modern client side defenses
play

Modern client-side defenses Deian Stefan Today How can we use - PowerPoint PPT Presentation

Dec 09, 2023 •349 likes •1.46k views

Modern client-side defenses Deian Stefan Today How can we use sophisticated isolation and interaction between components to develop flexible, interesting web applications, while protecting confidentiality and integrity Today

  1. Adoption challenge • Problem: inline scripts are widely-used ➤ Page authors use the ‘unsafe-inline' directive ➤ Is this a problem? • Solution: script nonce and script hash ➤ Allow scripts that have a particular hash ➤ Allow scripts that have a white-listed nonce

  2. Adoption challenge • Problem: inline scripts are widely-used ➤ Page authors use the ‘unsafe-inline' directive ➤ Is this a problem? • Solution: script nonce and script hash ➤ Allow scripts that have a particular hash ➤ Allow scripts that have a white-listed nonce

  3. Other adoption challenges • Goal: set most restricting CSP that is permissive enough to not break existing app • How can you figure this out for a large app? ➤ CSP has a report-only header and report-uri directive ➤ Report violations to server; don’t enforce

  4. ✓ How do we protect page from ads/services? • How to share data with cross-origin page? ✓ How to protect one user from another’s content? ✓ How do we protect the page from a library? • How do we protect the page from the CDN? • How do we protect the page from network provider? • How do we protect extension from page?

  5. What are some (other) limitations of CSP? 
 (think beyond security)

  6. How is CSP really used in practice? esources. JavaScript crawl of wser in or- esent in remov- ctives and dditionally, we ving the identifying headers with keyword the con- whose dges repre- Figure 1: Distribution of CSP directives. visited the

  7. How is CSP really used in practice? esources. JavaScript crawl of wser in or- esent in remov- ctives and dditionally, we ving the identifying headers with keyword the con- whose dges repre- Figure 1: Distribution of CSP directives. visited the

  8. frame-ancestors? What problem is this addressing?

  9. Clickjacking! e t s a e - - - • How does frame-ancestor help? ➤ Don’t allow non twitter origins to frame delete page!

  10. Clickjacking! e t s a e - - - • How does frame-ancestor help? ➤ Don’t allow non twitter origins to frame delete page!

  11. What about the other two? esources. JavaScript crawl of wser in or- esent in remov- ctives and dditionally, we ving the identifying headers with keyword the con- whose dges repre- Figure 1: Distribution of CSP directives. visited the

  12. What is MIXed content? https://… http://… • Why is this bad? ➤ Network attacker can inject their own scripts, images, etc.!

  13. What is MIXed content? https://… http://… • Why is this bad? ➤ Network attacker can inject their own scripts, images, etc.!

  14. How does CSP help? • upgrade-insecure-requests ➤ Essentially rewrite every HTTP URL to HTTPS before making request • block-all-mixed-content ➤ Don’t load any content over HTTP • Are the two complimentary? 


  15. CSP is not enough!

  16. Outline: modern mechanisms • iframe sandbox (quick refresher) • Content security policy (CSP) • HTTP strict transport security (HSTS) • Subresource integrity (SRI) • Cross-origin resource sharing (CORS)

  17. Motivation for HSTS • Attacker can force you to go to HTTP vs. HTTPS ➤ SSL Stripping attack (Moxie) They can rewrite all HTTPS URLs to HTTP - If server serves content over HTTP: doom! - • HSTS: never visit site over HTTP again ➤ Strict-Transport-Security: max-age=31536000

  18. ✓ How do we protect page from ads/services? • How to share data with cross-origin page? ✓ How to protect one user from another’s content? ✓ How do we protect the page from a library? • How do we protect the page from the CDN? ✓ How do we protect the page from network provider? • How do we protect extension from page?

  19. Outline: modern mechanisms • iframe sandbox (quick refresher) • Content security policy (CSP) • HTTP strict transport security (HSTS) • Subresource integrity (SRI) • Cross-origin resource sharing (CORS)

  20. 
 
 Motivation for SRI • CSP+HSTS can be used to limit damages, but can’t really defend against malicious code • How do you know that the library you’re loading is the correct one? 
 Won’t using HTTPS address this problem? 


  21. 
 
 Motivation for SRI • CSP+HSTS can be used to limit damages, but can’t really defend against malicious code • How do you know that the library you’re loading is the correct one? 
 Won’t using HTTPS address this problem? 


