Compilers perform static analysis prior to applying an optimization. The analysis results are typically not very precise, however, as a compiler operates with a strict time budget, which constrains reasoning. In this paper, we explore a new direction: using information gathered by external sound static analysis tools to augment the internal compiler reasoning, and investigate whether this leads to better optimization. One of the key problems to be solved is that of propagating the source-level information gathered by a static analyzer deeper into the optimization pipeline. We propose an approach to achieve this and demonstrate its feasibility through an implementation using the LLVM compiler infrastructure. We show how assertions obtained from the Frama-C static analysis tool are propagated through LLVM and are then used to substantially improve the effectiveness of several optimizations.

Mixed Flash and JavaScript content has become increasingly prevalent; its purveyance of dynamic features unique to each platform has popularized it for myriad web development projects. Although Flash and JavaScript security has been examined extensively, the security of untrusted content that combines both has received considerably less attention. This article considers this fusion in detail, outlining several practical scenarios that threaten the security of web applications. The severity of these attacks warrants the development of new techniques that address the security of Flash-JavaScript content considered as a whole, in contrast to prior solutions that have examined Flash or JavaScript security individually.

Toward this end, the article presents FlashJaX, a cross-platform solution that enforces fine-grained, history-based policies that span both Flash and JavaScript. Using in-lined reference monitoring, FlashJaX safely embeds untrusted JavaScript and Flash content in web pages without modifying browser clients or using special plug-ins. The architecture of FlashJaX, its design and implementation, and a detailed security analysis are exposited. Experiments with advertisements from popular ad networks demonstrate that FlashJaX is transparent to policy-compliant advertisement content, yet blocks many common attack vectors that exploit the fusion of these web platforms.

Approaches for safe execution of JavaScript on web pages have been a topic of recent research interest. A significant number of these approaches aim to provide safety through runtime mediation of accesses made by a JavaScript program. In this paper, we propose a novel, lightweight JavaScript transformation technique for enforcing security properties on untrusted JavaScript programs using source code interposition. Our approach assures namespace isolation between several principals within a single web page, and access control for sensitive browser interfaces. This access control mechanism is based on a whitelist approach to ensure soundness of the mediation. Our technique is lightweight, resulting in low run-time overhead compared to existing solutions such as BrowserShield and Caja.

The inclusion of third-party scripts in web pages is a common practice. A recent study has shown that more than half of the Alexa top 10000 sites include scripts from more than 5 different origins. However, such script inclusions carry risks, as the included scripts operate with the privileges of the including website.

We propose JSand, a server-driven but client-side JavaScript sandboxing framework. JSand requires no browser modifications: the sandboxing framework is implemented in JavaScript and is delivered to the browser by the websites that use it. Enforcement is done entirely at the client side: JSand enforces a server-specified policy on included scripts without requiring server-side filtering or rewriting of scripts. Most importantly, JSand is complete: access to all resources is mediated by the sandbox.

We describe the design and implementation of JSand, and we show that it is secure, backwards compatible, and that it performs sufficiently well.

The emerging cloud computing models for Internet-of-Things have fostered the development of lightweight applications using cloud services for monitoring and optimizing devices and equipment hosted in distributed facilities. Such applications – called bots in our work – can be composed and deployed with multiple types of governance policies from cloud platforms to distributed hosting environments and they can access not only local data and devices but also cloud data and features. Therefore, it is a great challenge to govern them. In this paper, we discuss governance issues and state-of-the-art on supporting the emerging Bot-as-a-Service in sustainability governance platforms. Based on that we outline our approaches to policy development and enforcement for the Bot-as-a-Service model

The large majority of websites nowadays embeds third-party JavaScript into their pages, coming from external partners. Ideally, these scripts are benign and come from trusted sources, but over time, these third-party scripts can start to misbehave, or to come under control of an attacker. Unfortunately, the state-of-practice integration techniques for third-party scripts do not impose restrictions on the execution of JavaScript code, allowing such an attacker to perform unwanted actions on behalf of the website owner and/or website visitor.

In this paper, we present a two-tier sandbox architecture to enable a website owner to enforce modular fine-grained security policies for potential untrusted third-party JavaScript code. The architecture contains an outer sandbox that provides strong baseline isolation guarantees with generic, coarse-grained policies and an inner sandbox that enables fine-grained, stateful policy enforcement specific to a particular untrusted application. The two-tier approach ensures that the application-specific policies and untrusted code are by default confined to a basic security policy, without imposing restrictions on the expressiveness of the policies.

