Search

Your search keyword '"Maffeis, Sergio"' showing total 78 results
Start Over Author "Maffeis, Sergio"
78 results on '"Maffeis, Sergio"'

52. A type discipline for authorization policies

Author

Fournet, Cedric, Gordon, Andrew D., and Maffeis, Sergio

Subjects
Network access, Authentication -- Methods, Access control (Computers) -- Methods
Abstract

Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as digital signatures, local ACLs, and encrypted communications. In principle, authorization specifications can be separated from code and carefully audited. Logic programs in particular can express policies in a simple, abstract manner. We consider the problem of checking whether a distributed implementation based on communication channels and cryptography complies with a logical authorization policy. We formalize authorization policies and their connection to code by embedding logical predicates and claims within a process calculus. We formulate policy compliance operationally by composing a process model of the distributed system with an arbitrary opponent process. Moreover, we propose a dependent type system for verifying policy compliance of implementation code. Using Datalog as an authorization logic, we show how to type several examples using policies and present a general schema for compiling policies. Categories and Subject Descriptors: D.3.1 [Programming Languages]: Formal Definitions and Theory; D.3.3 [Programming Languages]: Language Constructs and Features; F.3.1 [Logics and Meanings of Programs]: Specifying and Verifying and Reasoning about Programs; F.3.2 [Logics and Meanings of Programs]: Semantics of Programming Languages; F.3.3 [Logics and Meanings of Programs]: Studies of Program Constructs; K.6.5 [Management of Computer and Information Systems]: Security and Protection General Terms: Languages, Security, Theory, Verification Additional Key Words and Phrases: Authorization, type systems, process calculus, spi calculus ACM Reference Format: Fournet, C., Gordon, A. D., and Maffeis, S. 2007. A type discipline for authorization policies. ACM Trans. Program. Lang. Syst. 29, 5, Article 25 (August 2007), 37 pages. DOI = 10.1145/1275497.1275500 http://doi.acm.org/10.1145/1275497.1275500

Published
2007

53. INVITED: Adversarial Machine Learning Beyond the Image Domain.

Author

Zizzo, Giulio, Hankin, Chris, Maffeis, Sergio, and Jones, Kevin

Subjects
MACHINE learning, NATURAL language processing, COMPUTER vision, INDUSTRIAL controls manufacturing, INTRUSION detection systems (Computer security)
Abstract

Machine learning systems have had enormous success in a wide range of fields from computer vision, natural language processing, and anomaly detection. However, such systems are vulnerable to attackers who can cause deliberate misclassification by introducing small perturbations. With machine learning systems being proposed for cyber attack detection such attackers are cause for serious concern. Despite this the vast majority of adversarial machine learning security research is focused on the image domain. This work gives a brief overview of adversarial machine learning and machine learning used in cyber attack detection and suggests key differences between the traditional image domain of adversarial machine learning and the cyber domain. Finally we show an adversarial machine learning attack on an industrial control system. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

55. Discovering concrete attacks on website authorization by formal analysis

Author

Bansal, Chetan, Bhargavan, Karthikeyan, Delignat-Lavaud, Antoine, Maffeis, Sergio, BITS Pilani Goa Campus, Programming securely with cryptography (PROSECCO), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Department of Computing [London], Biomedical Image Analysis Group [London] (BioMedIA), and Imperial College London-Imperial College London

Subjects
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Abstract

International audience; Social sign-on and social sharing are becoming an ever more popular feature of web applications. This success is largely due to the APIs and support offered by prominent social networks, such as Facebook, Twitter and Google, on the basis of new open standards such as the OAuth 2.0 authorization protocol. A formal analysis of these protocols must account for malicious websites and common web application vulnerabilities, such as cross-site request forgery and open redirectors. We model several configurations of the OAuth 2.0 protocol in the applied pi-calculus and verify them using ProVerif. Our models rely on WebSpi, a new library for modeling web applications and web-based attackers that is designed to help discover concrete attacks on websites. To ease the task of writing formal models in our framework, we present a model extraction tool that automatically translates programs written in subsets of PHP and JavaScript to the applied pi-calculus. Our approach is validated by finding dozens of previously unknown vulnerabilities in popular websites such as Yahoo and WordPress, when they connect to social networks such as Twitter and Facebook.

