hao chen university of california davis web services are
play

Hao Chen University of California, Davis Web services are highly - PowerPoint PPT Presentation

Aug 22, 2022 •183 likes •893 views

Benjamin Davis Benjamin Davis Hao Chen University of California, Davis Web services are highly attractive targets Over 60% of attacks target Web applications Over 80% of vulnerabilities found are in Web applications (From SANS 2009

  1. Benjamin Davis Benjamin Davis Hao Chen University of California, Davis

  2.  Web services are highly attractive targets  Over 60% of attacks target Web applications  Over 80% of vulnerabilities found are in Web applications (From SANS 2009 Top Cyber Security Risks) 2

  3. <h1>Latest Comment</h1> <p> {User Content} </p> 3

  4. <h1>Latest Comment</h1> <p> This is <b>great!</b> </p> 4

  5. <h1>Latest Comment</h1> <p> <script> steal(document.cookie); </script> </p> 5

  6. ? ? Application ? ? ? 6

  7. Information Flow Tracking System   Input !! Application   7

  8. Information Flow Tracking System   Application !!   8

  9. Information Flow Tracking System   !! Application !!   9

  10. Information Flow Tracking System   Application !! !!  Output  10

  11. Information Flow Tracking System   Application X X !! !!  Output  11

  12.  Language-based “taint mode” ◦ Perl ◦ Ruby  Adding support to language structures ◦ Java [Chin, Wagner 09] ◦ PHP [Venema] 12

  13. Information Flow Tracking System Database Interface Input Database Web Application Output 13

  14. Information Flow Tracking System Database Interface !! Input   Database Web Application  Output  14

  15. Information Flow Tracking System Database Interface Input   Database Web Application !!  Output  15

  16. Information Flow Tracking System Database Interface !! Input   Database Web Application  Output  16

  17. Information Flow Tracking System !! Database Interface Input   Database Web Application  Output  17

  18. Information Flow Tracking System ? Database Interface Input   Database Web Application  Output  18

  19. Information Flow Tracking System Database Interface ? Input   Database Web Application  Output  19

  20. Information Flow Tracking System Database Interface ? Input   Database Web Application  Output  20

  21.  What if you have multiple applications?  How to treat data from the database? ◦ All tainted -> false positives ◦ All untainted -> false negatives ◦ Require manual annotation? ◦ Application-specific decisions? 21

  22.  Taint tracking through the entire system ◦ [Asbestos, 05] ◦ [HiStar, 06]  Implemented in ◦ Hardware ◦ OS ◦ VMM/emulator 22

  23. Database Interface !! Input Database Web Application Output 23

  24. Database Interface Input Database Web Application Output 24

  25. !! Database Interface Input Database Web Application Output 25

  26. Database Interface Input Database Web Application Output 26

  27.  Low level/fine granularity ◦ Hardware mechanism [Suh, Lee, Devadas 04] ◦ Minos [Crandall, Chong, 04]  Lacks high-level database semantics ◦ Aggregate functions ◦ Comparisons, SELECT DISTINCT 27

  28.  End-to-end taint tracking ◦ Across Web applications and databases  Leverage existing single-application information flow tracking engines  Compatible with existing Web services ◦ Require no changes to Web applications  Taint propagation through database functions 28

  29. DB Interface SQL Database Engine Web Application 29

  30. DBTaint DB Interface SQL Database Engine Web Application Single-application information flow 30

  31.  Store taint data in database composite types ◦ Tuple of form: (<value>, <taint_value>)  Store/retrieve taint values via SQL ◦ No additional mechanisms needed in the database ◦ No change to underlying database data structures Id Id Status Status Id Id Status Status 19 ‘closed’ (19, 0) (‘closed’, 1) 27 ‘open’ (27, 0) (‘open’, 1) 32 ‘pending’ (32, 0) (‘pending, 1) Before DBTaint With DBTaint 31

  32.  Create functions that operate on composite types ◦ Comparison operators (=, !=, <, …) ◦ Arithmetic operations (+, -, …) ◦ Text operations (upper, lower, …) ◦ Aggregate functions (MAX, MIN, SUM, …)  Functions implemented in SQL ◦ CREATE FUNCTION ◦ CREATE OPERATOR ◦ CREATE AGGREGATE 32

