17 research outputs found
Exploring Capability-based security in software design with Rust
Access control is one of the most critical aspects of software engineering when designing secure software. In 2021, the Open Web Application Security Project (OWASP)foundation_owasp_nodate released a new Top10 several years after its last release in 2017. Broken Access Control made a significant jump to the top of the list, marking it as the most prone and vital security aspect of software development. Previous research shows that security challenges, such as Confused Deputy, can be solved with a capability-based approach. To achieve a capability-based system for REepresentational State Transfer (RESTful) Application Programming Interfaces(APIs), we use the Rust programming language to explore how we can create a capability design pattern. We want to create a library for the developer to harness the power of capabilities when writing the code, adhering to the capability properties and Principles of Least Privilege (PoLP), and creating a RESTful API. We created a capability library we used to implement a RESTful API, simple-api, connecting it with Grant Negotiation and Authorization Protocol (GNAP) into a proof-of-concept capability-based system published on GitHub. Resulting in successfully creating capability-based access control for RESTful APIs. We show a use-case where the core access control model is Capabilities and potentially mitigates confused deputies in a RESTful API software architecture.Masteroppgåve i informatikkINF399MAMN-INFMAMN-PRO
Recommended from our members
Miocene stable isotopic stratigraphy and magnetostratigraphy of Buff Bay, Jamaica
Previously reported biostratigraphic relationships from middle-upper Miocene sections exposed near Buff Bay, Jamaica (18°N, tropical bioprovince), differ from the subtropical North Atlantic (Sites 563 and 558). Time scales for this interval rely on correlations established at these subtropical sites, and the differences with the tropical section have implications to global correlations. Planktonic foraminiferal Zones N13 and N15 are thick at Buff Bay but are virtually absent at Sites 563 and 558; nannofossil Zone NN9 is associated with Zone N15 and uppermost Zone N14 at Buff Bay but is associated with Zone N16 at the other sites. Magnetostratigraphic data presented here further complicate the interpretation: Zone NN9 is associated with a thick normal magnetozone at Sites 563 and 558; at Buff Bay, it is associated with a thick reversed magnetozone. Although a secondary magnetization at Buff Bay makes it difficult to identify confidently Miocene normal magnetozones, the thick reversed magnetozone most likely represents the paleomagnetic field and correlates with Chron C5r. The magnetobiostratigraphic relationships require either diachrony of taxa or two mutually exclusive hiatuses in Jamaica and the North Atlantic. We address this problem by analyzing benthic foraminiferal δ^18O and δ^13C from the Buff Bay section. These isotopic data allow us to evaluate three hypotheses that reconcile the magneto-, bio-, and isotopic stratigraphic data and conclude that the first and last occurrences of five taxa were diachronous by ~0.3-0.5 m.y. between tropical and subtropical locations. This requires revised age estimates for late middle to early late Miocene biostratigraphic datum levels. We suggest that the ranges of several taxa are useful for endemic tropical or subtropical zonations, but correlations between the low and midlatitudes were affected by an increase in latitudinal thermal gradients during the late middle Miocene. However, we admit that further studies are needed before this issue is resolved
Recommended from our members
Pass-through core measurements of magnetic susceptibility and natural gamma ray, New Jersey Coastal Plain
We measured magnetic susceptibility (MS) and core gamma radiation (CGR) on 3162 ft (963.9 m) of core recovered by the New Jersey Coastal Plain Drilling Project (Ocean Drilling Program Leg 150X) at Island Beach, Atlantic City, and Cape May, New Jersey. Integration of core lithology, core/log (MS and CGR), and downhole gamma-ray (DGR) log studies have (1) documented the core/log expression of previously determined unconformities; (2) shown that MS is a proxy for glauconite percent in the New Jersey Coastal Plain; (3) illustrated a major change in sedimentation from shelfal glauconite evidenced by very high MS values to deltaic deposition with low MS values in the earliest Miocene (ca. 22 Ma); (4) shown that comparison of MS and CGR with DGR can be used to resolve discrepancies in depth between downhole logs and cores; and (5) shown that the CGR detects some zones noted in the lithology (e.g., phosphate rich zones) that are not resolved in the DGR
Electoral Dioramas: On the Problem of Representation in Voting Advice Applications
