Jinfei Liu,Li Xiong,Jun Luo

2013-01-01

Abstract:In this paper we illustrate a privacy framework named Indistinguishabley Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure multi-party computation setting, and prove they are equivalent. To the best of our knowledge, this is the first work that illustrates the relationships of these privacy definitions and unifies them through one framework.

Vikas Kambhampati,Nehaz Hussain Mohammed,Amin Milani Fard

2024-11-29

Abstract:JavaScript has been consistently among the most popular programming languages in the past decade. However, its dynamic, weakly-typed, and asynchronous nature can make it challenging to write maintainable code for developers without in-depth knowledge of the language. Consequently, many JavaScript applications tend to contain code smells that adversely influence program comprehension, maintenance, and debugging. Due to the widespread usage of JavaScript, code security is an important matter. While JavaScript code smells and detection techniques have been studied in the past, current work on security smells for JavaScript is scarce. Security code smells are coding patterns indicative of potential vulnerabilities or security weaknesses. Identifying security code smells can help developers to focus on areas where additional security measures may be needed. We present a set of 24 JavaScript security code smells, map them to a possible security awareness defined by Common Weakness Enumeration (CWE), explain possible refactoring, and explain our detection mechanism. We implement our security code smell detection on top of an existing open source tool that was proposed to detect general code smells in JavaScript.

Cryptography and Security,Software Engineering

Feng Xiao,Zhongfu Su,Guangliang Yang,Wenke Lee

DOI: https://doi.org/10.1109/sp54263.2024.00183

2024-01-01

Abstract:Static data flow analysis techniques have been broadly applied in analyzing and detecting security threats in web applications. However, without actual code execution, they often suffer serious precision issues and may even miss serious vulnerabilities, especially when facing modern JavaScript applications characterized by complex operations and semantics. To combat these complex semantics, we propose a novel semantic understanding approach, namely computation-based semantic explanation (CSE). CSE can effectively identify and resolve common failures arising from complex semantics in static data flow analysis, ultimately improving the detection of potential vulnerabilities.We implement a prototype tool of CSE, called Jasmine. By applying Jasmine to more than 10K real-world JavaScript programs, we find complex operations and semantics are prevalent in practice and heavily impede the state-of-art static techniques (e.g., Github’s CodeQL and IBM’s WALA) from regular security validations. Our experiments show Jasmine can effectively resolve complex semantics and lead to the discovery of 22 hidden vulnerabilities, which are not detectable by existing tools. Among these vulnerabilities, 13 ones are previously unknown, i.e., zero-day vulnerabilities. Up to now, nine CVEs have been issued, and five of them have been rated as ‘critical’ with a 9.8 severity score.

Ilya Grishchenko,Matteo Maffei,Clara Schneidewind

DOI: https://doi.org/10.1007/978-3-319-89722-6_10

2018-01-01

Abstract:Smart contracts are programs running on cryptocurrency (e.g., Ethereum) blockchains, whose popularity stem from the possibility to perform financial transactions, such as payments and auctions, in a distributed environment without need for any trusted third party. Given their financial nature, bugs or vulnerabilities in these programs may lead to catastrophic consequences, as witnessed by recent attacks. Unfortunately, programming smart contracts is a delicate task that requires strong expertise: Ethereum smart contracts are written in Solidity, a dedicated language resembling JavaScript, and shipped over the blockchain in the EVM bytecode format. In order to rigorously verify the security of smart contracts, it is of paramount importance to formalize their semantics as well as the security properties of interest, in particular at the level of the bytecode being executed.In this paper, we present the first complete small-step semantics of EVM bytecode, which we formalize in the F* proof assistant, obtaining executable code that we successfully validate against the official Ethereum test suite. Furthermore, we formally define for the first time a number of central security properties for smart contracts, such as call integrity, atomicity, and independence from miner controlled parameters. This formalization relies on a combination of hyper- and safety properties. Along this work, we identified various mistakes and imprecisions in existing semantics and verification tools for Ethereum smart contracts, thereby demonstrating once more the importance of rigorous semantic foundations for the design of security verification techniques.

