• Home

  • Documents

  • Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web...
40
Cross‐Origin JavaScript Capability Leaks Detec9on: Detec9on, Exploita9on, and Defense Joint work with Adam Barth and Dawn Song 1

Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Cross‐OriginJavaScriptCapabilityLeaksDetec9on:Detec9on,Exploita9on,andDefense

JointworkwithAdamBarthandDawnSong

1

Page 2: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

JavaScriptisasimplelanguagewithcomplexsecurityproper9es.Specifically,itisconcernedabouthos9lecodebeingruninavarietyofJavaScriptcontexts.Takethisexample.Wehave(atleast)threedis9nctJavaScriptcontexts:theESPNpage,anadver9sementrunninginaframe,andNYTimes.comrunninginanothertab.AllofthesecouldberunningJavaScript.

JavaScriptobjectsfromoneJavaScriptcontextshouldnotnecessarilybeaccessiblefromanotherJavaScriptcontext.Thiscouldleadtoallsortsofmaliciousbehaviorsuchasaccessinganothersite’scookiesorchangingtheJavaScriptofthatpage.Inthiswork,we’repar9cularlyworriedaboutaclassofvulnerabili9esthatleaksJavaScriptobjectsfromoneJavaScriptcontexttoanother.

Inpar9cular,aretherewaysforonecontexttomaliciouslyaccessobjectsandproper9esinanothercontext?

2

Page 3: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Inthiswork,weiden9fyanewclassofwebbrowsersecurityvulnerabili9eswhichallowfortheaccessofobjectsandproper9esinotherJavaScriptcontexts.Thesevulnerabili9esexploitapar9cularholeinthesecurityenforcementbywebbrowsersoftheirsecuritypolicies.Wecallthesevulnerabili9es“Cross‐OriginJavaScriptCapabilityLeaks.”

3

Page 4: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Wealsohavecreatedadynamicanalysistoolfordetec9ngthesevulnerabili9es.WeuseanovelformofJavaScriptheapgraphanalysistoaccomplishthis.

4

Page 5: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Usingthetool,wefindtwoseveralrealvulnerabili9esinamajorwebbrowser.Addi9onally,wealsousetothetooltodissecta“safe”mashupJavaScriptlibraryandexploitit.

5

Page 6: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Finally,weproposeanewenforcementmechanismforwebbrowsers.Wedonotproposeanewpolicy;weonlyproposeanew,moreeffec9ve,enforcementmechanismforcurrentpolicies.

6

Page 7: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Tostartthetalk,let’sdiscussthecurrentJavaScriptsecuritymodelforobjectaccess.Then,we’llintroducetheproblemofCross‐OriginJavaScriptCapabilityLeaks.We’llshowamethodofdetec9ngthesevulnerabili9es.Finally,we’lldiscussageneralsolu9ontothisclassofa_acks.

7

Page 8: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

TheDocumentObjectModel,orDOM,isthestructurethatrepresentsmanyoftheimportantobjectsonwebpages,suchasthedocument’scookie.Italsoallowsforthephysicalmanipula9onofthewebpageitself.TheDOMisnotdirectlyapartoftheJavaScriptengine;itisasetofbuiltinobjectsandmethodsformanipula9ngobjects,buttheJavaScriptengineistheore9callyseparatefromtheDOM.

InordertogainaccesstoDOMobjects,theDOMdoesasecuritychecktomakesurethattheaccessingcontextisallowedtohandlethespecifiedobject.IftheJavaScriptcontextsmatch,theconnec9onisgrantedandaccessgiven.

8

Page 9: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

FromtheJSEngine’sperspec9ve,theJavaScriptcontextnowholdsareferencetotheobject.

9

Page 10: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

IftheJavaScriptcontextsdonotmatch,thenaccessisdeniedandnoreferenceisgiven.

10

Page 11: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

TheJavaScriptengineitselfhasadifferentwayofdoingthings.Itworksasacapabilitysystem.IfaJavaScriptcontextisgivenareferencetoaJSobject,ithaspermissiontoaccessit.Ifnosuchreferenceexists,theobjectcannotbeaccessed.Thereisnowayto“divine”objectsintheJavaScriptengine.ThisissortofwheretheDOMcomesin.IfyouneedaccesstoaDOMobject,youcanreferenceit,evenifnopar9cularobjecthasareferencetoit.

11

Page 12: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Inshort,insideofwebbrowsers,therearetwodifferentwaysmechanismsforsecurity.Ontheonehand,theDOMprovidesaccesscontrolcheckswhenaDOMobjectisini9allyaccessed.