Voting Advice Applications (VAAs) are online tools designed to help citizens decide how to vote. They typically offer their users a representation of what is at stake in an election by matching user preferences on issues with those of parties or candidates. While the use of VAAs has boomed in recent years in both established and new democracies, this new phenomenon in the electoral landscape has received little attention from political theorists. The current academic debate is focused on epistemic aspects of the question how a VAA can adequately represent electoral politics. We argue that conceptual and normative presuppositions at play in the background of the tool are at least as important. Even a well-developed VAA does not simply reflect what is at stake in the election by neutrally passing along information. Rather, it structures political information in a way that is informed by the developers’ presuppositions. Yet, these presuppositions remain hidden if we interpret the tool as a mirror that offers the user a reflection of him/herself situated within the political landscape. VAAs should therefore be understood as electoral dioramas, staged according to a contestable picture of politics
Exploring Capability-based security in software design with Rust
Access control is one of the most critical aspects of software engineering when designing secure software. In 2021, the Open Web Application Security Project (OWASP)foundation_owasp_nodate released a new Top10 several years after its last release in 2017. Broken Access Control made a significant jump to the top of the list, marking it as the most prone and vital security aspect of software development. Previous research shows that security challenges, such as Confused Deputy, can be solved with a capability-based approach. To achieve a capability-based system for REepresentational State Transfer (RESTful) Application Programming Interfaces(APIs), we use the Rust programming language to explore how we can create a capability design pattern. We want to create a library for the developer to harness the power of capabilities when writing the code, adhering to the capability properties and Principles of Least Privilege (PoLP), and creating a RESTful API. We created a capability library we used to implement a RESTful API, simple-api, connecting it with Grant Negotiation and Authorization Protocol (GNAP) into a proof-of-concept capability-based system published on GitHub. Resulting in successfully creating capability-based access control for RESTful APIs. We show a use-case where the core access control model is Capabilities and potentially mitigates confused deputies in a RESTful API software architecture
Recommended from our members
Atlantic City Site Report
The Atlantic City borehole was the second site drilled as part of the New Jersey coastal plain drilling project, Leg 150X. It focused on middle middle Miocene to Oligocene "Icehouse" and middle-upper Eocene "Doubthouse" sequences known from previous rotary and cable tool wells. Recovery was not as good as at Island Beach (60% vs. 87%) because of hole stability problems; however, recovery was excellent for most of the critical lower-middle Miocene interval (390-937 ft; 81%). The surficial Cape May Formation (uppermost Pleistocene-Holocene; 123 ft thick) contains nearshore gravelly sand and clay at the top and fluvial deposits at the base that apparently correlate with the Cape May Formation at Island Beach. The ?middle Miocene Cohansey Formation (96 ft thick) sand and sandy clay represents fluvial deposits not present at Island Beach. The ages of both units are uncertain. Recovery of the uppermost part of the 706-ft-thick Kirkwood Formation was poor (no recovery from 293 to 390 ft), but recovery for the Kirkwood between 390 and 937 ft was excellent. The sand, silts, and clay facies expressed in the Kirkwood Formation at Atlantic City represent diverse fluvial, nearshore, and neritic (including prodelta) environments. Several upward-coarsening sequences can be recognized on the basis of lithofacies breaks, gamma-log changes, and hiatuses, corresponding with confining units at the base and aquifer units at the top. These lithostratigraphic and geohydrologic units correspond with similar units at Island Beach, and we suggest that they correlate. Numerous shell beds in the Atlantic City borehole allow preliminary dating of these sequences with Sr-isotopic stratigraphy, including the middle middle Miocene Kirkwood 3 sequence (13.3-13.5 Ma; from at least 401.7 to at least 470 ft), the upper lower Miocene Kirkwood 2 sequence 17.0 17.9 Ma; 512-666 ft), and the uppermost Oligocene to lower Miocene Kirkwood 1 sequence (20.3- 25.8 Ma; 666-937 ft). The Kirkwood 1 sequence may be divided into several additional sequences that have dramatic shell beds at their base and distinct ages determined by Sr isotopes: 20.3-21.9 Ma, 23.6-23.7 Ma, and -25.8 Ma. A sharp lithologic and gamma-log break at 741 ft may indicate another sequence boundary between 20.3 and 20.8 Ma, although Sr-isotopic resolution is not sufficient to document this hiatus unequivocally. The upper Eocene-Oligocene may be divided further into 3 sequences based on lithologic and gamma log changes that were dated with Sr isotopes: upper Oligocene (27.4-28.7 Ma), lower Oligocene (-33.4 Ma), and upper Eocene (36.6-37.7 Ma). Biostratigraphy is consistent with the Sr-isotopic ages and indicates additional lower upper Eocene and upper middle Eocene sequences. The systems tracts are generally well developed for these middle Eocene through middle Miocene sequences, with a basal shell or glauconite sand at the base and sands at the top. Further biostratigraphic and Sr-isotopic studies should refine the ages of the sequences, whereas lithostratigraphic and benthic foraminifer biofacies studies should reveal details of the depositional environments and systems tracts of these well-developed sequences