Permission Checks Research Articles

Security Analysis of Smart Contract Migration from Ethereum to Arbitrum

When migrating smart contracts from one blockchain platform to another, there are potential security risks. This is because different blockchain platforms have different environments and characteristics for executing smart contracts. The focus of this paper is to study the security risks associated with the migration of smart contracts from Ethereum to Arbitrum. We collected relevant data and analyzed smart contract migration cases to explore the differences between Ethereum and Arbitrum in areas such as Arbitrum cross-chain messaging, block properties, contract address alias, and gas fees. From the 36 types of smart contract migration cases we identified, we selected four typical types of cases and summarized their security risks. The research shows that smart contracts deployed on Ethereum may face certain potential security risks during migration to Arbitrum, mainly due to issues inherent in public blockchain characteristics, such as outdated off-chain data obtained by the inactive sequencer, logic errors based on time, failed permission checks, and denial of service (DOS) attacks. To mitigate these security risks, we proposed avoidance methods and provided considerations for users and developers to ensure a secure migration process. It is worth noting that this study is the first to conduct an in-depth analysis of the secure migration of smart contracts from Ethereum to Arbitrum.

A Lightweight File System Design for Unikernel

Unikernels are specialized operating system (OS) kernels optimized for a single application or service, offering advantages such as rapid boot times, high performance, minimal memory usage, and enhanced security compared to general-purpose OS kernels. Unikernel applications must remain compatible with the runtime environment of general-purpose kernels, either through binary or source compatibility. As a result, many Unikernel projects have prioritized system call compatibility over performance enhancements. In this paper, we explore the design principles of Unikernel file systems and introduce a new file system tailored for Unikernels named ULFS (Ultra Lightweight File System). ULFS provides system call services akin to those of general-purpose OS kernels but achieves superior performance and security with significantly fewer system resources. Specifically, ULFS is developed as a lightweight file system embracing Unikernel design principles. It streamlines system calls, removes unnecessary locks, and omits permission checks for multiple users, utilizing a non-hypervisor architecture. This approach significantly reduces the memory footprint of the file system and enhances performance. Through measurement studies, we assess the performance and memory requirements of various file systems from major Unikernel projects. Our findings demonstrate that ULFS surpasses several existing Unikernel file systems, including Rumpvfs, Ramfs-u, Ramfs-q, 9pfs, and Hcfs.

Web Application Penetration Testing on Udayana University's OASE E-learning Platform Using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM)

Education is a field that utilizes information technology to support academic and operational activities. One of the technologies widely used in the education sector is web-based applications. Web-based technologies are vulnerable to exploitation by attackers, which highlights the importance of ensuring strong security measures in web-based systems. As an educational organization, Udayana University utilizes a web-based application called OASE. OASE, being a web-based system, requires thorough security verification. Penetration testing is conducted to assess the security of OASE. This testing can be performed using the ISSAF and OSSTMM frameworks. The penetration testing based on the ISSAF framework consists of 9 steps, while the OSSTMM framework consists of 7 steps for assessment. The results of the OASE penetration testing revealed several system vulnerabilities. Throughout the ISSAF phases, only 4 vulnerabilities and 3 information-level vulnerabilities were identified in the final testing results of OASE. Recommendations for addressing these vulnerabilities are provided as follows. Implement a Web Application Firewall (WAF) to reduce the risk of common web attacks in the OASE web application. input and output validation to prevent the injection of malicious scripts addressing the stored XSS vulnerability. Update the server software regularly and directory permission checks to eliminate unnecessary information files and prevent unauthorized access. Configure a content security policy on the web server to ensure mitigation and prevent potential exploitation by attackers.

Automatic Permission Check Analysis for Linux Kernel

Permission checks play an essential role in operating system security by providing access control to privileged functionalities. However, it is challenging for kernel developers to scalably verify the soundness of existing checks due to the large codebase and complexity of the kernel. In fact, Linux kernel contains millions of lines of code with hundreds of permission checks, and even worse its complexity is fast-growing. This paper presents PeX, a static permission check error detector for Linux, which takes as input a kernel source code and reports any missing, inconsistent, and redundant permission checks. PeX uses KIRIN (Kernel InteRface based Indirect call aNalysis), a novel, precise, and scalable indirect call analysis technique. Over the interprocedural control flow graph built by KIRIN, PeX automatically identifies permission checks and infers the mappings between permission checks and privileged functions. For each privileged function, PeX examines all possible paths to the function to check if necessary permission checks are correctly enforced. We evaluated PeX on the latest stable Linux kernel v4.18.5 for three types of permission checks: Discretionary Access Controls (DAC), Capabilities, and Linux Security Modules (LSM). PeX reported 45 new permission check errors, 17 of which have been confirmed by the kernel developers.