Our proposed architecture improves upon the state-of-the-art as it does not depend on browser modification nor preprocessing or transformation of untrusted code, and allows the secure enforcement of fine-grained, stateful access control policies. We have developed a prototype implementation on top of a open-source sandbox library in the ECMAScript 5 specification, and applied it to a representative online advertisement case study to validate the feasibility and security of the proposed architecture.

Keywords: ECMAScript 5, JavaScript, Sandbox, fine-grained security policy, untrusted, web application security, web mashups

Phung et al (ASIACCS'09) describe a method for wrapping built-in methods of JavaScript programs in order to enforce security policies. The method is appealing because it requires neither deep transformation of the code nor browser modification. Unfortunately the implementation outlined suffers from a range of vulnerabilities, and policy construction is restrictive and error prone. In this paper we address these issues to provide a systematic way to avoid the identified vulnerabilities, and make it easier for the policy writer to construct declarative policies - i.e. policies upon which attacker code has no side effects.

Existing secure protocols and code signing mechanisms for vehicle systems to download and install software over the air certify only the origin and the integrity of software; thus, they do not address errors that might not be detected in the development process and cannot ensure that the downloaded software do not contain malicious code. In this paper, we identify such possible threats by developing a threat model for the vehicle software architecture. We propose countermeasures against the threats by preventing or modifying inappropriate behaviour caused by, e.g., malicious or poorly designed applications. We propose a model to deploy the approach which is based on modifying the application at the wireless gateway in the vehicle before being installed. As a result, security policies are embedded into the application and intercepts security relevant execution events. Thus, the execution of downloaded vehicle applications is monitored to ensure the safety and security for the vehicle system and to detect potential cyber attacks.

Keywords: Vehicle software/firmware;language-based security;policy enforcement

This paper introduces a method to control JavaScript execution. The aim is to prevent or modify inappropriate behaviour caused by e.g. malicious injected scripts or poorly designed third-party code. The approach is based on modifying the code so as to make it self-protecting: the protection mechanism (security policy) is embedded into the code itself and intercepts security relevant API calls. The challenges come from the nature of the JavaScript language: any variables in the scope of the program can be redefined, and code can be created and run on-the-fly. This creates potential problems, respectively, for tamper-proofing the protection mechanism, and for ensuring that no security relevant events bypass the protection. Unlike previous approaches to instrument and monitor JavaScript to enforce or adjust behaviour, the solution we propose is lightweight in that (i) it does not require a modified browser, and (ii) it does not require any run-time parsing and transformation of code (including dynamically generated code). As a result, the method has low run-time overhead compared to other methods satisfying (i), and the lack of need for browser modifications means that the policy can even be applied on the server to mitigate some effects of cross-site scripting bugs.

Keywords: JavaScript, inlined reference monitors, language based security, programming

In this paper, we have proposed a security scheme for Ad-hoc On-Demand Distance Vector (AODV) routing protocol. In this scheme, each node in a network has a list of its neighbor nodes including a shared secret key which is obtained by executing a key agreement when joining a network. One key principle in our scheme is that before executing route discovery steps in AODV protocol, each node executes message authentication process with the sender to guarantee the integrity and non-repudiation of routing messages and therefore, could prevent attacks from malicious nodes. Comparing with other recently proposed security routing protocols, our security scheme needs less computation power in routing transactions and does not need any centralized element in mobile ad-hoc networks.

The lifecycle mismatch between vehicles and their IT system poses a problem for the automotive industry. Such systems need to be open and extensible to provide customised functionalities and services. What is less clear is how to achieve this with quality and security guarantees. Recent studies in language-based security - the use of programming language technology to enforce application specific security policies - show that security policy enforcement mechanisms such as inlined reference monitors provide a potential solution for security in extensible systems. In this paper we study the implementation of security policy enforcement using aspect-oriented programming for the OSGi (Open Services Gateway initiative) framework. We identify classes of reference monitor-style policies that can be defined and enforced using AspectJ, a well-known aspect-oriented programming language. We demonstrate the use of security states to describe history-based policies. We also introduce and implement various levels of security states in Java to describe session level history versus global application level history. We illustrate the effectiveness of the implementation by deploying the security policy enforcement solution in an example scenario of software downloading in a standard vehicle system.