12

Page 13: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Ontheotherhand,theJavaScriptenginetreatsallobjectsascapabili9es,includingDOMobjectsoncetheyhavebeenaccessedandassignedavariable.

13

Page 14: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Youmightstarttogetasensethatthissitua9onisabitodd.WehavetheDOMac9ngasanaccesscontrolsystemandtheJSEngineasacapabilitysystem,bothofwhicharedealingwiththesameJavaScriptobjects.Let’sdelveintothepreciseproblemwe’redealingwith.

14

Page 15: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

We’vebeentalkingaboutJavaScriptratherabstractlysofar,butwhatarealltheseJavaScriptcontexts,andwhatdoesitmeanforacontexttoreferenceanobjectinanothercontext?

Whathappenswhenonecontexthasareferencetoanobjectinanothercontext?ItturnsoutthatJavaScriptdefinesasetofveryspecialobjectscalledglobalobjects.Eachwindowandframehasitsownglobalobject,and,infact,JavaScriptcontextsaredefinedbyJavaScriptenginesbytheglobalobjectofthecontext.Globalobjectshaveanumberofspecialproper9es,themostimportantofwhich,forourpurposes,isthatitisthereferencemonitorfortheDOMdiscussedearlier.Anycontextisallowedtoaccessanyglobalobjectandtheitwillperformtheappropriateaccesscontrolchecksonaccessedproper9es.

15

Page 16: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Forexample,thefunc9on“bar”maymakeareferencetotheglobalobjectfromthecontext“Window1.”

16

Page 17: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

However,itwouldbebadifbar()wasabletoreferencealloftheobjectsthattheglobalobjectpointsto.Fortunately,globalobjectsprovidethereferencemonitor,sothisisnotanissue.

17

Page 18: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Itwouldalsobeverybadifbar()heldadirectreferencetoeitheroftheotherobjectsinthe“Window1”context.Unfortunately,theydonothavereferencemonitorswrappingthem,soifbar()heldareferencetothem,itwouldbegameover,unlikeifitheldareferencetotheothercontext’sglobalobject.

18

Page 19: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Solet’sjumpbacktothetwopoliciesoftheDOMandJavaScriptengine.Whathappenswhenthetwomeet?

19

Page 20: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Specifically,letusassumethatcontext1isgrantedaccesstoanobjectthroughthereferencemonitor.Fromtheperspec9veoftheJavaScriptengine,thecontextnowholdsareferencetotheobjectwhichisalsoacapability.

20

Page 21: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

TheJavaScriptcontextcandowhateveritwantswiththereference,includinghandingthereferencetoanotherJavaScriptcontext,onpurposeorotherwise.

21

Page 22: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Becausetheengineisacapabilitysystem,itnowcanaccesstheobjectwithfullpermissions.EventhoughitisaDOMobject,itisnowbypassingthereferencemonitorcheck.Now,wehaven’testablishedthisaproblemyetperse;itisnotclearthatthereisanywayforaJavaScriptcontexttodothisillegi9mately.However,itturnsoutthatthisisaseriousproblembecauseofanumberofbugsinwebbrowsers.Inthesebugs,amaliciousscriptcan“trick”thebrowserintothinkingthatit’sfromadifferentJavaScriptcontext,thusgainingaccesstoasensi9veobjectthroughtheDOMaccesscontrol.ThemaliciousJavaScriptcontextnowhasacapabilitytothisobjectsoitcanmanipulateithoweveritseesfit,includingallofthethingstowhichitreferences.

22

Page 23: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

ThisisaCross‐OriginJavaScriptCapabilityLeak.Onecontextleaksacapabilityreferencetoanothercontext,andthissecondcontextnowholdsanunbridledreferencetotheDOMobject.Thisisaverybadthing.

23

Page 24: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Let’sdiscusshowtohelpdetecttheseproblemsinanapplica9onusingourheapgraphanalysistool.

24

Page 25: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Thestatewewanttodetectiswhenanobjectfromonecontextholdsareferencetoanobjectinadifferentcontext.Oursolu9onistouseaheapgraphanalysistodynamicallymarktheJavaScriptcontextofallobjectsintheJavaScriptheapandtothroughanalertwhenthereisareferencebetweentwoobjectsindifferentcontexts.WemodifytheWebKitJavaScriptenginetoperformtheinstrumenta9onandanalysisforthistool.