  33.  Arithmetic operations (4, 0) + (5, 1) = (9, ?) 33

  34.  Arithmetic operations (4, 0) + (5, 1) = (9, ?) untainted tainted 34

  35.  Arithmetic operations (4, 0) + (5, 1) = (9, 1) untainted tainted tainted 35

  36.  MAX {(2, 0), (3, 1), (5, 0)} = (5, ?) 36

  37.  MAX {(2, 0), (3, 1), (5, 0)} = (5, ?) untainted tainted untainted 37

  38.  Untainted: trusted source ◦ Web application defaults ◦ Values generated entirely by the Web application  Tainted: from untrusted source, or unknown ◦ User input  Explicit information flow  Database returns untainted value only if database has received that value untainted 38

  39.  MAX {(2, 0), (3, 1), (5, 0)} = (5, ?) untainted tainted untainted 39

  40.  MAX {(2, 0), (3, 1), (5, 0)} = (5, 0) untainted tainted untainted untainted 40

  41.  Equality ? (3, 0) = (3, 1) untainted tainted 41

  42.  Equality 3 == 3 42

  43.  Equality (3, 0) == (3, 1) untainted tainted  Adopt notion of backwards-compatibility [Chin, Wagner 09] 43

  44.  MAX {(5, 1), (5, 0)} = (5, ?) tainted untainted 44

  45.  MAX {5, 5} = 5 45

  46.  MAX {5, 5} = 5 OR 46

  47.  MAX {(5, 1), (5, 0)} = (5, ?) OR 47

  48.  MAX {(5, 1), (5, 0)} = (5, 0) tainted untainted untainted  When possible, prefer to return untainted values 48

  49. Database Table DB Interface Id Id Status Status 19 ‘closed’ 27 ‘open’ 32 ‘pending’ WebApp 49

  50. Database Table DB Interface Id Id Status Status x = DB.get(id=27) 19 ‘closed’ 27 ‘open’ 32 ‘pending’ WebApp 50

  51. Database Table DB Interface Id Id Status Status x = DB.get(id=27) 19 ‘closed’ 27 ‘open’ 32 ‘pending’ WebApp 51

  52. Database Table DB Interface Id Id Status Status x = DB.get(id=27) 19 ‘closed’ 27 ‘open’ 32 ‘pending’ WebApp 52

  53. Database Table DB Interface Id Id Status Status x = “open” 19 ‘closed’ 27 ‘open’ 32 ‘pending’ WebApp 53

  54. DBTaint Database Table DB Interface Id Id Status Status (19, 0) (‘closed’, 1) (27, 0) (‘open’, 1) (32, 0) (‘pending, 1) WebApp 54

  55. DBTaint Database Table DB Interface Id Id Status Status x = DB.get(id=27) (19, 0) (‘closed’, 1) (27, 0) (‘open’, 1) (32, 0) (‘pending, 1) WebApp 55

  56. DBTaint Database Table DB Interface Id Id Status Status Rewritten query (19, 0) (‘closed’, 1) (27, 0) (‘open’, 1) (32, 0) (‘pending, 1) WebApp 56

  57. DBTaint Database Table DB Interface Id Id Status Status Result tuples (19, 0) (‘closed’, 1) (27, 0) (‘open’, 1) (32, 0) (‘pending, 1) WebApp 57

  58. DBTaint Database Table DB Interface Id Id Status Status Collapse (19, 0) (‘closed’, 1) tuples and taint (27, 0) (‘open’, 1) appropriately (32, 0) (‘pending, 1) WebApp 58

  59. DBTaint Database Table DB Interface Id Id Status Status x = “open” (19, 0) (‘closed’, 1) // x is tainted (27, 0) (‘open’, 1) (32, 0) (‘pending, 1) WebApp 59

  60.  Account for composite types in SQL queries  Collapse and taint result tuples as needed  These changes are: ◦ Transparent to web application ◦ High-level, portable DBTaint DB Interface DB unchanged 60

