SOURCE-FREE, COMPONENT-DRIVEN SOFTWARE SECURITY HARDENING by Wenhao Wang APPROVED by SUPERVISORY COMMITTEE: Dr. Kevin W. Hamlen
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Differential Fuzzing the Webassembly
Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL). -
The Architecture of Decentvm
The Architecture of the DecentVM Towards a Decentralized Virtual Machine for Many-Core Computing Annette Bieniusa Johannes Eickhold Thomas Fuhrmann University of Freiburg, Germany Technische Universitat¨ Munchen,¨ Germany [email protected] fjeick,[email protected] Abstract We have accomplished these goals by combining an off-line Fully decentralized systems avoid bottlenecks and single points transcoder with a virtual machine that executes modified bytecode. of failure. Thus, they can provide excellent scalability and very The transcoder performs the verification and statically links the robust operation. The DecentVM is a fully decentralized, distributed required classes of an application or library. Thereby, the resulting virtual machine. Its simplified instruction set allows for a small binary – a so-called blob – is significantly smaller than the original VM code footprint. Its partitioned global address space (PGAS) class files, and its execution requires a significantly less complex memory model helps to easily create a single system image (SSI) virtual machine. Both these effects result in the low memory across many processors and processor cores. Originally, the VM was footprint of DecentVM. designed for networks of embedded 8-bit processors. Meanwhile, All libraries that are required by an application are identified via it also aims at clusters of many core processors. This paper gives a cryptographic hashes. Thus, an application’s code can be deployed brief overview of the DecentVM architecture. as if it was a statically linked executable. The software vendor can thus test the executable as it runs on the customer site without Categories and Subject Descriptors C.1.4 [Processor Architec- interference from different library versions. -
04 ISC 228-TESIS.Pdf
UTN –FICA Análisis y Estudio de Tecnología Ruby on Rails con bases de datos Postgresql para Aplicaciones Web 2.0 UNIVERSIDAD TÉCNICA DEL NORTE Facultad de Ingeniería en Ciencias Aplicadas Carrera de Ingeniería en Sistemas Computacionales TESIS PREVIA OBTENCIÓN DEL TITULO DE INGENIERO EN SISTEMAS COMPUTACIONALES Tema: “Análisis y Estudio de Tecnología Ruby on Rails con bases de datos Postgres para Aplicaciones Web 2.0” Aplicativo: Implementación del Portal Web 2.0 para la Mancomunidad de la Cuenca del Río Mira AUTOR : CHRISTIAN FERNANDO REALPE ROSERO. DIRECTOR : ING. MARCO PUSDÁ. IBARRA – ECUADOR, 2012 Christian Fernando Realpe Rosero Implementación del Portal Web 2.0 para la Mancomunidad de la Cuenca del Río Mira Print to PDF without this message by purchasing novaPDF (http://www.novapdf.com/) UTN –FICA Análisis y Estudio de Tecnología Ruby on Rails con bases de datos Postgresql para Aplicaciones Web 2.0 Certifico: Que la Tesis previa a la obtención del título de Ingeniería en Sistemas Computacionales con el tema “Análisis y Estudio de Tecnología Ruby on Rails con bases de datos Postgres para Aplicaciones Web 2.0”con el aplicativo “Implementación del Portal Web 2.0 para la Mancomunidad de la Cuenca del Río Mira” ha sido desarrollada y terminada en su totalidad por el Sr. Christian Fernando Realpe Rosero con C.C. 100251109-3 bajo mi supervisión para lo cual firmo en constancia. Atentamente, Ing. Marco Pusdá DIRECTOR DE TESIS Christian Fernando Realpe Rosero Implementación del Portal Web 2.0 para la Mancomunidad de la Cuenca del Río Mira Print to PDF without this message by purchasing novaPDF (http://www.novapdf.com/) UTN –FICA Análisis y Estudio de Tecnología Ruby on Rails con bases de datos Postgresql para Aplicaciones Web 2.0 UNIVERSIDAD TÉCNICA DEL NORTE CESIÓN DE DERECHOS DE AUTOR DEL TRABAJO DE INVESTIGACIÓN A FAVOR DE LA UNIVERSIDAD TÉCNICA DEL NORTE Yo, CHRISTIAN FERNANDO REALPE ROSERO, con cedula de identidad Nro. -
Authentication in the Mesh with Webassembly