Stefano Calzavara,Alvise Rabitti,Michele Bugliesi

DOI: https://doi.org/10.1145/3149408

IF: 3.35

2018-05-31

ACM Transactions on the Web

Abstract:Content Security Policy (CSP) is a recent W3C standard introduced to prevent and mitigate the impact of content injection vulnerabilities on websites. In this article, we introduce a formal semantics for the latest stable version of the standard, CSP Level 2. We then perform a systematic, large-scale analysis of the effectiveness of the current CSP deployment, using the formal semantics to substantiate our methodology and to assess the impact of the detected issues. We focus on four key aspects that affect the effectiveness of CSP: browser support, website adoption, correct configuration, and constant maintenance. Our analysis shows that browser support for CSP is largely satisfactory, with the exception of a few notable issues. However, there are several shortcomings relative to the other three aspects. CSP appears to have a rather limited deployment as yet and, more crucially, existing policies exhibit a number of weaknesses and misconfiguration errors. Moreover, content security policies are not regularly updated to ban insecure practices and remove unintended security violations. We argue that many of these problems can be fixed by better exploiting the monitoring facilities of CSP, while other issues deserve additional research, being more rooted into the CSP design.

computer science, information systems, software engineering

Arjun Guha,Claudiu Saftoiu,Shriram Krishnamurthi

DOI: https://doi.org/10.48550/arXiv.1510.00925

2015-10-04

Programming Languages

Abstract:We reduce JavaScript to a core calculus structured as a small-step operational semantics. We present several peculiarities of the language and show that our calculus models them. We explicate the desugaring process that turns JavaScript programs into ones in the core. We demonstrate faithfulness to JavaScript using real-world test suites. Finally, we illustrate utility by defining a security property, implementing it as a type system on the core, and extending it to the full language.

Meng Shen,Jing Wang,Hongyang Du,Dusit Niyato,Xiangyun Tang,Jiawen Kang,Yaoling Ding,Liehuang Zhu

DOI: https://doi.org/10.1109/mnet.2023.3327111

IF: 10.294

2023-01-01

IEEE Network

Abstract:Semantic communication has emerged as a promising technique that can integrate the meaning and context of information into a communication process. It goes beyond raw data transmission and enables a sender and a receiver to transmit and recover semantic messages through their respective knowledge bases. However, it is challenging to achieve secure semantic communication due to complicated security and privacy threats in semantic communication. In this article, we first introduce the background and architecture of semantic communication. Then, we sort out multiple potential security threats existing in each step of semantic communication. Following that, we summarize the requirements for secure semantic communication and provide possible defenses for each type of attacks. We also present a case study to illustrate the training process of a reliable semantic encoder/decoder. Finally, we discuss open issues and future directions in this research field.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Gregor Richards,Sylvain Lebresne,Brian Burg,Jan Vitek

DOI: https://doi.org/10.1145/1809028.1806598

2010-06-12

ACM SIGPLAN Notices

Abstract:The JavaScript programming language is widely used for web programming and, increasingly, for general purpose computing. As such, improving the correctness, security and performance of JavaScript applications has been the driving force for research in type systems, static analysis and compiler techniques for this language. Many of these techniques aim to reign in some of the most dynamic features of the language, yet little seems to be known about how programmers actually utilize the language or these features. In this paper we perform an empirical study of the dynamic behavior of a corpus of widely-used JavaScript programs, and analyze how and why the dynamic features are used. We report on the degree of dynamism that is exhibited by these JavaScript programs and compare that with assumptions commonly made in the literature and accepted industry benchmark suites.

Matthias Keil,Peter Thiemann

DOI: https://doi.org/10.48550/arXiv.1612.00669

2016-12-02

Programming Languages

Abstract:Today's JavaScript applications are composed of scripts from different origins that are loaded at run time. As not all of these origins are equally trusted, the execution of these scripts should be isolated from one another. However, some scripts must access the application state and some may be allowed to change it, while preserving the confidentiality and integrity constraints of the application. This paper presents design and implementation of DecentJS, a language-embedded sandbox for full JavaScript. It enables scripts to run in a configurable degree of isolation with fine-grained access control. It provides a transactional scope in which effects are logged for review by the access control policy. After inspection of the log, effects can be committed to the application state or rolled back. The implementation relies on JavaScript proxies to guarantee full interposition for the full language and for all code, including dynamically loaded scripts and code injected via eval. Its only restriction is that scripts must be compliant with JavaScript's strict mode.

