Common Representation of Information Flows for Dynamic Coalitions

We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow

Discovering Application-Level Insider Attacks Using Symbolic Execution

Coordinated Science Laboratory was formerly known as Control Systems LaboratoryNational Science Foundation / 727 NSF CNS 05-5166

Insecure programming: how culpable is a language's syntax

Abstract — Vulnerabilities in software stem from poorly written code by programmers who are not aware of its security implications or some inadvertent errors that may have crept in. Writing secure code is largely a software engineering issue requiring the education of programmers about safe coding practices. Various projects and efforts such as memory usage profiling, meta-compilation and typing proofs that check correctness of the code at compile-time and runtime provide additional assistance in this regard. In this paper, we point out that in the context of security, one aspect that is perhaps underrated or overlooked is that errors could arise due to the syntax of a programming language. We show that it is possible to make very subtle errors with serious consequences. Our work will help caution programmers on the types of errors to avoid as well as serve as a guideline for language designers to lay emphasis not only on richness of language features but also the syntax of the language

Keywords- Programming Language Security, Syntax Errors

Insecure Programming: How Culpable is a Language’s Syntax? Abstracr-Vulnerabilities in software stem from poorly written code. In-advertent errors may creep in due to programmers not being aware of the security implications of their code. Writing secure code is largely a soft-ware engineering issue requiring the education of programmers about safe coding practices. Various projects and efforts such as memory usage profil-ing, meta-compilation and typing proofs that verify correctness of the code at compile-time and run-time provide additional assistance in this regard. In this paper, we point out that in the context of security, one aspect that is perhaps underrated or overlooked is that vulnerabilities may be inherent in the syntax and grammar of a programming language itself. We leverage on some well-studied problems to show that small syntactic discrepancies may lead to vast semantic differences in programs and in turn, correlate to hard security errors. Our work will help caution programmers on the types of errors to avoid as well as serve as a guideline for language design-ers to lay emphasis not only on richness of language features but also the unambiguity of the syntax

Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks

Abstract. Remote code-injection attacks are one of the most frequently used attacking vectors in computer security. To detect and analyze in-jected code (often called shellcode), some researchers have proposed network-level code emulators. A network-level code emulator can detect shellcode accurately and help analysts to understand the behavior of shellcode. We demonstrated that memory-scanning attacks can evade current emula-tors, and propose Yataglass, an elaborated network-level code emulator, that enables us to analyze shellcode that incorporates memory-scanning attacks. According to our experimental results, Yataglass successfully emulated and analyzed real shellcode into which we had manually incor-porated memory-scanning attacks

Whispers of Rebellion: Narrating Gabriel’s Conspiracy (Carter G. Woodson Institute Series)

An ambitious if ultimately unrealized plan to revolt that ended in the conviction and hanging of over two dozen men, Gabriel’s Conspiracy of 1800 sought nothing less than to capture the capital city of Richmond and end slavery in Virginia. Whispers of Rebellion draws on recent scholarship and extensive archival material to provide the clearest view yet of this fascinating chapter in the history of slavery—and to question much about the case that has been accepted as fact. In his examination of the slave Gabriel and his group of insurgents, Michael Nicholls focuses on the neighborhood of the Brook, north of Richmond, as the plot’s locus, revealing the area’s economic and familial ties, the geographic proximity of the key conspirators, and how their contacts allowed their plan to spread across three counties and into the cities of Richmond and Petersburg. Nicholls explores under-documented aspects of the conspiracy, such as the participants’ recruitment and motives, showing them to be less ideologically driven than previously supposed. The author also looks at the state’s swift and brutal response, and argues persuasively that, rather than the coalition between blacks and whites that has been described in other accounts, the participants were all slaves or free blacks, suffering under an oppressive white population and willing to die for their freedom.https://digitalcommons.usu.edu/usufaculty_monographs/1102/thumbnail.jp