A review of optical image encryption techniques based on Cloud computing biometric and multiple image processing

Cloud Computing technology has become one of the most powerful technologies in terms of high availability, flexibility, and scalability. Besides all the widely perceived benefits of cloud computing, there is a concern that makes the use of the cloud leads to a potential risk that is security. To overcome security issues, a strong authentication mechanism is required. Biometric authentication is one of the very popular methods used for identity detection so that only an authorized person can access the system, one method to achieve this is image processing. In this paper, we review various optical image encryption techniques based on the optical Double Random Phase Encoding (DRPE) system, the oldest and most extensively investigated optical scheme. In the literature, we get an overview of digital image processing applications and data encryption schemes. The various parameter used to measure the image encryption level is discussed. The optical Double Random Phase Encoding method and its numerical simulation are then investigated. In addition to it, other optical encryptions techniques such as multiple image cryptosystem extension and different techniques are discussed that enhance the optical encryption security, which is used widely and generally appreciated. We explored the cloud framework via the biometric authentication process to authorize the legitimate user and permission checks is done by the biometric system. The level of security of the overall system increases when the authorization process is strong and faultless. The challenges faced in this area and the objectives of the research have been discussed.

Недостатки в протоколе разрешений Android при ограниченной верификации

Purpose of the article: analysis of the resolution protocol implemented in the Android operating system as the most popular for smartphones and other electronic gadgets; consider a formal model of the Android permission protocol and describe the automatic security analysis of this model; identify potential flaws in the permitting protocol. Research method: A formal model of the Android permission protocol based on C++ using the Java NDK based on first-order relational logic is considered, with an analysis engine that performs limited model validation. Result. Created a formal model of Android permission protocol using C ++ using Java NDK. The model identified flaws in the Android permission protocol, and thus exposed Android security vulnerabilities. The developed Android protocol permission model consists of three parts: an Android device architecture query; Android permission scheme request; system operations. Fixed flaws in Android OS related to custom permissions vulnerability. An experiment is presented to demonstrate the feasibility and prevalence of custom permissions vulnerability in existing Android applications. Examination of real Android applications supports our finding that flaws in the Android permission protocol can have serious security implications for electronic gadget applications, and in some cases allows an attacker to completely bypass permission checks. A study of one of the vulnerabilities showed that it is widespread among many existing Android applications. Most developers do not perform any additional validation to ensure that inbound APIs come from trusted applications or vendors, assuming they may not be aware of a custom permissions vulnerability despite its potential for security breaches. The result will be useful for software developers for operating systems with permissions - Android, iOS and Fire OS.

Toward Efficient Transparent Computing for IoT Apps by On-Chip Kernel Offload

Graphics processing units (GPUs) have of late enjoyed increased popularity as a general purpose computing accelerator in multiple application domains like artificial intelligence. However, there has been little exploration into the performance and energy optimization GPUs can deliver for increasingly popular but heavy burden on transparent computing for Internet-of-Things (IoT), such as deep-inference tasks under energy-constrained scenarios. This paper presents FuncShare, an extension of the capability of dynamic functional connectivity among IoT to cross-device hand over identified computation-intensive functional codes at runtime. As a kernel-level offloading solution, FuncShare now enables unmodified Android and Linux-based transparent computing applications (apps) to utilize not only application functionalities but also system functionalities across devices, as if they were to utilize them inside the same OpenCL or CUDA libraries. Toward secure network connection, FuncShare also allows performing of permission checks for remote apps in the same method as for local. Experimental results show that FuncShare enables transparent cross-device sharing for power-hungry functionalities and benefits significant performance enhancing than within-device processing even if a large amount of data is transferred.

A formal approach for detection of security flaws in the android permission system

Abstract The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely.