Zihao Jin,Shuo Chen,Yang Chen,Haixin Duan,Jianjun Chen,Jianping Wu

DOI: https://doi.org/10.14722/ndss.2023.24305

2023-01-01

Abstract:The Electron platform represents a paradigm to develop modern desktop apps using HTML and JavaScript.Microsoft Teams, Visual Studio Code and other flagship products are examples of Electron apps.This new paradigm inherits the security challenges in web programming into the desktop-app realm, thus opens a new way for local-machine exploitation.We conducted a security study about real-world Electron apps, and discovered many vulnerabilities that are now confirmed by the app vendors.The conventional wisdom is to view these bugs as sanitization errors.Accordingly, secure programming requires programmers to explicitly enumerate all kinds of unexpected inputs to sanitize.We believe that secure programming should focus on specifying programmers' intentions as opposed to their non-intentions.We introduce a concept called DOM-tree type, which expresses the set of DOM trees that an app expects to see during execution, so an exploit will be caught as a type violation.With insights into the HTML standard and the Chromium engine, we build the DOM-tree type mechanism into the Electron platform.The evaluations show that the methodology is practical, and it secures all vulnerable apps that we found in the study.

Damien Cassou,Stéphane Ducasse,Nicolas Petton

DOI: https://doi.org/10.48550/arXiv.1309.3914

2013-09-16

Abstract:Isolating programs is an important mechanism to support more secure applications. Isolating program in dynamic languages such as JavaScript is even more challenging since reflective operations can circumvent simple mechanisms that could protect program parts. In this article we present SafeJS, an approach and implementation that offers isolation based on separate sandboxes and control of information exchanged between them. In SafeJS, sandboxes based on web workers do not share any data. Data exchanged between sandboxes is solely based on strings. Using different policies, this infrastructure supports the isolation of the different scripts that usually populate web pages. A foreign component cannot modify the main DOM tree in unexpected manner. Our SafeJS implementation is currently being used in an industrial setting in the context of the Resilience FUI 12 project.

Programming Languages,Cryptography and Security

Na Meng,Stefan Nagy,Daphne Yao,Wenjie Zhuang,Gustavo Arango Argoty

DOI: https://doi.org/10.48550/arXiv.1709.09970

2017-09-28

Abstract:Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior research was focused on the misuse of cryptography and SSL APIs, but did not explore the key fundamental research question: what are the biggest challenges and vulnerabilities in secure coding practices? In this paper, we conducted a comprehensive empirical study on StackOverflow posts to understand developers' concerns on Java secure coding, their programming obstacles, and potential vulnerabilities in their code. We observed that developers have shifted their effort to the usage of authentication and authorization features provided by Spring security--a third-party framework designed to secure enterprise applications. Multiple programming challenges are related to APIs or libraries, including the complicated cross-language data handling of cryptography APIs, and the complex Java-based or XML-based approaches to configure Spring security. More interestingly, we identified security vulnerabilities in the suggested code of accepted answers. The vulnerabilities included using insecure hash functions such as MD5, breaking SSL/TLS security through bypassing certificate validation, and insecurely disabling the default protection against Cross Site Request Forgery (CSRF) attacks. Our findings reveal the insufficiency of secure coding assistance and education, and the gap between security theory and coding practices.