  22. 
 
 Subresource integrity • Idea: page author specifies hash of (sub)resource they are loading; browser checks integrity ➤ E.g., integrity for scripts 
 <link rel="stylesheet" href="https://site53.cdn.net/style.css" integrity="sha256-SDfwewFAE...wefjijfE"> ➤ E.g., integrity for link elements 
 <script src="https://code.jquery.com/jquery-1.10.2.min.js" integrity="sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Tw+Y5qFQmYg=">

  23. What happens when check fails? • Case 1 (default): ➤ Browser reports violation and does not render/ execute resource • Case 2: CSP directive with integrity-policy directive set to report ➤ Browser reports violation, but may render/execute resource

  24. 
 Multiple hash algorithms • Authors may specify multiple hashes ➤ E.g., 
 <script src="hello_world.js" integrity=“sha256-... sha512-... "></script> • Browser uses strongest algorithm • Why support multiple algorithms? ➤ Don’t break page on old browser

  25. 
 Multiple hash algorithms • Authors may specify multiple hashes ➤ E.g., 
 <script src="hello_world.js" integrity=“sha256-... sha512-... "></script> • Browser uses strongest algorithm • Why support multiple algorithms? ➤ Don’t break page on old browser

  26. ✓ How do we protect page from ads/services? • How to share data with cross-origin page? ✓ How to protect one user from another’s content? ✓ How do we protect the page from a library? ✓ How do we protect the page from the CDN? ✓ How do we protect the page from network provider? • How do we protect extension from page?

  27. Outline: modern mechanisms • iframe sandbox (quick refresher) • Content security policy (CSP) • HTTP strict transport security (HSTS) • Subresource integrity (SRI) • Cross-origin resource sharing (CORS)

  28. Recall: SOP is also inflexible • Problem: Can’t fetch cross-origin data ➤ Leads to building insecure sites/services: JSONP • Solution: Cross-origin resource sharing (CORS) ➤ Data provider explicitly whitelists origins that can inspect responses ➤ Browser allows page to inspect response if its origin is listed in the header

  29. E.g., CORS usage: amazon • Amazon has multiple domains ➤ E.g., amazon.com and aws.com • Problem: amazon.com can’t read cross-origin aws.com data aws.com • With CORS amazon.com 
 can whitelist aws.com amazon.com evil.biz

  30. How CORS works • Browser sends Origin header with XHR request ➤ E.g., Origin: https://amazon.com • Server can inspect Origin header and respond with Access-Control-Allow-Origin header ➤ E.g., Access-Control-Allow-Origin: https://amazon.com ➤ E.g., Access-Control-Allow-Origin: * • CORS XHR may send cookies + custom headers ➤ Need “preflight” request to authorize this

  31. ✓ How do we protect page from ads/services? ✓ How to share data with cross-origin page? ✓ How to protect one user from another’s content? ✓ How do we protect the page from a library? ✓ How do we protect the page from the CDN? ✓ How do we protect the page from network provider? • How do we protect extension from page?

  32. How do we protect extensions from pages? • Firefox and Chrome: ➤ Isolated worlds: extension script’s heap is different from the heap of the page. Why? ➤ E.g., getElementById = function() {...evil stuff…}

  33. How do we protect extensions from pages? • Force developers to follow: ➤ Privilege separation by breaking extension into Core extension script: has access to privileged APIs - Content script: can manipulate page but must ask - core script to use privileged APIs on its behalf ➤ Principle of least privileged via permission system User must approve APIs granted to core extension - scripts, so developers should be kept in line

  34. ✓ How do we protect page from ads/services? ✓ How to share data with cross-origin page? ✓ How to protect one user from another’s content? ✓ How do we protect the page from a library? ✓ How do we protect the page from the CDN? ✓ How do we protect the page from network provider? ✓ How do we protect extension from page?

  35. Stepping back: are these good?

  36. 
 
 Motivation for COWL 
 (working spec draft) • Same Origin Policy • Content Security Policy • Sandboxing 


  37. 
 