Authentication in the mesh with WebAssembly Sondre Halvorsen Master’s Thesis, Spring 2021 Thesis submitted for the degree of Master in Informatics: programming and system architecture 30 credits Department of Informatics Faculty of mathematics and natural sciences UNIVERSITY OF OSLO Spring 2021 © 2021 Sondre Halvorsen Master Thesis http://www.duo.uio.no/ Printed: Reprosentralen, University of Oslo Abstract At the start of the last decade Marc Andreessen stated in his now famous blog entry; ‘Software is eating the world’ [173], and as software is eating the world, problems stemming from its security, or lack thereof, is eating it as well. Or- ganisations are increasingly moving to the cloud and adopting new architecture patterns in this new environment, such as cloud native and microservice ar- chitecture. While moving to the cloud generally results in better security for organisations, due to large professional platforms, microservice architectures in- troduce some new problems in regards to cross-cutting concerns like security, robustness and observabiltity. Service mesh is a technology that aims to provide cloud native and application agnostic solution to many of the challenges with micro service architectures. In parallel with the cloud native revolution there has been innovations in areas like security as well. Authentication, authoriza- tion, and access control have changed drastically, with new requirements for how users want to manage and use their identity. Zero Trust Architectures is an example of this drawn to its logical conclusion where no connection is trusted by default. Unfortunately security breaches stemming from poor implementation of security protocols and frameworks rank among the highest still. -
Dynamically Loaded Classes As Shared Libraries: an Approach to Improving Virtual Machine Scalability
Dynamically Loaded Classes as Shared Libraries: an Approach to Improving Virtual Machine Scalability Bernard Wong Grzegorz Czajkowski Laurent Daynès University of Waterloo Sun Microsystems Laboratories 200 University Avenue W. 2600 Casey Avenue Waterloo, Ontario N2L 3G1, Canada Mountain View, CA 94043, USA [email protected] {grzegorz.czajkowski, laurent.daynes}@sun.com Abstract machines sold today have sufficient amount of memory to hold a few instances of the Java virtual machine (JVMTM) Sharing selected data structures among virtual [2]. However, on servers hosting many applications, it is machines of a safe language can improve resource common to have many instances of the JVM running utilization of each participating run-time system. The simultaneously, often for lengthy periods of time. challenge is to determine what to share and how to share Aggregate memory requirement can therefore be large, it in order to decrease start-up time and lower memory and meeting it by adding more memory is not always an footprint without compromising the robustness of the option. In these settings, overall memory footprint must be system. Furthermore, the engineering effort required to kept to a minimum. For personal computer users, the main implement the system must not be prohibitive. This paper irritation is due to long start-up time, as they expect good demonstrates an approach that addresses these concerns TM responsiveness from interactive applications, which in in the context of the Java virtual machine. Our system contrast is of little importance in enterprise computing. transforms packages into shared libraries containing C/C++ programs typically do not suffer from excessive classes in a format matching the internal representation memory footprint or lengthy start-up time. -
Proceedings of the Third Virtual Machine Research and Technology Symposium
USENIX Association Proceedings of the Third Virtual Machine Research and Technology Symposium San Jose, CA, USA May 6–7, 2004 © 2004 by The USENIX Association All Rights Reserved For more information about the USENIX Association: Phone: 1 510 528 8649 FAX: 1 510 548 5738 Email: [email protected] WWW: http://www.usenix.org Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. MCI-Java: A Modified Java Virtual Machine Approach to Multiple Code Inheritance Maria Cutumisu, Calvin Chan, Paul Lu and Duane Szafron Department of Computing Science, University of Alberta {meric, calvinc, paullu, duane}@cs.ualberta.ca Abstract Java has multiple inheritance of interfaces, but only single inheritance of code via classes. This situation results in duplicated code in Java library classes and application code. We describe a generalization to the Java language syntax and the Java Virtual Machine (JVM) to support multiple inheritance of code, called MCI-Java. Our approach places multiply-inherited code in a new language construct called an implementation, which lies between an interface and a class in the inheritance hierarchy. MCI-Java does not support multiply-inherited data, which can cause modeling and performance problems. The MCI-Java extension is implemented by making minimal changes to the Java syntax, small changes to a compiler (IBM Jikes), and modest localized changes to a JVM (SUN JDK 1.2.2). The JVM changes result in no measurable performance overhead in real applications. -
