2,186 research outputs found

    Development of security extensions based on Chrome APIs

    Get PDF
    Client-side attacks against web sessions are a real concern for many applications. Realizing protection mechanisms on the client side, e.g. as browser extensions, has become a popular approach for securing the Web. In this paper we report on our experience in the implementation of SessInt, an extension for Google Chrome that protects users against a variety of client-side attacks, and we discuss some limitations of the browser APIs that negatively impacted on the design process

    WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

    Get PDF
    We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability

    HeMISE (Helio-Magnetism Investigation from the Sun to Earth): a twin spacecraft mission at the Sun-Earth Lagrangian points L4 and L5

    Get PDF
    The Sun-Earth environment is a much more dynamic and eventful system than the common-life experience of looking at the sky can suggest and severe disturbances on the Earth magnetic field called geomagnetic storms often occur. These sudden disturbances can adversely affect the health of humans in space and in high altitude commercial flights. Further advancing in our forecasting capabilities of these storms will necessary requires a much deeper understanding of the origin on the Sun and propagation in the interplanetary medium of these disturbances. This means that we need a better understanding of how magnetic fields are generated in the solar interior, how their emergence through the photosphere, their storage and release in the lower corona, and the final connection with our planet: a mission specifically dedicated to this objective is needed. So far measurements of the solar magnetic field are mostly restricted to the low layers of the solar atmosphere. Extrapolation techniques underlying numerous assumptions are used to estimate the magnetic field in the transition region from the chromospheres to the corona and in the corona itself. More recently, ground-based spectropolarimetry has proven to be very useful to provide information of the coronal magnetic fields on the plane of the sky, but there are no spacecraft providing at the same time measurement of photospheric fields responsible for the coronal configuration. The solution will be offered by a multi-spacecraft mission designed to study at the same time photospheric and coronal magnetic fields and the interplanetary evolution of generated solar transients propagating along the Sun-Earth line. The HeMISE mission will investigate the emission and its polarization from the extreme ultraviolet to the white light wavelengths regimes. This will be done by 2 twin spacecraft, carrying remote sensing and in situ instruments, located in stable orbits around L4 and L5 Lagrangian points. Twin spacecraft with photospheric and coronal magnetometers will open the possibility for stereoscopic global helioseismology and will allow for the first time to combine photospheric fields measured by one spacecraft with coronal fields measured by the second spacrecraft in quasi-quadrature, thus providing for the first time a continuous coverage of solar magnetic fields through the solar atmosphere. The main concepts of this mission will be illustrated here

    Stray light evaluation for the astrometric gravitation probe mission

    Get PDF
    The main goal of the Astrometric Gravitation Probe mission is the verification of General Relativity and competing gravitation theories by precise astrometric determination of light deflection, and of orbital parameters of selected Solar System objects. The key element is the coherent combination of a set of 92 circular entrance apertures, each feeding an elementary inverted occulter similar to the one developed for Solar Orbiter/METIS.1 This provides coronagraphic functions over a relevant field of view, in which all stars are observed for astrometric purposes with the full resolution of a 1 m diameter telescope. The telescope primary mirror acts as a beam combiner, feeding the 92 pupils, through the internal optics, toward a single focal plane. The primary mirror is characterized by 92 output apertures, sized according to the entrance pupil and telescope geometry, in order to dump the solar disk light beyond the instrument. The astronomical objects are much fainter than the solar disk, which is angularly close to the inner field of view of the telescope. The stray light as generated by the diffraction of the solar disk at the edges of the 92 apertures defines the limiting magnitude of observable stars. In particular, the stray light due to the diffraction from the pupil apertures is scattered by the telescope optics and follows the same optical path of the astronomical objects; it is a contribution that cannot be eliminated and must therefore be carefully evaluated. This paper describes the preliminary evaluation of this stray light contribution

    Firewall management with FireWall synthesizer

    Get PDF
    Firewalls are notoriously hard to configure and maintain. Policies are written in low-level, system-specific languages where rules are inspected and enforced along non-trivial control flow paths. Moreover, firewalls are tightly related to Network Address Translation (NAT) since filters need to be specified taking into account the possible translations of packet addresses, further complicating the task of network administrators. To simplify this job, we propose FIRE WALL SYNTHESIZER (FWS), a tool that decompiles real firewall configurations from different systems into an abstract specification. This representation highlights the meaning of a configuration, i.e., the allowed connections with possible address translations. We show the usage of FWS in analyzing and maintaining a configuration on a simple (yet realistic) scenario and we discuss how the tool scales on real-world policies

    Design of an afocal telescope for the ARIEL mission

    Get PDF
    ARIEL (Atmospheric Remote-sensing Infrared Exoplanet Large-survey) is one of the three candidates for the next ESA medium-class science mission (M4) expected to be launched in 2026. This mission will be devoted to observe spectroscopically in the infrared (IR) a large population of known transiting planets in our Galaxy. ARIEL is based on a 1-m class telescope ahead of two spectrometer channels covering the band 1.95 to 7.8 microns. In addition there are four photometric channels: two wide band, also used as fine guidance sensors, and two narrow band. During its 3.5 years operations from L2 orbit, ARIEL will continuously observe exoplanets transiting their host star. The ARIEL design is conceived as a fore-module common afocal telescope that will feed the spectrometer and photometric channels. The telescope optical design is an off-axis portion of a two-mirror classic telescope coupled to a tertiary off-axis paraboloidal mirror providing a collimating output beam. The telescope and optical bench operating temperatures, as well as those of some subsystems, will be monitored and fine tuned/stabilised mainly by means of a thermal control subsystem (TCU - Telescope Control Unit) working in closed-loop feedback and hosted by the main Payload electronics unit, i.e. the Instrument Control Unit (ICU). In this paper the telescope requirements will be given together with the foreseen design. The technical solution chosen to passively cool the telescope unit will be detailed discussed

    The afocal telescope of the ESA ARIEL mission: analysis of the layout

    Get PDF
    ARIEL (Atmospheric Remote-sensing Infrared Exoplanet Large-survey) is one of the three present candidates as an M4 ESA mission to be launched in 2026. During its foreseen 3.5 years operation, it will observe spectroscopically in the infrared a large population of known transiting planets in the neighborhood of the Solar System. The aim is to enable a deep understanding of the physics and chemistry of these exoplanets. ARIEL is based on a 1-m class telescope ahead of a suite of instruments: two spectrometer channels covering the band 1.95 to 7.8 μm and four photometric channels (two wide and two narrow band) in the range 0.5 to 1.9 μm. The ARIEL optical design is conceived as a fore-module common afocal telescope that will feed the spectrometer and photometric channels. The telescope optical design is based on an eccentric pupil two-mirror classic Cassegrain configuration coupled to a tertiary paraboloidal mirror. The temperature of the primary mirror (M1) will be monitored and finely tuned by means of an active thermal control system based on thermistors and heaters. They will be switched on and off to maintain the M1 temperature within ±1 K thanks to a proportional-integral-derivative (PID) controller implemented within the Telescope Control Unit (TCU), a Payload electronics subsystem mainly in charge of the active thermal control of the two detectors owning to the spectrometer. TCU will collect the housekeeping data of the controlled subsystems and will forward them to the spacecraft (S/C) by means of the Instrument Control Unit (ICU), the main Payload's electronic Unit linked to the S/C On Board Computer (OBC)
    • …