Direct Resource Hijacking in Android

Android provides flexible inter-application communication by exporting the components of one app to others. Each app can define customized permissions to control access from other apps to its exposed components. However, an attacker can easily access the exported components and private app information by evading permission checks in Android. In this article, the authors discuss a new attack called a direct resource hijacking attack (or resource hijacking attack), which directly hijacks exported components or permissions on components owned by a benign app. They find that among the top 230 popular apps, 53 are vulnerable to this attack. To tackle this vulnerability, they propose a fine-grained resource access control framework in Android and introduce a certificate-augmented resource naming mechanism. With this method, malicious apps cant hijack a victim apps permissions to steal its private data in the victim app, or hijack a victim apps components to retrieve data thats delivered to the victim app. The proposal sheds light on a new design of resource protection in Android.

Unified address translation for memory-mapped SSDs with FlashMap

Applications can map data on SSDs into virtual memory to transparently scale beyond DRAM capacity, permitting them to leverage high SSD capacities with few code changes. Obtaining good performance for memory-mapped SSD content, however, is hard because the virtual memory layer, the file system and the flash translation layer (FTL) perform address translations, sanity and permission checks independently from each other. We introduce FlashMap, an SSD interface that is optimized for memory-mapped SSD-files. FlashMap combines all the address translations into page tables that are used to index files and also to store the FTL-level mappings without altering the guarantees of the file system or the FTL. It uses the state in the OS memory manager and the page tables to perform sanity and permission checks respectively. By combining these layers, FlashMap reduces critical-path latency and improves DRAM caching efficiency. We find that this increases performance for applications by up to 3.32x compared to state-of-the-art SSD file-mapping mechanisms. Additionally, latency of SSD accesses reduces by up to 53.2%.

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.

Providing safe, user space access to fast, solid state disks

Emerging fast, non-volatile memories (e.g., phase change memories, spin-torque MRAMs, and the memristor) reduce storage access latencies by an order of magnitude compared to state-of-the-art flash-based SSDs. This improved performance means that software overheads that had little impact on the performance of flash-based systems can present serious bottlenecks in systems that incorporate these new technologies. We describe a novel storage hardware and software architecture that nearly eliminates two sources of this overhead: Entering the kernel and performing file system permission checks. The new architecture provides a private, virtualized interface for each process and moves file system protection checks into hardware. As a result, applications can access file data without operating system intervention, eliminating OS and file system costs entirely for most accesses. We describe the support the system provides for fast permission checks in hardware, our approach to notifying applications when requests complete, and the small, easily portable changes required in the file system to support the new access model. Existing applications require no modification to use the new interface. We evaluate the performance of the system using a suite of microbenchmarks and database workloads and show that the new interface improves latency and bandwidth for 4 KB writes by 60% and 7.2x, respectively, OLTP database transaction throughput by up to 2.0x, and Berkeley-DB throughput by up to 5.7x. A streamlined asynchronous file IO interface built to fully utilize the new interface enables an additional 5.5x increase in throughput with 1 thread and 2.8x increase in efficiency for 512 B transfers.

Providing safe, user space access to fast, solid state disks

Emerging fast, non-volatile memories (e.g., phase change memories, spin-torque MRAMs, and the memristor) reduce storage access latencies by an order of magnitude compared to state-of-the-art flash-based SSDs. This improved performance means that software overheads that had little impact on the performance of flash-based systems can present serious bottlenecks in systems that incorporate these new technologies. We describe a novel storage hardware and software architecture that nearly eliminates two sources of this overhead: Entering the kernel and performing file system permission checks. The new architecture provides a private, virtualized interface for each process and moves file system protection checks into hardware. As a result, applications can access file data without operating system intervention, eliminating OS and file system costs entirely for most accesses. We describe the support the system provides for fast permission checks in hardware, our approach to notifying applications when requests complete, and the small, easily portable changes required in the file system to support the new access model. Existing applications require no modification to use the new interface. We evaluate the performance of the system using a suite of microbenchmarks and database workloads and show that the new interface improves latency and bandwidth for 4 KB writes by 60% and 7.2x, respectively, OLTP database transaction throughput by up to 2.0x, and Berkeley-DB throughput by up to 5.7x. A streamlined asynchronous file IO interface built to fully utilize the new interface enables an additional 5.5x increase in throughput with 1 thread and 2.8x increase in efficiency for 512 B transfers.