Design and Implementation of a Scala Compiler Backend Targeting the Low Level Virtual Machine Geoffrey Reedy
University of New Mexico UNM Digital Repository Computer Science ETDs Engineering ETDs 5-1-2014 Design and Implementation of a Scala Compiler Backend Targeting the Low Level Virtual Machine Geoffrey Reedy Follow this and additional works at: https://digitalrepository.unm.edu/cs_etds Recommended Citation Reedy, Geoffrey. "Design and Implementation of a Scala Compiler Backend Targeting the Low Level Virtual Machine." (2014). https://digitalrepository.unm.edu/cs_etds/67 This Thesis is brought to you for free and open access by the Engineering ETDs at UNM Digital Repository. It has been accepted for inclusion in Computer Science ETDs by an authorized administrator of UNM Digital Repository. For more information, please contact [email protected]. Geoffrey Reedy Candidate Computer Science Department This thesis is approved, and it is acceptable in quality and form for publication: Approved by the Thesis Committee: Darko Stefanovic , Chairperson Jed Crandall Matthew Lakin Design and Implementation of a Scala Compiler Backend Targeting the Low Level Virtual Machine by Geoffrey Reedy B.S., Computer Science, University of Missouri — Rolla, 2004 THESIS Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science Computer Science The University of New Mexico Albuquerque, New Mexico May, 2014 ©2014, Geoffrey Reedy iii Design and Implementation of a Scala Compiler Backend Targeting the Low Level Virtual Machine by Geoffrey Reedy B.S., Computer Science, University of Missouri — Rolla, 2004 M.S., Computer Science, University of New Mexico, 2014 Abstract The Scala programming language successfully blends object-oriented and functional programming. The current implementation of Scala is tied to the Java Virtual Machine (JVM) which constrains the implementation and deployment targets. -
Cygwin User's Guide
Cygwin User’s Guide Cygwin User’s Guide ii Copyright © Cygwin authors Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this per- mission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this documentation under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this documentation into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Cygwin User’s Guide iii Contents 1 Cygwin Overview 1 1.1 What is it? . .1 1.2 Quick Start Guide for those more experienced with Windows . .1 1.3 Quick Start Guide for those more experienced with UNIX . .1 1.4 Are the Cygwin tools free software? . .2 1.5 A brief history of the Cygwin project . .2 1.6 Highlights of Cygwin Functionality . .3 1.6.1 Introduction . .3 1.6.2 Permissions and Security . .3 1.6.3 File Access . .3 1.6.4 Text Mode vs. Binary Mode . .4 1.6.5 ANSI C Library . .4 1.6.6 Process Creation . .5 1.6.6.1 Problems with process creation . .5 1.6.7 Signals . .6 1.6.8 Sockets . .6 1.6.9 Select . .7 1.7 What’s new and what changed in Cygwin . .7 1.7.1 What’s new and what changed in 3.2 . -
Java and C CSE351, Summer 2018
L23: Java and C CSE351, Summer 2018 Java and C CSE 351 Summer 2018 Instructor: Justin Hsia Teaching Assistants: Josie Lee Natalie Andreeva Teagan Horkan https://xkcd.com/801/ L23: Java and C CSE351, Summer 2018 Administrivia Lab 5 due Friday (8/17) at 11:59 pm . Hard deadline Course evaluations now open . See Piazza post @120 for links Final Exam: Friday in lecture . Review Session: Wed, 8/15, 5‐6:30 pm in EEB 045 . You get ONE double‐sided handwritten 8.5 11” cheat sheet 2 L23: Java and C CSE351, Summer 2018 Roadmap C: Java: Memory & data car *c = malloc(sizeof(car)); Car c = new Car(); Integers & floats c->miles = 100; c.setMiles(100); x86 assembly c->gals = 17; c.setGals(17); Procedures & stacks float mpg = get_mpg(c); float mpg = Executables free(c); c.getMPG(); Arrays & structs Memory & caches Assembly get_mpg: Processes language: pushq %rbp movq %rsp, %rbp Virtual memory ... Memory allocation popq %rbp Java vs. C ret OS: Machine 0111010000011000 100011010000010000000010 code: 1000100111000010 110000011111101000011111 Computer system: 3 L23: Java and C CSE351, Summer 2018 Java vs. C Reconnecting to Java (hello CSE143!) . But now you know a lot more about what really happens when we execute programs We’ve learned about the following items in C; now we’ll see what they look like for Java: . Representation of data . Pointers / references . Casting . Function / method calls including dynamic dispatch 4 L23: Java and C CSE351, Summer 2018 Worlds Colliding CSE351 has given you a “really different feeling” about what computers do and how programs execute We have occasionally contrasted to Java, but CSE143 may still feel like “a different world” . -