25

Page 26: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

WeneededtoinstrumenttheWebKitJavaScriptenginewithcallstoourheapgraphanalysislibrary.Thesepointsareratherstraighhorward.Ratherthanpujngtheinstrumenta9onintheinterpreterandJIT,weplacedtheinstrumenta9onwithintheobjectsystemen9relysincethatiswhatwewereen9relyconcernedwith.Weplacedinstrumenta9onpointsatobjectcrea9on,objectdestruc9on,andthecrea9onofobjectreferences(alongwithseveralotherspecializedpoints).

26

Page 27: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Here’sangraphoftheemptypage.Becausewearetrackingallobjectsontheheap,atany9mewecandumpanimageoftheheapasaGraphvizgraph.Clearly,eventheemptypageisrathercomplex,andthesegraphsweremainlyusefulfor(a)debuggingourwork,and(b)reducedversionsareusefulforfindingexploits.

27

Page 28: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Thisistheheapgraphofgoogle.com.Clearly,morecomplicatedbutitturnsoutthatgoogle.comdoesn’thavethatmuchJavaScriptonitandevenreachesthislevelofcomplexity.

28

Page 29: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Thegraphscangetratherbigquickly.WhileevenGoogledoesn’tappearthatlarge,thingsquicklyexplodeonlargerpages,makinggraphsratherunwieldy.Thus,werealizedthatweneededtoautoma9callydetectviola9onsratherthanjustmanuallyexaminingheapgraphs.

29

Page 30: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

ThekeyinsighttofindingtheseexploitsishowtheJavaScriptcontextiscalculated.RememberthatJavaScriptcontextsaredefinedbytheglobalobjecttheyareassociatedwith.Whenanewcontextiscreated,severalthingsarebuilt,includingainstanceofaglobalobject,andaunique“objectprototype,”which,intheprototypeclasshierarchy,servesastheul9mateparentofallobjects.

30

Page 31: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Whenanewobjectiscreated,thereiseitheradirectorindirectpathtotheObjectPrototype.Thispathgoesthroughthespecial“__proto__”property.Thus,ouralgorithmtracksthecrea9onofnewcontexts,andevery9meanewobjectiscreated,checksthe__proto__property,lookingupthereferencedobject.Becausethecontextisdefinedbythetransi9veclosureof__proto__referencestotheobjectprototype,wecanassignthenewobjectthecontextof__proto__object.

Alongtheway,ifweeverycomeacrossareferencebetweentwoobjectsofdifferentcontexts(otherthanthe__proto__reference),wemarkitasapoten9alproblem.Ofcourse,therearesomeexcep9onstothis,suchastheglobalobject,asdiscussedearlier,andwewhitelistthese.

31

Page 32: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Wewereabletogeneratefairlygoodcoveragebyexecu9ngourtoolacrossalloftheWebKitregressiontests.Ofcourse,thisishardlyacompletetest,butweweresimplytryingtofindproof‐of‐conceptvulnerabili9es,notperformanexhaus9vesearchofallpossiblecross‐originreferences.

32

Page 33: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

This“zoomsin”ononeofthevulnerabili9eswefound.Here,theblackrepresentsanobjectfromsecuritycontext1whilethewhiterepresentsobjectsfromsecuritycontext2.Thisiswhatwepar9cularlywanttodetect…oneJavaScriptcontextreferencinganother.Despitethegraphsbeingsolarge,wecanperformthisreachabilityanalysisratherquickly.

Inthisexample,thevulnerabilityoccurredinWebKitbecauseitwaslazilycrea9ngtheloca9onobject.Iftheloca9onobjectwascreatedduringtheexecu9onofanothercontext(i.e.ifitbelongedtocontext1,butcontext2wasaccessingit),itwouldbecreatedwiththewrongObjectprototype.Thisisdangerousbecauseitallowstheobjecttoredefinethebehavioroffunc9ons,suchastoString,thatapplytoallObjectscreatedintheothercontext.Then,ifthatfunc9oniscalled,arbitraryJavaScriptwillbeexecuted.

33

Page 34: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Overall,inourtestsetup,wefound2vulnerabili9esinWebKitamongthe143testsran.Addi9onallywefoundthattheCrossSafecross‐domainJSONrequestlibraryhadanumberofvulnerabili9es.Inallcases,wewereabletodesignsubtleexploitsofthevulnerabili9esthatcreatedarbitrarycodeexecu9onintheothersecuritycontext.

34

Page 35: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Thegoodnewsisthatwehaveaproposaltopreventtheseproblemsinthefuture.