Published
2014
Full Text
View/download PDF

56. Discovering Concrete Attacks on Website Authorization by Formal Analysis

Author

Bansal, Chetan, Bhargavan, Karthikeyan, Delignat-Lavaud, Antoine, Maffeis, Sergio, Microsoft Research [Redmond], Microsoft Corporation [Redmond, Wash.], Programming securely with cryptography (PROSECCO), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Department of Computing [London], Biomedical Image Analysis Group [London] (BioMedIA), Imperial College London-Imperial College London, INRIA, and European Project: 259639,EC:FP7:ERC,ERC-2010-StG_20091028,CRYSP(2010)

Subjects
single sign-on, [INFO.INFO-WB]Computer Science [cs]/Web, ProVerif, OAuth, web protocol, WebSpi, ACM: C.: Computer Systems Organization/C.2: COMPUTER-COMMUNICATION NETWORKS/C.2.2: Network Protocols/C.2.2.2: Protocol verification, cross-site request forgery
Abstract

Social sign-on and social sharing are becoming an ever more popular feature of web applications. This success is largely due to the APIs and support offered by prominent social networks, such as Facebook, Twitter, and Google, on the basis of new open standards such as the OAuth 2.0 authorization protocol. A formal analysis of these protocols must account for malicious websites and common web application vulnerabilities, such as cross-site request forgery and open redirectors. We model several configurations of the OAuth 2.0 protocol in the applied pi-calculus and verify them using ProVerif. Our models rely on WebSpi, a new library for modeling web applications and web-based attackers that is designed to help discover concrete attacks on websites. Our approach is validated by finding dozens of previously unknown vulnerabilities in popular websites such as Yahoo and WordPress, when they connect to social networks such as Twitter and Facebook.; Sous l'effet de la généralisation des réseaux sociaux tels que Facebook, Twitter et Google+, les modules d'authentification unique ont été intégré à une quantité croissante de sites internet, phénomène amplifié depuis l'adoption de protocoles standardisés comme OAuth 2.0. L'analyse de ces nouveaux protocoles doit tenir compte de la puissance d'un attaquant web, qui peut exploiter des failles largement répandues, par exemple, le cross-site request forgery ou les redirecteurs ouverts. Nous proposons des modèles en pi-calcul appliqué pour différentes configurations du protocole OAuth 2.0, que nous vérifions à l'aide de ProVerif. Ces modèles s'appuyent sur la librairie WebSpi pour la modélisation des applications web et les divers attaquants correspondants. Notre approche est validée par la découverte de plusieurs dizaines de nouvelles failles dans des services aussi populaires que Yahoo ou Wordpress, lorsque qu'on accès à eux depuis des réseaux sociaux comme Facebook ou Twitter.

Published
2013

57. Embedding of Security Components in Untrusted Third-Party Websites

Author

Delignat-Lavaud, Antoine, Bhargavan, Karthikeyan, Maffeis, Sergio, Programming securely with cryptography (PROSECCO), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Department of Computing [London], Biomedical Image Analysis Group [London] (BioMedIA), Imperial College London-Imperial College London, INRIA, and European Project: 259639,EC:FP7:ERC,ERC-2010-StG_20091028,CRYSP(2010)

Subjects
JavaScript, cloud storage, cross-site scripting, single sign-on, browser cryptography, [INFO.INFO-WB]Computer Science [cs]/Web, web protocols, security, ACM: C.: Computer Systems Organization/C.2: COMPUTER-COMMUNICATION NETWORKS/C.2.2: Network Protocols/C.2.2.2: Protocol verification, cross-site request forgery
Abstract

Security-sensitive components, such as single sign-on APIs, need to be safely deployed on untrusted webpages. We present several new attacks on security components used in popular web applications that demonstrate how failing to isolate such components leaves them vulnerable to attacks both from the hosting website and other components loaded on the same page. These attacks are not prevented by browser security mechanisms alone, because they are caused by code interacting within the same origin. To mitigate these attacks, we propose to combine fine-grained component isolation at the JavaScript level with cryptographic mechanisms. We present Defensive JavaScript (DJS), a subset of the language that guarantees the behavioral integrity of trusted scripts loaded in an untrusted page. We give a sound type system, type inference tool and build defensive libraries for cryptography and data encodings. We show the effectiveness of our solution by implementing several isolation patterns that fix some of our original attacks. We use a translation of a fragment of DJS to to applied pi-calculus to verify concrete security policies of critical components against various classes of web attackers.; Certaines librairies critiques pour la sécurité, par exemple pour l'authentification unique (single sign-on), nécéssitent d'être chargées dans des sites tiers non sûrs. Nous montrons comment le manque d'isolation entre ces librairies et leur page hôte les rendent vulnérables aux scripts tiers qui partagent le même environnement, y compris pour des services très largements utilisés. Les mécanismes de sécurité des navigateurs sont impuissants face à ces attaques car elles interviennent en dessous de la granularité des politiques de sécurité, fixée par origine (protocole, nom de domaine et numéro de port). Afin de mitiger ces attaques, nous proposons de combiner une isolation fine de ces librairies au niveau du langage avec des protections cryptographiques. À cette fin, nous introduisons DJS, un fragment de JavaScript qui protège l'intégrité de l'exécution d'un script dans un environnement JavaScript hostile. Nous nous appuyons sur un système de types inférables et sur un ensemble de librairies (elles-même bien typées) pour implémenter des solutions génériques aux attaques que nous avons découvertes. Nous vérifions la validité de ces schémas à l'aide d'une traduction d'un sous-ensemble de DJS vers le pi-calcul appliqué contre différent types d'attaques.