A security policy oracle

Even experienced developers struggle to implement security policies correctly. For example, despite 15 years of development, standard Java libraries still suffer from missing and incorrectly applied permission checks, which enable untrusted applications to execute native calls or modify private class variables without authorization. Previous techniques for static verification of authorization enforcement rely on manually specified policies or attempt to infer the policy by code-mining. Neither approach guarantees that the policy used for verification is correct. In this paper, we exploit the fact that many modern APIs have multiple, independent implementations. Our flow- and context-sensitive analysis takes as input an API, multiple implementations thereof, and the definitions of security checks and security-sensitive events. For each API entry point, the analysis computes the security policies enforced by the checks before security-sensitive events such as native method calls and API returns, compares these policies across implementations, and reports the differences. Unlike code-mining, this technique finds missing checks even if they are part of a rare pattern. Security-policy differencing has no intrinsic false positives: implementations of the same API must enforce the same policy, or at least one of them is wrong! Our analysis finds 20 new, confirmed security vulnerabilities and 11 interoperability bugs in the Sun, Harmony, and Classpath implementations of the Java Class Library, many of which were missed by prior analyses. These problems manifest in 499 entry points in these mature, well-studied libraries. Multiple API implementations are proliferating due to cloud-based software services and standardization of library interfaces. Comparing software implementations for consistency is a new approach to discovering "deep" bugs in them.

정적분석을 이용한 자바 언어의 권한검사 시각화 시스템

Java 2에서 자원에 대한 접근 권한관리를 위하여 프로그래머는 프로그램 실행에 필요한 권한들을 정책파일(polic file)에 기술하고, 보안관 리자(Security Manager)를 설치하여 프로그램을 수행시킨다. 프로그램 실행 중에 자원에 대한 접근을 시도할 때마다. 보안관리자는 스택 인스펙션을 통해 접근 권한이 있는지 검사한다. 본 논문에서는 프로그래머가 안전한 보안정책을 세우는데 편의를 제공하고자 권한검사 관련 정보를 정적으로 분석하여 시각적으로 보여주는 시스템을 구현하였다. 권한김사 시각화 시스템은 정적 권한검사 분석에 기반하여, 각 메소드 별로 항상 성공하거나 항상 실패하는 권한검사를 계산한다. 프로그래머는 프로그램을 실행시켜보기 전에 권한검사와 스택 인스펙션이 어떻게 수행되는지 시각적으로 확인해 볼 수 있다. 이러한 정보를 토대로 안전한 보안정책을 세우기 위해 프로그램이나 정책파일을 수정할 수 있다. In Jana 2, to enforce a suity policy of a program, programmer writes permission sets required by the code at the policy file, sets Security Manager on system and executes the program. Then Security Manager checks by stack inspection whether an access request to resource should be granted or denied whenever code tries to access critical resource. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. This system is based on the static permission check analysis which analyzes permission checks which must succeed or fail at each method. Based on this analysis information, programmer can examine visually how permission checks and their stack inspection are performed. By modifying program or policy file if necessary and examining analysis information repeatedly, programmer can enforce security policy correctly.

Static check analysis for Java stack inspection

Most static analysis techniques for optimizing stack inspection approximate permission sets such as granted permissions and denied permissions. Because they compute permission sets following control flow, they usually take intra-procedural control flow into consideration as well as call relationship. In this paper, we observed that it is necessary for more precise optimization on stack inspection to compute more specific information on checks instead of permissions. We propose a backward static analysis based on simple call graph to approximate redundant permission checks which must fail. In a similar way, we also propose a backward static analysis to approximate success permission checks, which must pass stack inspection.

Java access protection through typing

AbstractWe propose an integration of field access rights into the Java type system such that those access permission checks which are now performed dynamically (at run time), can instead be done statically, i.e. checked by the Java compiler and rechecked (at link time) by the bytecode verifier. We explain how this can be extended to remove all dynamic checks of field read access rights, completely eliminating the overhead of get methods for reading the value of a field. Improvements include using fast static lookup instead of dynamic dispatch for field access (without requiring a sophisticated inlining analysis), the space required by get methods is avoided, and denial‐of‐service attacks on field access is prevented. We sketch a formalization of adding field access to the bytecode verifier which will make it possible to prove that the change is safe and backwards compatible. Copyright © 2001 John Wiley & Sons, Ltd.