  61.  Parameterized queries  Prepare: ◦ INSERT … (id, status) VALUES (?, ?) ◦ Execute ◦ (27, ‘open’) 61

  62.  Parameterized queries  Prepare: ◦ INSERT … (id, status) VALUES (?, ?) ◦ // with DBTaint: ◦ INSERT … (id, status) VALUES (ROW(?, ?), ROW(?, ?)) 62

  63.  Parameterized queries  Prepare: ◦ INSERT … (id, status) VALUES (?, ?) ◦ // with DBTaint: ◦ INSERT … (id, status) VALUES (ROW(?, ?), ROW(?, ?)) ◦ Execute ◦ (27, ‘open’) // 27 is untainted, ‘open’ is tainted ◦ // with DBTaint: ◦ (27, 0, ‘open’, 1) 63

  64.  Prepare phase: ◦ Queries are passed with placeholders for data  Execute phase: ◦ Data values are passed separately, independently  Taint tracking engine requirement: ◦ Only need to track taint values per variable  We handle non-parameterized queries too ◦ See paper for details 64

  65.  Leverage existing single-application information flow tracking systems  No changes to Web application DBTaint DB Interface Single-application information flow Web Application 65

  66.  Languages ◦ Perl ◦ Java  Database Interfaces ◦ Perl DataBase Interface (DBI) ◦ Java Database Connectivity (JDBC)  Database ◦ PostgreSQL 66

  67.  RT: Request Tracker (ticket tracking system) ◦ 60,000+ lines of Perl ◦ Perl DBI (DataBase Interface) API ◦ Perl taint mode  JForum (discussion board system) ◦ 30,000+ lines of Java ◦ Java Database Connectivity (JDBC) API ◦ Character-level taint engine [Chin, Wagner ’09] 67

  68. requests/second requests/second RT Original DBTaint JForum 0 5 10 15 20 25 30 68

Recommend

PRIVACY-PRESERVING ALIBI SYSTEMS Benjamin Davis , Hao Chen, Matthew Franklin University of

PRIVACY-PRESERVING ALIBI SYSTEMS Benjamin Davis , Hao Chen, Matthew Franklin University of

PRIVACY-PRESERVING ALIBI SYSTEMS Benjamin Davis , Hao Chen, Matthew Franklin University of California, Davis ASIACCS 2012 Motivation 2 Murder Case Dropped After MetroCard Verifies Alibi New York Times, January 2009 Limitations

548 views • 29 slides
Drilling through the M31 Halo near Mayall-II/G1 Michael Gregg University of California, Davis

Drilling through the M31 Halo near Mayall-II/G1 Michael Gregg University of California, Davis

Drilling through the M31 Halo near Mayall-II/G1 Michael Gregg University of California, Davis Michael West Lowell Observatory Brian Lemaux University of California, Davis Andreas Kpper Quantco, Inc. Origin of the brightest Globulars

411 views • 15 slides
1 University of California, Davis 2 University of Athens, Greece 3 LogicBlox Inc., Atlanta, USA UC

1 University of California, Davis 2 University of Athens, Greece 3 LogicBlox Inc., Atlanta, USA UC

Sven Khler 1 Bertram Ludscher 1,3 Yannis Smaragdakis 2,3 1 University of California, Davis 2 University of Athens, Greece 3 LogicBlox Inc., Atlanta, USA UC DAVIS Department of Computer Science Datalog2.0, Vienna Logic Weeks Outline

646 views • 38 slides
+ Dean Copsey University of California at Davis With Mark Oskin (UW), Fred Chong (Davis), Isaac

+ Dean Copsey University of California at Davis With Mark Oskin (UW), Fred Chong (Davis), Isaac

Memory Hierarchies for Quantum Computation + Dean Copsey University of California at Davis With Mark Oskin (UW), Fred Chong (Davis), Isaac Chuang (MIT), and Khaled Abdel-Gaffar (Davis) Overview Introduction to Quantum Computing

505 views • 21 slides
and Production Yanhong Liu University of California, Davis UC DAVIS IS Outline World

and Production Yanhong Liu University of California, Davis UC DAVIS IS Outline World

Non-nutrition: the future of nutrition? Non-nutrients in Swine Health and Production Yanhong Liu University of California, Davis UC DAVIS IS Outline World population &amp; calorie demand Non-nutrients - a novel concept Examples