35

Page 36: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Herewehaveasmallviewofsomeoftheobjectsincurrentwebbrowsers.Forthemostpart,ifthereisaleakinthebrowserthatgivesanobjectfromcontexttoasecondcontext,thatcontextcanaccessthoseobjects.Yes,therearesomeexcep9ons,suchaswrappedobjectsinFirefox,butthosearehardlyexhaus9veandcannotcovercasesforwhichobjectsarenotexplicitlywrapped.

Inthispar9cularexample,func9onbar()inWindow2hasaccesstoWindow2’sdocumentobject(asitshould),butitalsoholdsareferencetothedocumentobjectofWindow1,whichitcannowaccess.

Oursolu9onistoaddanaccesscontrolchecktogetandputopera9onstomakeitlookmorelikethis…

36

Page 37: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

ThesecheckswillverifythattheJavaScriptcontextofthetwoobjectsinques9onmatch.Ifnot,theengineshouldrejecttheaccess.It’sasimpleideathathasbeenconsideredinthepast.Howeverpeoplehavebeenveryconcernedaboutitsperformance.Addi9onally,wehadconcernsini9allythatitwouldbedifficulttoassurethatallthatplacesthatneedtohaveaccesscontrolcheckswouldbeeasytofindandsuchanimplementa9onwouldbeerrorproneitself.Astotheimplementa9onconcerns,wediscoveredthattherearerela9velyfewplacesthatthisneedstobeactuallycalculated,andit’sfairlyclearwherethosepointsare.Addi9onally,inanon‐prototypeimplementa9on,theaccesscontrolcheckscouldbebuiltinasamorefundamentalandsimplemechanisminWebKit,therebyreducingthenumberofplacescheckswouldhavetobeexplicitlyplaced.

37

Page 38: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Theaccesscontroladdsnegligibleperformancehitstogeneralbenchmarks.Acrossallofthemajorindustrybenchmarks,ouraccesscontrolprototypeaddsnomorethan2%overheadtothebaseimplementa9on(+/‐error).

However,ifyouconsiderthatInthelastyearalonetherehasbeena300%performanceincreasetoWebKit,a2%hitstartstolookabitpaltry..

38

Page 39: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Wehypothesizedthatouraccesscontrolwasrela9velyfastbecauseoftheinlinecacheinthenewWebKitimplementa9on.Inshort,formostobjects,whenapropertyislookedupthefirst9me,itislookedupinahashtableandtheoffsetintothestructureisrecorded.Whenthatpar9cularpieceofcodeisaccessedagaininthefuture,Insteadofhashinginfuturelookups,thepropertyisaccessedbyjustgoingdirectlyintothestructurewiththerecordedoffset.Becauseoftheoffsetlookup,weknowthattheobjecthasaccesstothisobjectbecausethefirstlookupmadeanaccesscontrolcheck.However,wheneverapropertyisdeleted,thislookupsystemisforgoneandahashtablelookupisdone,makinganaccesscontrolcheckevery9me.

Inordertotestiftheinlinecacheiswhat’scausingthespeedup,wemademicro‐benchmarksforrepeatedlyreadingandwri9nganobjectproperty.Intwoofthebenchmarks,however,wedeletedapropertyfromtheobjectfirst,thusforcingthelookupstooccurinthehashtableratherthanthroughtheinlinecache.Asthechartclearlyshows,wheretheinlinecacheisused,thereishardlyano9ceableslowdown.However,whenthecacheisnotinuse,thereisa9‐10%slowdownintheaccesscontrolimplementa9on.

39

Page 40: Cross‐Origin JavaScript Capability Leaks Detecon: Detecon ... · In short, inside of web browsers, there are two different ways mechanisms for security. On the one hand, the

Inconclusion,wehaveintroducedanoveltoolusingheapgraphanalysistoaidusinfindinganewclassofvulnerabili9esinwebbrowsers,cross‐originJavaScriptcapabilityleaks.Addi9onally,thedamageofthesevulnerabili9escanbemi9gatedinthefuturebeimplemen9nganewaccesscontrolmechanisminthewebbrowser.

40


Restructuring and Cost Optimization - Detecon

Restructuring and Cost Optimization - Detecon

Documents
New Advances in Fingerprint Detecon: BlueCheck Fingerprint ...projects.nfstc.org/publicsafety/2011/pdf/BAD FILE T-Wurtz.pdf · New Advances in Fingerprint Detecon: BlueCheck Fingerprint

New Advances in Fingerprint Detecon: BlueCheck Fingerprint ...projects.nfstc.org/publicsafety/2011/pdf/BAD FILE T-Wurtz.pdf · New Advances in Fingerprint Detecon: BlueCheck Fingerprint

Documents
Detecon Study Costing System Maturity in Telecommunications Companies. Results of a Detecon Survey

Detecon Study Costing System Maturity in Telecommunications Companies. Results of a Detecon Survey

Documents
Detecon Opinion Paper Technical Cost Modelling: A practical guide

Detecon Opinion Paper Technical Cost Modelling: A practical guide

Documents
Detecon DMR blue Leading digital!