Published
2013

61. On the Expressive Power of Polyadic Synchronisation in Pi-Calculus

Author

Carbone, Marco and Maffeis, Sergio

Subjects
distributed systems, π-calculus, matching, expressivity, polyadic synchronisation
Abstract

Udgivelsesdato: Jul-Aug We extend the π-calculus with polyadic synchronisation, a generalisation of the communication mechanism which allows channel names to be composite. We show that this operator embeds nicely in the theory of π-calculus, we suggest that it permits divergence-free encodings of distributed calculi, and we show that a limited form of polyadic synchronisation can be encoded weakly in π-calculus. After showing that matching cannot be derived in π-calculus, we compare the expressivity of polyadic synchronisation, mixed choice and matching. In particular we show that the degree of synchronisation of a language increases its expressive power by means of a separation result in the style of Palamidessi's result for mixed choice.

Published
2003

62. Refinement types for secure implementations

Author

Bengtson, Jesper, Bhargavan, Karthikeyan, Fournet, Cédric, Gordon, Andrew D., Maffeis, Sergio, Bengtson, Jesper, Bhargavan, Karthikeyan, Fournet, Cédric, Gordon, Andrew D., and Maffeis, Sergio

Abstract

UPMARC

Published
2011
Full Text
View/download PDF

63. A trusted mechanised JavaScript specification

Author

Bodin, Martin, primary, Chargueraud, Arthur, additional, Filaretti, Daniele, additional, Gardner, Philippa, additional, Maffeis, Sergio, additional, Naudziuniene, Daiva, additional, Schmitt, Alan, additional, and Smith, Gareth, additional

Published
2014
Full Text
View/download PDF

74. A Type Discipline for Authorization Policies.

Author

Sagiv, Mooly, Fournet, Cédric, Gordon, Andrew D., and Maffeis, Sergio

Abstract

Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as, for instance, digital signatures, local ACLs, and encrypted communications. In principle, authorization specifications can be separated from code and carefully audited. Logic programs, in particular, can express policies in a simple, abstract manner. For a given authorization policy, we consider the problem of checking whether a cryptographic implementation complies with the policy. We formalize authorization policies by embedding logical predicates and queries within a spi calculus. This embedding is new, simple, and general; it allows us to treat logic programs as specifications of code using secure channels, cryptography, or a combination. Moreover, we propose a new dependent type system for verifying such implementations against their policies. Using Datalog as an authorization logic, we show how to type several examples using policies and present a general schema for compiling policies. [ABSTRACT FROM AUTHOR]

Published
2005

76. Quantitative measures for code obfuscation security

Author

Mohsen, Rabih, van Bakel, Steffen, and Maffeis, Sergio

Subjects
004
Abstract

In this thesis we establish a quantitative framework to measure and study the security of code obfuscation, an effective software protection method that defends software against malicious reverse engineering. Despite the recent positive result by Garg et al.[GGH+13] that shows the possibility of obfuscating using indistinguishability obfuscation definition, code obfuscation has two major challenges: firstly, the lack of theoretical foundation that is necessary to define and reason about code obfuscation security; secondly, it is an open problem whether there exists security metrics that measure and certify the current state-of-the-art of code obfuscation techniques. To address these challenges, we followed a research methodology that consists of the following main routes: a formal approach to build a theory that captures, defines and measures the security of code obfuscation, and an experimental approach that provides empirical evidence about the soundness and validity of the proposed theory and metrics. To this end, we propose Algorithmic Information Theory, known as Kolmogorov complexity, as a theoretical and practical model to define, study, and measure the security of code obfuscation. We introduce the notion of unintelligibility, an intuitive way to define code obfuscation, and argue that it is not sufficient to capture the security of code obfuscation. We then present a more powerful security definition that is based on the algorithmic mutual information, and show that is able to effectively capture code obfuscation security. We apply our proposed definition to prove the possibility of obtaining security in code obfuscation under reasonable assumptions. We model adversaries with deobfuscation capabilities that explicitly realise the required properties for a successful deobfuscation attack. We build a quantitative model that comprises a set of security metrics, which are derived from our proposed theory and based on lossless compression, aiming to measure the quality of code obfuscation security. We propose normalised information distance NID as a metric to measure code obfuscation resilience, and establish the relation between our security definition and the normalised information distance. We show that if the security conditions for code obfuscations are satisfied (the extreme case) then the NID tends to be close to one, which is the maximum value that can be achieved. Finally, we provide an experimental evaluation to provide empirical validation for the proposed metrics. Our results show that the proposed measures are positively correlated with the degree of obfuscation resilience to an attacker using decompilers, i.e. the percentage of the clear code that was not recovered by an attacker, which indicates a positive relationship with the obfuscation resilience factor.

