dresselhaus spin-orbit coupling is produced that is over an order of magnitude larger than what is found in conventional Si/SiGe heterostructures without Ge concentration oscillations. We also provide a detailed explanation for this resonance phenomenon. This involves the Ge concentration oscillations producing wavefunction satellite peaks a distance $2 \pi/\lambda$ away in momentum space from each valley, which then couple to the opposite valley through Dresselhaus spin-orbit coupling. Our results indicate that the enhanced spin-orbit coupling can enable fast spin manipulation within Si quantum dots using electric dipole spin resonance in the absence of micromagnets. Indeed, our calculations yield a Rabi frequency $\Omega_{\text{Rabi}}/B > 500~\text{MHz/T}$ near the optimal Ge oscillation wavelength $\lambda = 1.57~\text{nm}$Comment: 18 pages, 11 figure

Climate, decay, and the death of the coal forests

After death, most of the biological carbon in organisms (Corg) is returned to the atmosphere as CO2 through the respiration of decomposers and detritivores or by combustion. However, the balance between these processes is not perfect, and when productivity exceeds decomposition, carbon sequestration results. An unparalleled interval of carbon sequestration in Earth’s history occurred during the Late Carboniferous (Pennsylvanian) and Permian Periods (ca. 323–252 Ma), when arborescent vascular plants related to living club mosses (Lycophytes), ferns (Monilophytes), horsetails (Equisetophytes) and seed plants (Spermatophytes) formed extensive forests in coastal wetlands. On their death, these plants became buried in sediments, where they transformed into peat, lignite, and, finally, coal

Implementation of a Discrete Dipole Approximation Scattering Database Into Community Radiative Transfer Model

The Community Radiative Transfer Model (CRTM) is a fast model that requires bulk optical properties of hydrometeors in the form of lookup tables to simulate all-sky satellite radiances. Current cloud scattering lookup tables of CRTM were generated using the Mie-Lorenz theory thus assuming spherical shapes for all frozen habits, while actual clouds contain frozen hydrometeors with different shapes. The Discrete Dipole Approximation (DDA) technique is an effective technique for simulating the optical properties of non-spherical hydrometeors in the microwave region. This paper discusses the implementation and validation of a comprehensive DDA cloud scattering database into CRTM for the microwave frequencies. The original DDA database assumes total random orientation in the calculation of single scattering properties. The mass scattering parameters required by CRTM were then computed from single scattering properties and water content dependent particle size distributions. The new lookup tables eliminate the requirement for providing the effective radius as input to CRTM by using the cloud water content for the mass dimension. A collocated dataset of short-term forecasts from Integrated Forecast System of the European Center for Medium-Range Weather Forecasts and satellite microwave data was used for the evaluation of results. The results overall showed that the DDA lookup tables, in comparison with the Mie tables, greatly reduce the differences among simulated and observed values. The Mie lookup tables especially introduce excessive scattering for the channels operating below 90\ua0GHz and low scattering for the channels above 90\ua0GHz

High capacity transmission with few-mode fibers

We experimentally investigate high-capacity few-mode fiber transmission for short and medium-haul optical links. In separate experiments, we demonstrate C + L band transmission of 283 Tbit/s over a single 30 km span and recirculating loop transmission of 159 Tbit/s over 1045 km graded-index three mode fiber. The first experiment reached a data-rate per fiber mode within 90% of the record data-rates reported in the same transmission bands for single-mode fibers. The second experiment demonstrated the feasibility of reaching high data-rates over long distance few-mode fiber transmission, despite strong impairments due to mode-dependent loss and differential mode delay