Detecon DMR blue Leading digital!

Documents
TRANSFORMATION = PEOPLEMANAGEMENT (DMR BLUE - DETECON - BEST PRACTICE)

TRANSFORMATION = PEOPLEMANAGEMENT (DMR BLUE - DETECON - BEST PRACTICE)

Business
Detecon - Organizational Energy Workshop

Detecon - Organizational Energy Workshop

Business
Detecon DMR Blue: Leading digital!

Detecon DMR Blue: Leading digital!

Documents
STUDIE - Detecon · 2019-10-17 · Studie „Digital Twin – Enabler für Ökosysteme von morgen“, welche die Managementberatung Detecon in Kooperation mit dem Cross-Business-Architecture

STUDIE - Detecon · 2019-10-17 · Studie „Digital Twin – Enabler für Ökosysteme von morgen“, welche die Managementberatung Detecon in Kooperation mit dem Cross-Business-Architecture

Documents
IPv4 address depletion: A CTO perspective (Detecon Executive Briefing)

IPv4 address depletion: A CTO perspective (Detecon Executive Briefing)

Documents
Detecon Policy Making Workshop

Detecon Policy Making Workshop

Technology
BMW Brilliance Automotive - Detecon

BMW Brilliance Automotive - Detecon

Documents
INTEGRAL BUSINESS @ DETECON

INTEGRAL BUSINESS @ DETECON

Business
Detecon Study

Detecon Study

Documents
Secure browsers

Secure browsers

Technology
Detecon Opinion Paper Architektur für ein zukunftsorientiertes Skill-Management

Detecon Opinion Paper Architektur für ein zukunftsorientiertes Skill-Management

Documents
ARTINALI: Dynamic Invariant Detecon for Cyber-Physical ...blogs.ubc.ca/karthik/files/2017/09/FSE17-slides.pdf · Dynamic Invariant Detecon for Cyber-Physical System Security Maryam

ARTINALI: Dynamic Invariant Detecon for Cyber-Physical ...blogs.ubc.ca/karthik/files/2017/09/FSE17-slides.pdf · Dynamic Invariant Detecon for Cyber-Physical System Security Maryam

Documents
Detecon - Innovation in Practice

Detecon - Innovation in Practice

Business
Detecon Studie "Digitalisierung und Internet of Things (IoT

Detecon Studie "Digitalisierung und Internet of Things (IoT

Documents
Detecon Opinion Paper P2P TV: a looming media revolution?

Detecon Opinion Paper P2P TV: a looming media revolution?

Documents
Simulate Browsers

Simulate Browsers

Technology
Smart Working / Future Work - Praxisbeispiel Detecon (Absolventenkongress 2014)

Smart Working / Future Work - Praxisbeispiel Detecon (Absolventenkongress 2014)

Business
DETECON Technical Final Report part1-1

DETECON Technical Final Report part1-1

Documents
Detecon casa annual function 2014 presentation 04 bjîrn menden

Detecon casa annual function 2014 presentation 04 bjîrn menden

Education
Network for the Detecon of Atmospheric Composion Change

Network for the Detecon of Atmospheric Composion Change

Documents
Detecon Workshop - Telco and OTT Partnerships

Detecon Workshop - Telco and OTT Partnerships

Technology
Document1 1 - Tripod.commaher.kamal.tripod.com/detecon.pdf · DETECON GmbH Postfach 2601 01 • 5300 Bonn 2 DETECON Deutsche Telepost Consulting GmbH Beteiligungsgesellschaft der

Document1 1 - Tripod.commaher.kamal.tripod.com/detecon.pdf · DETECON GmbH Postfach 2601 01 • 5300 Bonn 2 DETECON Deutsche Telepost Consulting GmbH Beteiligungsgesellschaft der

Documents
Browsers hector

Browsers hector

Education
Transformation, HR & Restructuring Best-Practice - DMR Blue Special - Detecon

Transformation, HR & Restructuring Best-Practice - DMR Blue Special - Detecon

Business
Future work@detecon teaser 2016 incl. references

Future work@detecon teaser 2016 incl. references

Business