An upcoming trend for automotive manufacturers is to perform remote diagnostics and firmware updates over the air, which allows identifying hardware problems and correction of software flaws with minimal customer inconvenience. These procedures require that the previously isolated in-vehicle network permits external communication, which introduces a number of security risks, e.g., cyber attack threats. In this paper, we identify cyber attack threats and classify the electronic control units (ECUs) in the in-vehicle network to assist in determining which ones to protect and restrict access to. We divide the ECUs into five categories: powertrain, vehicle safety, comfort, infotainment, and telematics. We then use four safety integrity levels to classify the ECU categories. Moreover, we define safety effect levels of security threats which are used to classify identified attacks in the remote diagnostics and firmware updates over the air procedures. The safety and security levels are combined to classify the ECU categories. From the results we conclude that ECU categories such as powertrain and vehicle safety require further protection prior to introducing remote connectivity. As a conclusion, we suggest that automotive manufacturers should emphasize security or restrict the remote diagnostics and firmware updates over the air procedures to certain ECUs.

In the recent years, Web services technology has been playing an important role as a middleware for distributed systems such as peer-to-peer computing, grid computing as well as interoperability transactions. As the technology continues to evolve, a number of specifications are being proposed to address the areas necessary to support Web services. These specifications are designed modularly, therefore it is necessary to have a framework to supply an efficient way for developers in building Web services-based distributed applications. The aim of our approach is to combine and integrate appropriate Web service specifications within one framework; thus, distributed applications can be built on this framework regardless of these specifications. In our previous work, a Web services framework in which Web services-based interoperability transactions can be executed in reliable, effective, and secure manner have been proposed. In this paper we present the design and implementation of modules for the framework based on remoting pattern approach. Remoting patterns are used since they provide a systematic way in developing distributed object middleware solutions and they can link to other patterns in the context of distributed applications. By using remoting pattern language, our framework can be easily integrated to Web services-based distributed systems as well as extended additional functionalities in future. A case study of e-banking transactions based on our framework has been developed to illustrate how our framework can be used in practice.

Web Services and Service-Oriented Architecture (SOA) has been playing an important role as a middleware for interoperable transactions such as Business-to-Business and Enterprise Application Integration. Popular Web Services frameworks, such as Apache Axis, did not consider the Quality of Service (QoS), though these aspects are high demands in practice. In this paper, we present a framework supporting QoS built on the top of Axis. The framework is transparent with developers on both client and server side, and supports QoS including performance, accessibility, reliability, and security for SOA-based transactions. The design and implementation of our framework provide an easily integrated and flexibly extended approach to SOA-based applications. The key features and implementation methodology are described, with scenarios provided as usage examples of the framework.

Although service oriented architecture (SOA) supports an architecture for robust interoperability transactions, there are many challenges that need to be investigated to develop the infrastructure for such transactions. One of the important problems still not considered is that how to manage these services in an efficient manner in transactions. In this paper, a framework for a more efficient management of services in interoperability transactions has been proposed. The purpose of this framework is to provide a secure and reliable environment for the communication of services in a SOA-based architecture. The framework is a combination of Web services reliable messaging protocol and the security model of our previous work (Phu et al., 2005).

Keywords: Internet;computer network management;electronic messaging;open systems;protocols;security of data;transaction processing;SOA;Web services;interoperability transactions;messaging protocol;security model;service communication;service management;service oriented architecture;Computer architecture;Distributed computing;Information technology;Protocols;Quality of service;Security;Service oriented architecture;Technology management;Web services;XML

The evolution of the Internet and Web has led governments to reshape traditional public services, supplying the faster, better and more responsive access to public services to citizens called e-Government. It is electronic interactions for citizens and government agency officers and also co-operations among independent, heterogeneous government agencies. This paper shows an investigation on the e-Government aspects and requirements. Then, an e-Government co-operations architecture based on Service-Oriented Architecture approach, the new trend of software architecture and distributed computing technology is proposed. Finally, a security model for proposed e-government architecture based on the combination of related security standards and specifications including PKI architecture, XML signature, XML Encryption and XML Key Management Service (XKMS) is described