Published
2016
Full Text
View/download PDF

77. An executable formal semantics of PHP with applications to program analysis

Author

Filaretti, Daniele and Maffeis, Sergio

Subjects
005.2
Abstract

Nowadays, many important activities in our lives involve the web. However, the software and protocols on which web applications are based were not designed with the appropriate level of security in mind. Many web applications have reached a level of complexity for which testing, code reviews and human inspection are no longer sufficient quality-assurance guarantees. Tools that employ static analysis techniques are needed in order to explore all possible execution paths through an application and guarantee the absence of undesirable behaviours. To make sure that an analysis captures the properties of interest, and to navigate the trade-offs between efficiency and precision, it is necessary to base the design and the development of static analysis tools on a firm understanding of the language to be analysed. When this underlying knowledge is missing or erroneous, tools can't be trusted no matter what advanced techniques they use to perform their task. In this Thesis, we introduce KPHP, the first executable formal semantics of PHP, one of the most popular languages for server-side web programming. Then, we demonstrate its practical relevance by developing two verification tools, of increasing complexity, on top of it - a simple verifier based on symbolic execution and LTL model checking and a general purpose, fully configurable and extensible static analyser based on Abstract Interpretation. Our LTL-based tool leverages the existing symbolic execution and model checking support offered by K, our semantics framework of choice, and constitutes a first proof-of-concept of the usefulness of our semantics. Our abstract interpreter, on the other hand, represents a more significant and novel contribution to the field of static analysis of dynamic scripting languages (PHP in particular). Although our tool is still a prototype and therefore not well suited for handling large real-world codebases, we demonstrate how our semantics-based, principled approach to the development of verification tools has lead to the design of static analyses that outperform existing tools and approaches, both in terms of supported language features, precision, and breadth of possible applications.

Published
2016
Full Text
View/download PDF

78. An executable formal semantics of PHP with applications to program analysis

Author

Filaretti, Daniele, Maffeis, Sergio, and Engineering and Physical Sciences Research Council

Abstract

Nowadays, many important activities in our lives involve the web. However, the software and protocols on which web applications are based were not designed with the appropriate level of security in mind. Many web applications have reached a level of complexity for which testing, code reviews and human inspection are no longer sufficient quality-assurance guarantees. Tools that employ static analysis techniques are needed in order to explore all possible execution paths through an application and guarantee the absence of undesirable behaviours. To make sure that an analysis captures the properties of interest, and to navigate the trade-offs between efficiency and precision, it is necessary to base the design and the development of static analysis tools on a firm understanding of the language to be analysed. When this underlying knowledge is missing or erroneous, tools can’t be trusted no matter what advanced techniques they use to perform their task. In this Thesis, we introduce KPHP, the first executable formal semantics of PHP, one of the most popular languages for server-side web programming. Then, we demonstrate its practical relevance by developing two verification tools, of increasing complexity, on top of it - a simple verifier based on symbolic execution and LTL model checking and a general purpose, fully configurable and extensible static analyser based on Abstract Interpretation. Our LTL-based tool leverages the existing symbolic execution and model checking support offered by K, our semantics framework of choice, and constitutes a first proof-of-concept of the usefulness of our semantics. Our abstract interpreter, on the other hand, represents a more significant and novel contribution to the field of static analysis of dynamic scripting languages (PHP in particular). Although our tool is still a prototype and therefore not well suited for handling large real-world codebases, we demonstrate how our semantics-based, principled approach to the development of verification tools has lead to the design of static analyses that outperform existing tools and approaches, both in terms of supported language features, precision, and breadth of possible applications. Open Access

Published
2015

Catalog

Books, media, physical & digital resources
See catalog results