686 views • 44 slides
Polygonal Finite Element Methods N. Sukumar University of California, Davis Workshop on

Polygonal Finite Element Methods N. Sukumar University of California, Davis Workshop on

University of California, Davis Polygonal Finite Element Methods N. Sukumar University of California, Davis Workshop on Discretization Methods for Polygonal and Polyhedral Meshes Milano, September 18, 2012 Collaborators and Acknowledgements

1k views • 54 slides
Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech

Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech

Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech University, China University of California, Davis, USA Neural networks in real-life applications user authentication autonomous

599 views • 30 slides
Grass Lake Luther Pass, California Wes Christensen Graham Fogg University of California, Davis

Grass Lake Luther Pass, California Wes Christensen Graham Fogg University of California, Davis

Hydrogeology of Grass Lake Luther Pass, California Wes Christensen Graham Fogg University of California, Davis Department of Geology Overview Site description Geology Stream flows Hydraulic gradients Specific conductivity

563 views • 18 slides
Matt Bishop Department of Computer Science University of California at Davis 1 Shields Ave.

Matt Bishop Department of Computer Science University of California at Davis 1 Shields Ave.

6/17/08 Matt Bishop Vicentiu Neagoe June 17, 2008 1 Matt Bishop Department of Computer Science University of California at Davis 1 Shields Ave. Davis, CA 95616-8562 phone : (530) 752-8060 email : bishop@cs.ucdavis.edu www :

265 views • 7 slides
The exchange value embedded in a transport system Qinglan Xia University of California at Davis

The exchange value embedded in a transport system Qinglan Xia University of California at Davis

The exchange value embedded in a transport system Qinglan Xia University of California at Davis A joint work with Shaofeng Xu. RICAM Workshop on Optimal Transportation in the Applied Sciences Linz, December 2014. First Prev

1.34k views • 64 slides
Crystallizing the Schur Q -functions Maria Gillespie, University of California, Davis Jake

Crystallizing the Schur Q -functions Maria Gillespie, University of California, Davis Jake

Crystallizing the Schur Q -functions Maria Gillespie, University of California, Davis Jake Levinson, University of Washington Kevin Purbhoo, University of Waterloo AMS Fall Western Sectional Nov 4, 2017

1.58k views • 146 slides
Shifting numerical monoids Christopher ONeill University of California Davis

Shifting numerical monoids Christopher ONeill University of California Davis

Shifting numerical monoids Christopher ONeill University of California Davis coneill@math.ucdavis.edu Joint with Rebecca Conaway*, Felix Gotti, Jesse Horton*, Roberto Pelayo, Mesa Williams*, and Brian Wissman * = undergraduate student

1.93k views • 176 slides
LEARNING AUTHORS: MARTN ABADI, PAUL BARHAM, JIANMIN CHEN, ZHIFENG CHEN, ANDY DAVIS, JEFFREY

LEARNING AUTHORS: MARTN ABADI, PAUL BARHAM, JIANMIN CHEN, ZHIFENG CHEN, ANDY DAVIS, JEFFREY

TENSORFLOW: A SYSTEM FOR LARGE-SCALE MACHINE LEARNING AUTHORS: MARTN ABADI, PAUL BARHAM, JIANMIN CHEN, ZHIFENG CHEN, ANDY DAVIS, JEFFREY DEAN, MATTHIEU DEVIN, SANJAY GHEMAWAT, GEOFFREY IRVING, MICHAEL ISARD, MANJUNATH KUDLUR, JOSH LEVENBERG,

544 views • 18 slides
The Evolution of Authenticated Encryption Phillip Rogaway University of California, Davis, USA

The Evolution of Authenticated Encryption Phillip Rogaway University of California, Davis, USA

The Evolution of Authenticated Encryption Phillip Rogaway University of California, Davis, USA Includes joint work with Mihir Bellare, John Black, Ted Krovetz, and Tom Shrimpton DIAC Directions in Authenticated Ciphers 05 July 2012

748 views • 52 slides
A Biodiesel Processor Feasibility study at the University of California, Davis Groupmates:

A Biodiesel Processor Feasibility study at the University of California, Davis Groupmates:

