Ananth A. Jillepalli

An Architecture for a Policy-Oriented Web Browser Management System: HiFiPol: Browser

Web browsers are a necessity of todays economy and government. This success is attributed to their flexibility, which is afforded by Turing-complete execution and powerful graphic capabilities, both accessible through the network to trusted and untrusted sites. These capabilities, if maliciously undermined, have high potential for data or system compromise. An approach that can be successfully applied to prevent and mitigate compromise is tailoring browser security settings according to device, user/role, and domain. To make such a high-fidelity security configurations practical, we are designing and implementing HiFiPol: Browser: A policy-oriented and multi-platform Hi-Fidelity security Policy management system for web Browsers. In this article, we describe the architecture of HiFiPol: Browser. We describe in detail all components of the architecture, the tasks needed to implement it in a fully operational system, and the current status on the progress of each task. HiFiPol: Browser has been designed to provide: a) a human-friendly and high-level policy specification language and environment, b) security policy conflict detection and resolution, c) automatic instantiation of high-level policies into configurations, and d) distributed browser configuration deployment. We believe that HiFiPol: Browser will enable the design and implementation of domain-, application-, device-, and user-tailored secure policies within a technically diverse organization.

HERMES: A high-level policy language for high-granularity enterprise-wide secure browser configuration management

In this article, we describe the characteristics, structure, and uses of HERMES. HERMES is a high-level security policy description language. Its characteristics are: (1) enable the specification of organizational domain knowledge in a hierarchical manner; (2) enable the specification of security policies at desired granularity levels within the organizational IT and OT infrastructure; (3) enable security policies to be automatically instantiated into security configurations; (4) it is human-centered and designed for ease of use; (5) it is application and device independent. We show an example of using HERMES to write a high-level policy and show examples of how such policy can be instantiated into a domain and device, user and role, application and action specific security configuration. We also describe the integration of HERMES within the HiFiPol:Browser policy management system. We believe HERMES is a necessary step toward securing the client side of the web ecosystem and prevent or mitigate the current onslaught of web browser-based attacks, such as phishing.

Using a knowledge-based security orchestration tool to reduce the risk of browser compromise

Today, web browsers are used to access and modify sensitive data and systems including intranets and critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully patched. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations in a diverse browsing ecosystem. However, in our research, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure browsing ecosystem. We analyzed in detail more than a thousand browser security configuration options in three major browsers and found that only 17 had common names with common semantics. In this paper, we describe the results of this in-depth analysis. We also describe a knowledge-based solution, Open Browser GP, that would enable organizations to implement highly-granular secure configurations for their information and operational technology (IT/OT) browsing ecosystem.

Blockchain: properties and misconceptions

The purpose of this article is to clarify current and widespread misconceptions about the properties of blockchain technologies and to describe challenges and avenues for correct and trustworthy design and implementation of distributed ledger system (DLS) or Technology (DLT).,The authors contrast the properties of a blockchain with desired, however emergent, properties of a DLS, which is a complex and distributed system. They point out and justify, with facts and analysis, current misconceptions about the blockchain and DLSs. They describe challenges that these systems will need to address and possible solution avenues for achieving trustworthiness.,Many of the statements that have appeared on the internet, news and academic articles, such as immutable ledger and exact copies, may be misleading. These are desired emergent properties of a complex system, not assured properties. It is well-known within the distributed systems and critical software community that it is extremely hard to prove that a complex system correctly and completely implements emergent properties. Further research and development for trustworthy DLS design and implementation is needed, both practical and theoretical.,This is the first known published attempt at describing current misconceptions about blockchain technologies. Further collaborative work, discussions, potential solutions, evaluations, resulting publications and verified reference implementations are needed to ensure DLTs are safe, secure, and trustworthy.,Interdisciplinary teams with members from academia, business and industry, and from disciplines such as business, entrepreneurship, theoretical and practical computer science, cybersecurity, finance, mathematics and statistics, must be formed. Such teams must collaborate with the objective of developing strategies and techniques for ensuring the correctness and security of future DLSs in which our society may become dependent.,The value and originality of this article is twofold: the disproving, through fact collection and systematic analysis, of current misconceptions about the properties of the blockchain and DLSs, and the discussion of challenges to achieving adequate trustworthiness along with the proposal of general avenues for possible solutions.

Hardening web applications using a least privilege DBMS access model

Within the last three years hundreds of millions of private data records have been compromised in high-profile data breaches, resulting in billions of dollars in economic losses and unrecoverable loss of privacy. One commonality is that attackers obtained administrative-level access to records on a central database. We argue that the widespread practice of highest privilege design and configuration is a significant contributor, where users and applications are given the highest level of privilege needed to execute the union of all needed tasks. One problematic common practice is, in a web-based application, for front-end and middleware processes to have root privileges to the complete DBMS back-end database. This practice is in stark opposition to the well-known secure design principle of least privilege introduced 40 years ago. Enforcing least privilege at all levels of a web application would help prevent future all-lost cyber-compromises. Here we introduce Hierarchical Policy (HPol), a formal access control modeling tool used in modeling web application database security.

Security management of cyber physical control systems using NIST SP 800-82r2

Cyber-attacks and intrusions in cyber-physical control systems are, currently, difficult to reliably prevent. Knowing a systems vulnerabilities and implementing static mitigations is not enough, since threats are advancing faster than the pace at which static cyber solutions can counteract. Accordingly, the practice of cybersecurity needs to ensure that intrusion and compromise do not result in system or environment damage or loss. In a previous paper [2], we described the Cyberspace Security Econometrics System (CSES), which is a stakeholder-aware and economics-based risk assessment method for cybersecurity. CSES allows an analyst to assess a system in terms of estimated loss resulting from security breakdowns. In this paper, we describe two new related contributions: 1) We map the Cyberspace Security Econometrics System (CSES) method to the evaluation and mitigation steps described by the NIST Guide to Industrial Control Systems (ICS) Security, Special Publication 800-82r2. Hence, presenting an economics-based and stakeholder-aware risk evaluation method for the implementation of the NIST-SP-800-82 guide; and 2) We describe the application of this tailored method through the use of a fictitious example of a critical infrastructure system of an electric and gas utility.