 Motivation for COWL 
 (working spec draft) • Same Origin Policy • Content Security Policy • Sandboxing 
 All-or-nothing discretionary access control: 
 access data ➠ ability to leak it

  38. Where DAC falls short…

  39. Where DAC falls short… Third-party APIs

  40. Where DAC falls short… Third-party APIs Mashups

  41. Where DAC falls short… Third-party APIs Mashups Third-party libraries

  42. Where DAC falls short… Third-party APIs Third-party mashups Mashups Third-party libraries

  43. Where DAC falls short… Third-party APIs Third-party mashups Mashups Third-party libraries

  44. 
 
 
 Recall: password-strength checker b.ru/chk.html a.com Guarantee: checker cannot leak password ➤ At worst: checker lies about strength of password

  45. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 a.com/chk.html a.com b.ru

  46. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 p45s a.com/chk.html a.com b.ru

  47. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 a.com/chk.html a.com b.ru

  48. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 a.com/chk.html a.com b.ru

  49. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 a.com/chk.html a.com b.ru

  50. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 a.com/chk.html a.com b.ru

  51. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 a.com/chk.html a.com b.ru

  52. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 default-src ‘none’ ‘unsafe-inline’ 
 a.com/chk.html a.com b.ru

  53. Confining the checker using existing mechanisms • Host the checker code on a.com • Use CSP & Sandboxing ➤ Need JavaScript: sandbox allow-scripts ➤ Limit communication to postMessage with parent: 
 Actually can leak to iframes, so 
 default-src ‘none’ ‘unsafe-inline’ 
 need to use Worker… a.com/chk.html a.com b.ru

  54. Why is this unsatisfactory? • Functionality of library is limited ➤ E.g., library cannot fetch resources from network ➤ A more flexible CSP policy would weaken security • Security policy is not first-class ➤ Library cannot use code it itself doesn’t trust • Security policy is not symmetric ➤ Library cannot consider parent untrusted

  55. COWL Idea (a): Provide means for associating security label with data ➤ E.g., password is sensitive to a.com Idea (b): Ensure code is confined to obey labels by associating labels with browsing contexts ➤ E.g., password can only be sent to entities that are as sensitive as a.com 


  56. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com a.com b.ru

  57. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com public b.ru a.com a.com b.ru

  58. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com public b.ru ? a.com a.com b.ru

  59. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com public b.ru a.com a.com b.ru

  60. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com public b.ru public b.ru/chk.html a.com a.com b.ru

  61. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com public b.ru public b.ru/chk.html a.com a.com b.ru

  62. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com public b.ru public b.ru/chk.html a.com a.com b.ru

  63. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 a.com public b.ru public b.ru/chk.html a.com a.com b.ru

  64. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 postMessage(Label({pass: …}, “a.com”), “b.ru”)) a.com public b.ru public ? b.ru/chk.html a.com a.com b.ru

  65. 
 Confining the checker with COWL • Express sensitivity of data ➤ Checker can only receive password if its context label is as sensitive as the password • Use postMessage to send labeled password ➤ Source specifies sensitivity of data at time of send 
 postMessage(Label({pass: …}, “a.com”), “b.ru”)) a.com public b.ru public a.com {pass: ...} b.ru/chk.html a.com a.com b.ru

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Many acting parties on a site

867 views • 62 slides
Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Modern web sites are

709 views • 57 slides
Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why

Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why

Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why using a database Persistency Concurrency (avoid race conditions) Query Scalability SQL vs NoSQL databases Relational database (SQL

475 views • 10 slides
ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner Nicholas Carlini Return Oriented Programming Basic ROP Mo(va(ons DEP Data

712 views • 11 slides
CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side Server Side Web Server Web Browser Web Technologies Content Resources Presentation management Client Side Processing Multimedia The evolution of

1.24k views • 23 slides
Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

783 views • 13 slides
CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser after page is sent back from server often this code manipulates the page or responds to user actions What is JavaScript? a lightweight

643 views • 29 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science &amp; Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DEFCON DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side Exploitation Script Based Attack Powershell,Jscript,Vbscript Vbscript:still people use IE, you can call wmic and powershell script to execute.

428 views • 15 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

562 views • 38 slides
Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

1.03k views • 66 slides
Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side Direct I/O for NFS Connectathon 1997 Disclaimer This is not a product announcement. 2 Client-Side Direct I/O for NFS Connectathon 1997

311 views • 16 slides
CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application Popular attacks Cross-site

266 views • 15 slides
CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering

CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering

CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering Web Programming Paradigms So far we have seen server-side programming Next Enrich user experience, interactivity with client- side

759 views • 24 slides
Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various

Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various

Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various Client-Side Hacking Tricks and Techniques pdp Information Security Researcher, founder of the GNUCITIZEN group OBJECTIVES I was planning to...