Cryptography and Security

Federico Cerutti,Daniele Barattieri di San Pietro,Francesco Gringoli,Gianfranco Lamperti

DOI: https://doi.org/10.1016/j.procs.2022.09.142

2022-01-01

Procedia Computer Science

Abstract:The majority of websites incorporate JavaScript for client-side execution in a supposedly protected environment. Unfortunately, JavaScript has also proven to be a critical attack vector for both independent and state-sponsored groups of hackers. On the one hand, defenders need to analyze scripts to ensure that no threat is delivered and to respond to potential security incidents. On the other, attackers aim to obfuscate the source code in order to disorient the defenders or even to make code analysis practically impossible. Since code obfuscation may also be adopted by companies for legitimate intellectual-property protection, a dilemma remains on whether a script is harmless or malignant, if not criminal. To help analysts deal with such a dilemma, a methodology is proposed, called JACOB, which is based on five steps, namely: (1) source code parsing, (2) control flow graph recovery, (3) region identification, (4) code structuring, and (5) partial evaluation. These steps implement a sort of decompilation for control flow fattened code, which is progressively transformed into something that is close to the original JavaScript source, thereby making eventual code analysis possible. Most relevantly, JACOB has been successfully applied to uncover unwanted user tracking and fingerprinting in e-commerce websites operated by a well-known Chinese company.

Fatih Gurcan

DOI: https://doi.org/10.7717/peerj-cs.1954

2024-03-26

Abstract:Background: Digitalization and rapid technological improvement in the present day bring numerous benefits, but they also raise the complexity and diversity of cyber security risks, putting critical information security issues on the agenda. Growing issues and worries about information security endanger not only the security of individuals and organizations but also global social and economic stability. Methods: This study investigates the issues and challenges regarding information security by analyzing all the postings on ISSE (Information Security Stack Exchange), a Q&A website focused on information security. In order to identify the primary topics addressed in postings shared on the ISSE platform, we employed a probabilistic topic modeling method called latent Dirichlet allocation (LDA), which is generative in nature and relies on unsupervised machine learning processes. Results: Through this investigation, a total of 38 topics were identified, demonstrating the present state of information security issues and challenges. Considering these topics, a comprehensive taxonomy of seven categories was devised to address information security issues, taking into account their backgrounds and perspectives. Subsequently, we conducted an examination of the prevalence and complexity of the matters at hand. In addition, we have defined the prevailing technologies utilized in the realm of information security, including tasks, certifications, standards, methods, tools, threats, and defenses. We have provided a number of implications for different stakeholders, including academics, developers, educators, and practitioners, who are working towards advancing the field of information security.

Adam Rapley,Xavier Bellekens,Lynsay A. Shepherd,Colin McLean

DOI: https://doi.org/10.3390/informatics5040046

2018-11-15

Abstract:Writing desktop applications in JavaScript offers developers the opportunity to write cross-platform applications with cutting edge capabilities. However in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the <a class="link-external link-http" href="http://Node.js" rel="external noopener nofollow">this http URL</a> JavaScript runtime --- an increasingly popular server-side technology. In bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that <a class="link-external link-http" href="http://Node.js" rel="external noopener nofollow">this http URL</a> exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. The paper also exposes fifteen highly popular Electron applications and demonstrates that two thirds of applications were found to be using known vulnerable elements with high CVSS scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

Cryptography and Security,Software Engineering

Gaetano Perrone,Simon Pietro Romano

2024-07-17

Abstract:WebAssembly is revolutionizing the approach to developing modern applications. Although this technology was born to create portable and performant modules in web browsers, currently, its capabilities are extensively exploited in multiple and heterogeneous use-case scenarios. With the extensive effort of the community, new toolkits make the use of this technology more suitable for real-world applications. In this context, it is crucial to study the liaisons between the WebAssembly ecosystem and software security. Indeed, WebAssembly can be a medium for improving the security of a system, but it can also be exploited to evade detection systems or for performing cryptomining activities. In addition, programs developed in low-level languages such as C can be compiled in WebAssembly binaries, and it is interesting to evaluate the security impacts of executing programs vulnerable to attacks against memory in the WebAssembly sandboxed environment. Also, WebAssembly has been designed to provide a secure and isolated environment, but such capabilities should be assessed in order to analyze their weaknesses and propose new mechanisms for addressing them. Although some research works have provided surveys of the most relevant solutions aimed at discovering WebAssembly vulnerabilities or detecting attacks, at the time of writing, there is no comprehensive review of security-related literature in the WebAssembly ecosystem. We aim to fill this gap by proposing a comprehensive review of research works dealing with security in WebAssembly. We analyze 121 papers by identifying seven different security categories. We hope that our work will provide insights into the complex landscape of WebAssembly and guide researchers, developers, and security professionals towards novel avenues in the realm of the WebAssembly ecosystem.