G22.2110-003 Programming Languages - Fall 2012 Lecture 12
G22.2110-003 Programming Languages - Fall 2012 Lecture 12 Thomas Wies New York University Review Last lecture I Modules Outline I Classes I Encapsulation and Inheritance I Initialization and Finalization I Dynamic Method Binding I Abstract Classes I Simulating First-Class Functions Sources: I PLP, ch. 9 I PLP, ch. 3.6.3 What is OOP? (part I) The object idea: I bundling of data (data members) and operations (methods) on that data I restricting access to the data An object contains: I data members: arranged as a set of named fields I methods: routines which take the object they are associated with as an argument (known as member functions in C++) A class is a construct which defines the data and methods associated with all of its instances (objects). What is OOP? (part II) The inheritance and dynamic binding ideas: I inheritance: classes can be extended: I by adding new fields I by adding new methods I by overriding existing methods (changing behavior) If class B extends class A, we say that B is a subclass (or a derived or child class) of A, and A is a superclass (or a base or a parent class) of B. I dynamic binding: wherever an instance of a class is required, we can also use an instance of any of its subclasses; when we call one of its methods, the overridden versions are used. Information Hiding in Classes Like modules, classes can restrict access to their data and methods. Unlike modules, classes must take inheritance into account in their access control. -
Concert CHS Bands Turn Down
\ — *♦ ll < l e a t h e r n ^la. M*».Pr«dp. „ 34 60 O-OQ -a. 0.00 U> A{,r* i 80 '~ir~S7 61 0.00 f ‘jZH-45 «0 0.00 QUOTE jO.OO f l u . t r z z U i? “Whoe’er excels In what we Jtw 1 '^dTJO Tvaeo ,49 0.06 prize Appears a hero in our eyes.” Bl Jonathan Swift . , 'y > wtmT H Y E A R — N o . 46 14 Pages This Week CHELSEA, MICHIGAN, THURSDAY, MAY 8, 1969 10c per copy SUBSCRIPTION: $8.00 PER YEAR r « P ■Wf' ’ concert Named for MichiganWeek Michigan Week has been described by one - of America’s leading advertising agencies as Turn Down “Michigan’s biggest public .rela tions program, ”, While, the actual celebration covers eight days beginning the CHS Bands Saturday - preceding the ~nKlrd Sunday in May. every_yeap$_it: is actually the clijnax of a year ,i«a High school Symphony Other program items will in long program in which thousands y Bands will present a elude- Amparita -.Roea . (Spanish of Michigan citizenBf volunteer concert Monday,. May March) .by Texidor; Finale from their time and effort' for .the. bet Sym phony-No. 1 in G-minor by terment of their communities and tae-Third of All School Funds ; nrozrsflit set for '8 p.m. in Kalinnikov; Beguine for Band by state,, the objectives of Michigan i f f & school a,uditori- Osser by the Symphony Band, .YY.GvKi - Eliminated Only 724 Voters directed by, D. Keith Lawson. By & feature Heidi Sprague as Back 1953_a group of Michi She will plarCecile Cha- Other Symphony Band selections gan businessmen, - industrialists; School- Dlitrict voters I Mills said that the schools could >g Concertino for flute, acr include Second Suitfe in F by educators and others decided that overwhelming# defeated a school not operate ^at the__ 1968-69 1evel ' nied by -6 section of - the Holst,_ March, Sbng Without something ibig should be done by miliage yproposaT tharw uld" hdve next year with the same funds increased schooUtaxes by 3.83 mills ,-i&ny Band. -
Cygwin User's Guide
Cygwin User’s Guide i Cygwin User’s Guide Cygwin User’s Guide ii Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Red Hat, Inc. Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this per- mission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this documentation under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this documentation into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Cygwin User’s Guide iii Contents 1 Cygwin Overview 1 1.1 What is it? . .1 1.2 Quick Start Guide for those more experienced with Windows . .1 1.3 Quick Start Guide for those more experienced with UNIX . .1 1.4 Are the Cygwin tools free software? . .2 1.5 A brief history of the Cygwin project . .2 1.6 Highlights of Cygwin Functionality . .3 1.6.1 Introduction . .3 1.6.2 Permissions and Security . .3 1.6.3 File Access . .3 1.6.4 Text Mode vs. Binary Mode . .4 1.6.5 ANSI C Library . .5 1.6.6 Process Creation . .5 1.6.6.1 Problems with process creation . .5 1.6.7 Signals . .6 1.6.8 Sockets . .6 1.6.9 Select .