948 views • 59 slides
Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App

Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App

Challenge: Database Access for Client-side Apps Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App Presented by Marek Zawirski App App Inria / UPMC-LIP6, Paris (now at Google, Zrich) Marek

469 views • 13 slides
Static program checking and verification Correctness class ArraySet implements Set { class

Static program checking and verification Correctness class ArraySet implements Set { class

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Mller Static program checking and verification Correctness class ArraySet

445 views • 18 slides
DocBook Documentation at SUSE and Automated Document Quality Assurance Stefan Knorr

DocBook Documentation at SUSE and Automated Document Quality Assurance Stefan Knorr

DocBook Documentation at SUSE and Automated Document Quality Assurance Stefan Knorr sknorr@suse.de Technical Writer Content 1. Meet the Team, Meet the Workfmow 2. Documentation: Client-Based Checks 3. Documentation: Server-Based Checks 4.

403 views • 22 slides
CSc 337 LECTURE 2: MORE HTML AND CSS Activity: match this page Page Text xt: Koala Bears

CSc 337 LECTURE 2: MORE HTML AND CSS Activity: match this page Page Text xt: Koala Bears

CSc 337 LECTURE 2: MORE HTML AND CSS Activity: match this page Page Text xt: Koala Bears Koalas are marsupials and not actually bears. Food Koalas eat eucalyptus. Dangers (Koalas are an endangered species) Dingos &amp; Deforestation &amp;

776 views • 39 slides
XLIFF 2.0 the Easy Way: The Okapi XLIFF Toolkit FEISGILTT Dublin June 2014 Yves Savourel ENLASO

XLIFF 2.0 the Easy Way: The Okapi XLIFF Toolkit FEISGILTT Dublin June 2014 Yves Savourel ENLASO

XLIFF 2.0 the Easy Way: The Okapi XLIFF Toolkit FEISGILTT Dublin June 2014 Yves Savourel ENLASO Corporation This presentation was made possible by In a few words Goal: Facilitate creating, reading, manipulating and writing of XLIFF 2.0

724 views • 4 slides
Tizen Web Application Checker Xu Zhang (xu.u.zhang@intel.com) Agenda Tizen Compliance and

Tizen Web Application Checker Xu Zhang (xu.u.zhang@intel.com) Agenda Tizen Compliance and

Tizen Web Application Checker Xu Zhang (xu.u.zhang@intel.com) Agenda Tizen Compliance and Application Compatibility Tool Features Design Overview Checker Modules Getting Started Contributing to Tizen Web

521 views • 20 slides
Not All Patterns, But Enough Neil Mitchell, Colin Runciman York University Catch An Example

Not All Patterns, But Enough Neil Mitchell, Colin Runciman York University Catch An Example

Not All Patterns, But Enough Neil Mitchell, Colin Runciman York University Catch An Example Is the following code safe?* risers :: Ord [ ] [[ ]] risers [] = [] risers [x] = [[x]] risers (x:y:etc) = if x y then (x:s) :

875 views • 28 slides
ICFEM98, Brisbane Australia, 11 Decemb er 1998, 9am Ubiquitous Abstraction: A New App

ICFEM98, Brisbane Australia, 11 Decemb er 1998, 9am Ubiquitous Abstraction: A New App

ICFEM98, Brisbane Australia, 11 Decemb er 1998, 9am Ubiquitous Abstraction: A New App roach T o Mechanized F o rmal V erication John Rushb y Computer Science Lab o rato ry SRI International Menlo P a rk, CA

644 views • 33 slides
COMP60411: Modelling Data on the Web SAX, Schematron, JSON, Robustness &amp; Errors Week 4

COMP60411: Modelling Data on the Web SAX, Schematron, JSON, Robustness &amp; Errors Week 4

COMP60411: Modelling Data on the Web SAX, Schematron, JSON, Robustness &amp; Errors Week 4 Bijan Parsia &amp; Uli SaJler University of Manchester 1 SE2 General Feedback use a good spell &amp; grammar checker answer the

1.06k views • 69 slides

More recommend