A Biodiesel Processor Feasibility study at the University of California, Davis Groupmates: Rujuta Munshi Xiange Wang Imby Abath Presentation Outline 1. Project Background a. Product, client, biodiesel 2. Method 3. Results and

206 views • 18 slides
Epistemic normativity and becoming our future selves Ted Shear University of California, Davis

Epistemic normativity and becoming our future selves Ted Shear University of California, Davis

Setup Nature of belief Inter-attitude coherence Intra-attitude coherence Concluding Remarks on TEs Epistemic normativity and becoming our future selves Ted Shear University of California, Davis University of Queensland Workshop: Beyond

362 views • 17 slides
Integration Considerations of the PNS System Jingbo Wang University of California, Davis,

Integration Considerations of the PNS System Jingbo Wang University of California, Davis,

Integration Considerations of the PNS System Jingbo Wang University of California, Davis, Department of Physics PNS System Location Plan for DUNE single phase far detector: Two corner manholes + one possible middle feedthrough Two

557 views • 12 slides
UC Davis Chile Experience General Manager October 2019 UC DAVIS California innovation to the

UC Davis Chile Experience General Manager October 2019 UC DAVIS California innovation to the

How to create a technological offer for different sized companies? Mauricio Caoles UC Davis Chile Experience General Manager October 2019 UC DAVIS California innovation to the world World Lider in Agricultural and Food Sciences 9 Research

431 views • 19 slides
Introducing the University of California Undergraduate Campus Locations UC Berkeley UC Davis

Introducing the University of California Undergraduate Campus Locations UC Berkeley UC Davis

Introducing the University of California Undergraduate Campus Locations UC Berkeley UC Davis UC Irvine UC Los Angeles UC Merced UC Riverside UC San Diego UC Santa Barbara UC Santa Cruz 10/18/2018 2 UC Campuses When selecting where to

639 views • 27 slides
Leptogenesis and Fundamental Symmetries of Nature Mu-Chun Chen, University of California at

Leptogenesis and Fundamental Symmetries of Nature Mu-Chun Chen, University of California at

Leptogenesis and Fundamental Symmetries of Nature Mu-Chun Chen, University of California at Irvine Project X Physics Study Workshop, Fermilab, June 16, 2012 1 Baryon Number Asymmetry in SM Within the SM: CP violation in quark sector

351 views • 20 slides
Baryogenesis through Leptogenesis Mu-Chun Chen, University of California at Irvine Giada

Baryogenesis through Leptogenesis Mu-Chun Chen, University of California at Irvine Giada

Baryogenesis through Leptogenesis Mu-Chun Chen, University of California at Irvine Giada Carminati for WPA Workshop on Search of New physics with Leptons, UNAM, October 17, 2018 Evidence of Matter-Antimatter Asymmetry CMB anisotropy T

864 views • 72 slides
DIALECTOLOGY IN A MULTILINGUAL NORTH AMERICA Robert Bayley University of California, Davis

DIALECTOLOGY IN A MULTILINGUAL NORTH AMERICA Robert Bayley University of California, Davis

DIALECTOLOGY IN A MULTILINGUAL NORTH AMERICA Robert Bayley University of California, Davis American Dialect Society Austin, Texas January 7, 2017 Moving Beyond a Traditional Focus ADS has traditionally focused on English in North

502 views • 34 slides
Ehrhart Positivity Federico Castillo University of California, Davis Joint work with Fu Liu

Ehrhart Positivity Federico Castillo University of California, Davis Joint work with Fu Liu

Ehrhart Positivity Federico Castillo University of California, Davis Joint work with Fu Liu December 15, 2016 Federico Castillo UC Davis Ehrhart Positivity Lattice points of a polytope A (convex) polytope is a bounded solution set of a

1.13k views • 100 slides
Credit and Insurance Michael Carter Alexander Sarris Lan Cheng University of FAO University

Credit and Insurance Michael Carter Alexander Sarris Lan Cheng University of FAO University

The Economics of Interlinking Credit and Insurance Michael Carter Alexander Sarris Lan Cheng University of FAO University of California-Davis California-Davis &amp; BASIS CRSP Challenge of Risk &amp; Insurance Ample evidence of

288 views • 11 slides

More recommend