Cryptography and Security

Anindya Banerjee,David A. Naumann

DOI: https://doi.org/10.4204/EPTCS.129.17

2013-09-20

Abstract:The Java virtual machine and the .NET common language runtime feature an access control mechanism specified operationally in terms of run-time stack inspection. We give a denotational semantics in "eager" form, and show that it is equivalent to the "lazy" semantics using stack inspection. We give a static analysis of safety, i.e., the absence of security errors, that is simpler than previous proposals. We identify several program transformations that can be used to remove run-time checks. We give complete, detailed proofs for safety of the analysis and for the transformations, exploiting compositionality of the eager semantics.

Programming Languages

Shengchao Qin,Aziem Chawdhary,Wei Xiong,Malcolm Munro,Zongyan Qiu,Huibiao Zhu

DOI: https://doi.org/10.1109/TASE.2011.33

2011-01-01

Abstract:JavaScript as a Web scripting language has been widely used following the fast growth of Internet. Due to the flexible and dynamic features offered by the JavaScript language, it has become a challenging problem to statically reason about code written in JavaScript. As a first step towards building a mechanised verification system for JavaScript, we present, in this paper, an axiomatic verification system for a core subset of JavaScript based on a variant of separation logic. We have also defined a big-step operational semantics with respect to which we have demonstrated the soundness of our verification system.

Jiao Jiao,Shuanglong Kan,Shang-Wei Lin,David Sanan,Yang Liu,Jun Sun

DOI: https://doi.org/10.48550/arXiv.1804.01295

2018-04-04

Abstract:Bitcoin has attracted everyone's attention and interest recently. Ethereum (ETH), a second generation cryptocurrency, extends Bitcoin's design by offering a Turing-complete programming language called Solidity to develop smart contracts. Smart contracts allow creditable execution of contracts on EVM (Ethereum Virtual Machine) without third parties. Developing correct smart contracts is challenging due to its decentralized computation nature. Buggy smart contracts may lead to huge financial loss. Furthermore, smart contracts are very hard, if not impossible, to patch once they are deployed. Thus, there is a recent surge of interest on analyzing/verifying smart contracts. While existing work focuses on EVM opcode, we argue that it is equally important to understand and define the semantics of Solidity since programmers program and reason about smart contracts at the level of source code. In this work, we develop the structural operational semantics for Solidity, which allows us to identify multiple design issues which underlines many problematic smart contracts. Furthermore, our semantics is executable in the K framework, which allows us to verify/falsify contracts automatically.

Programming Languages

Zhaohui Yang,Mingzhe Chen,Gaolei Li,Yang Yang,Zhaoyang Zhang

DOI: https://doi.org/10.48550/arXiv.2301.01421

2023-01-04

Information Theory

Abstract:Semantic communication allows the receiver to know the intention instead of the bit information itself, which is an emerging technique to support real-time human-machine and machine-to-machine interactions for future wireless communications. In semantic communications, both transmitter and receiver share some common knowledge, which can be used to extract small-size information at the transmitter and recover the original information at the receiver. Due to different design purposes, security issues in semantic communications have two unique features compared to standard bit-wise communications. First, an attacker in semantic communications considers not only the amount of stolen data but also the meanings of stolen data. Second, an attacker in semantic communication systems can attack not only semantic information transmission as done in standard communication systems but also attacks machine learning (ML) models used for semantic information extraction since most of semantic information is generated using ML based methods. Due to these unique features, in this paper, we present an overview on the fundamentals and key challenges in the design of secure semantic communication. We first provide various methods to define and extract semantic information. Then, we focus on secure semantic communication techniques in two areas: information security and semantic ML model security. For each area, we identify the main problems and challenges. Then, we will provide a comprehensive treatment of these problems. In a nutshell,this article provides a holistic set of guidelines on how to design secure semantic communication systems over real-world wireless communication networks.