Development of security extensions based on Chrome APIs

Client-side attacks against web sessions are a real concern for many applications. Realizing protection mechanisms on the client side, e.g. as browser extensions, has become a popular approach for securing the Web. In this paper we report on our experience in the implementation of SessInt, an extension for Google Chrome that protects users against a variety of client-side attacks, and we discuss some limitations of the browser APIs that negatively impacted on the design process

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability

Stray light evaluation for the astrometric gravitation probe mission

The main goal of the Astrometric Gravitation Probe mission is the verification of General Relativity and competing gravitation theories by precise astrometric determination of light deflection, and of orbital parameters of selected Solar System objects. The key element is the coherent combination of a set of 92 circular entrance apertures, each feeding an elementary inverted occulter similar to the one developed for Solar Orbiter/METIS.1 This provides coronagraphic functions over a relevant field of view, in which all stars are observed for astrometric purposes with the full resolution of a 1 m diameter telescope. The telescope primary mirror acts as a beam combiner, feeding the 92 pupils, through the internal optics, toward a single focal plane. The primary mirror is characterized by 92 output apertures, sized according to the entrance pupil and telescope geometry, in order to dump the solar disk light beyond the instrument. The astronomical objects are much fainter than the solar disk, which is angularly close to the inner field of view of the telescope. The stray light as generated by the diffraction of the solar disk at the edges of the 92 apertures defines the limiting magnitude of observable stars. In particular, the stray light due to the diffraction from the pupil apertures is scattered by the telescope optics and follows the same optical path of the astronomical objects; it is a contribution that cannot be eliminated and must therefore be carefully evaluated. This paper describes the preliminary evaluation of this stray light contribution

Firewall management with FireWall synthesizer

Firewalls are notoriously hard to configure and maintain. Policies are written in low-level, system-specific languages where rules are inspected and enforced along non-trivial control flow paths. Moreover, firewalls are tightly related to Network Address Translation (NAT) since filters need to be specified taking into account the possible translations of packet addresses, further complicating the task of network administrators. To simplify this job, we propose FIRE WALL SYNTHESIZER (FWS), a tool that decompiles real firewall configurations from different systems into an abstract specification. This representation highlights the meaning of a configuration, i.e., the allowed connections with possible address translations. We show the usage of FWS in analyzing and maintaining a configuration on a simple (yet realistic) scenario and we discuss how the tool scales on real-world policies

Design of an afocal telescope for the ARIEL mission

ARIEL (Atmospheric Remote-sensing Infrared Exoplanet Large-survey) is one of the three candidates for the next ESA medium-class science mission (M4) expected to be launched in 2026. This mission will be devoted to observe spectroscopically in the infrared (IR) a large population of known transiting planets in our Galaxy. ARIEL is based on a 1-m class telescope ahead of two spectrometer channels covering the band 1.95 to 7.8 microns. In addition there are four photometric channels: two wide band, also used as fine guidance sensors, and two narrow band. During its 3.5 years operations from L2 orbit, ARIEL will continuously observe exoplanets transiting their host star. The ARIEL design is conceived as a fore-module common afocal telescope that will feed the spectrometer and photometric channels. The telescope optical design is an off-axis portion of a two-mirror classic telescope coupled to a tertiary off-axis paraboloidal mirror providing a collimating output beam. The telescope and optical bench operating temperatures, as well as those of some subsystems, will be monitored and fine tuned/stabilised mainly by means of a thermal control subsystem (TCU - Telescope Control Unit) working in closed-loop feedback and hosted by the main Payload electronics unit, i.e. the Instrument Control Unit (ICU). In this paper the telescope requirements will be given together with the foreseen design. The technical solution chosen to passively cool the telescope unit will be detailed discussed

The afocal telescope of the ESA ARIEL mission: analysis of the layout

ARIEL (Atmospheric Remote-sensing Infrared Exoplanet Large-survey) is one of the three present candidates as an M4 ESA mission to be launched in 2026. During its foreseen 3.5 years operation, it will observe spectroscopically in the infrared a large population of known transiting planets in the neighborhood of the Solar System. The aim is to enable a deep understanding of the physics and chemistry of these exoplanets. ARIEL is based on a 1-m class telescope ahead of a suite of instruments: two spectrometer channels covering the band 1.95 to 7.8 μm and four photometric channels (two wide and two narrow band) in the range 0.5 to 1.9 μm. The ARIEL optical design is conceived as a fore-module common afocal telescope that will feed the spectrometer and photometric channels. The telescope optical design is based on an eccentric pupil two-mirror classic Cassegrain configuration coupled to a tertiary paraboloidal mirror. The temperature of the primary mirror (M1) will be monitored and finely tuned by means of an active thermal control system based on thermistors and heaters. They will be switched on and off to maintain the M1 temperature within ±1 K thanks to a proportional-integral-derivative (PID) controller implemented within the Telescope Control Unit (TCU), a Payload electronics subsystem mainly in charge of the active thermal control of the two detectors owning to the spectrometer. TCU will collect the housekeeping data of the controlled subsystems and will forward them to the spacecraft (S/C) by means of the Instrument Control Unit (ICU), the main Payload's electronic Unit linked to the S/C On Board Computer (OBC)

The afocal telescope optical design and tolerance analysis for the ESA ARIEL mission

ARIEL (Atmospheric Remote-sensing Infrared Exoplanet Large-survey) is one of the three present candidates for the next ESA medium-class science mission (M4) to be launched in 2026. During its 3.5 years of scientific operations from L2 orbit, this mission will observe spectroscopically in the infrared (IR) a large population of known transiting planets in the neighbourhood of the Solar System. The aim is to enable a deep understanding of the physics and chemistry of these exoplanets. ARIEL is based on a 1-m class telescope ahead of a suite of instruments: two spectrometer channels covering the band 1.95 to 7.80 µm and four photometric channels (two wide and two narrow band) in the range 0.5 to 1.9 μm. The ARIEL optical design is conceived as a fore-module common afocal telescope that will feed the spectrometer and photometric channels. The telescope optical design is based on an eccentric pupil two-mirror classic Cassegrain configuration coupled to a tertiary paraboloidal mirror. An all-aluminum structure has been considered for the telescope layout, and a detailed tolerance analysis has been conducted to assess the telescope feasibility. This analysis has been done including the different parts of the realization and life of the instrument, from integration on-ground to in-flight stability during the scientific acquisitions. The primary mirror (M1) temperature will be monitored and finely tuned via an active thermal control system based on thermistors and heaters. The heaters will be switched on and off to maintain the M1 temperature within ±1K thanks to a proportional-integral-derivative (PID) controller