Author Archives: @ndreah

JAVASCRIPT EXECUTION LIMITS IN THE WEB BROWSER

When we ask the visualization of a web page in the browser, it could shows you:

Warning: Unresponsive script" prompt that says "A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete."

It means that a script takes too long to run and the browser doesn’t accept it.

A consequence of it is that the user interaction with the browser and web page is stopped.

The browser UI and JavaScript code share a single processing thread. Every event is added to a single queue. When the browser becomes idle, it retrieves the next event on the queue and executes it.

In reality, browsers starts a new OS process for every tab. However, there is still a single event queue per viewed page and only one task can be completed at a time. This is necessary for rendering the web page and for the user interaction with the web page in the browser.

To test the speed and limit of web browser in the execution of the JavaScript code we are going to use a heavy processing algorithm for generation of combinations without repetitions.

DONALD KNUTH’S ALGORITHM FOR GENERATION OF COMBINATIONS WITHOUT REPETITIONS

The number of combinations of n things, taken k at a time are exactly:

We can think these n things as an ordered collection of objects and we can use binary notation to discover combinations.

For example, we take a set of five letter: {A,B,C,D,E} and we want to list the combinations of 2 letter from this set without repetitions. Using the formula above the number of combinations is 10.

We consider this set as an ordered set: A<B<C<D<E and we use the binary notation to represent it where

0 means the letter is not in the combination and 1 means the letter is in the combination.

We know that the number of all subsets is = 32 > 5, while we have to select of these subsets only those that have a number of elements equal to 2.

Considering the set as an ordered set {A,B,C,D,E} and using the binary notation, the list of all subsets of this set are:

Only good binary representations are used to generate good combinations.

Here it is a combination tool.

A program in JavaScript to codify the algorithm could be:

//--------------------------------------------------------------------
function GenerateCombinations()
	{
	  var Answer_Head = "<table border='1' >";
	  var Answer_Body = "";
	  var Answer_Tail = "</table>";
	  var ErrorCode = 0;
	  var ErrorMsg  = "";

	  var nCombSize = 0;
	  var BaseComb  = new Array();
	  var iBaseComb = 0;
	  var CodeComb  = 0;
	  var CombList  = new Array(); 
	  var ACombItem = "";  
	  var BinaryNumber       = new Array();
	  var BinaryStringNumber = "";
	  var NProgres           = 0;
	  var RNProgres          = 0;
          var NFilter            = 0;
   
          var Start = Date.now(); 
	  var End = Date.now();
	  var Elapsed = End - Start // time in ms	
	  var cElapsed = Elapsed.toString();
		    
	  
// AREA INTELLIGENCE 
	  
  // Clear Area
  window.document.getElementById("i_BackMsg").innerHTML  = "" ;
  window.document.getElementById("i_Answer").innerHTML   = ""
	     
	
// Check Input Data
  if ( isNaN( window.document.getElementById("iN").value) ) {  
        ErrorCode = 1;
       ErroMsg   = "Attention !!! The Combination Size must be a number."; 
	 }	 
else {
     if (window.document.getElementById("iN").value == 0 || 
         window.document.getElementById("iN").value == "" ) {
    	 ErrorCode = 11;
    	 ErroMsg = "Attention !!! The Combination Size must be a value more then zero."; 
          }
        else
        {
           if (window.document.getElementById("iN").value >= 20 ) {
              ErrorCode = 11;
              ErroMsg   = "Attention !!! The Combination Size must less then 20.";
            }
	    else
	    {             	           
	      nCombSize = window.document.getElementById("iN").value ;
	    };           
	};      
	};

// Show Msg  
  if ( ErrorCode > 0 ) {  	       window.document.getElementById("i_BackMsg").innerHTML =ErroMsg+"<br/>" ;	  
return;
 } 
  else
 {
  window.document.getElementById("i_BackMsg").innerHTML ="OK!" ;
 };
	  
    
    
// Check Elements
  iBaseComb = 0;
        
  if ( !(window.document.getElementById("i_e01").value == "" || 
       window.document.getElementById("i_e01").value == "0" )) {          
              BaseComb[iBaseComb]=window.document.getElementById("i_e01").value;
              iBaseComb++;
  };      
          
         
   < .... >
          
        
if ( !(window.document.getElementById("i_e20").value == "" || 
      window.document.getElementById("i_e20").value == "0" )) {          
              BaseComb[iBaseComb]=window.document.getElementById("i_e20").value;
              iBaseComb++;
        };      


     
       if ( iBaseComb == 0 || iBaseComb <= nCombSize )  {     
    	   ErrorCode = 11;
    	   ErroMsg = "Attention !!! The Elements must not be equal to or more than the combination size.";	   
       };
       
  	  // Show Msg  
    	  if ( ErrorCode > 0 ) {
    	     window.document.getElementById("i_BackMsg").innerHTML =ErroMsg+"<br/>" ;	  
    	     return;
    	  } 
    	  else
    	  {
    	      window.document.getElementById("i_BackMsg").innerHTML = "" ;
    	  };       
     
     
    // Combination Code
       CodeComb=0;
       for (j=0;j<=iBaseComb-1;j++){
           CodeComb+= Math.pow(2,j);
       }; 
               
	// Combination Generator
          CombList  = new Array(iBaseComb); 
       
       for (y=0;y<=CombList.length-1;y++){
          CombList[y]="0"
       };
       RNProgress = 0;
       NProgres   = 0;
       for (k=0;k<=(CodeComb); k++) {
         
            BinaryNumber = DecimalToBinary(k, iBaseComb);
         
                                 
            if ( IsAGoodCombination (BinaryNumber, nCombSize ) ) {
                    
                  for (y=0;y<=CombList.length-1;y++){
                       CombList[y]="0";
                   };                    
                      
                   // Make the combination       
                   for (x=0;x<=BinaryNumber.length-1;x++){                   
                        
                         if (BinaryNumber[x]=="1"){
                            CombList[x]=BaseComb[x];                                             
                         };                         
                                     
                      };
                      
                     CombList.sort(function(a,b){return a - b});
                      
                     NProgres++;
                     
                      
                     ACombItem="";        					  
        for (j=0;j<CombList.length;j++){
			 		     
	    if (CombList[j]!="0"){						  
               ACombItem=ACombItem+CombList[j]+" ";                                             
             };                         
	};
                     window.document.getElementById("i_Answer").innerHTML+=NProgres.toString()+" - ";
 window.document.getElementById("i_Answer").innerHTML+=ACombItem+"<br />";
      };         
 };       
 window.document.getElementById("i_Answer").innerHTML+=Answer_Tail+"<br /><br />";
 End = Date.now();
 Elapsed = End - Start // time in milliseconds		
 cElapsed = Elapsed.toString();
 window.document.getElementById("i_Time").innerHTML="Time Elapsed: "+cElapsed+" ms";
 return ;
}
	
//--------------------------------------------------------------------
function DecimalToBinary (iDecNumber, iSize){
  
 // Section Data Structure
    answer = new Array(iSize);
    n10  = iDecNumber;
    x2   = iDecNumber;
    log2 = 0;
 // Section Initialization 
    for (j=0; j<=answer.length-1;j++){
         answer[j]="0";
    };          
// Section Intelligence      
    while (x2>=2) {
          x2=x2/2;
          log2++;     
    };
     for (l2=log2;l2>=0;l2--) {
       power = Math.pow(2,l2);
       if (n10 >= power) {
           answer[l2]="1";
           n10 = n10 - power;
       }
       else {
           answer[l2]="0";
       };      
     };     
     answer.reverse();     
     return answer     
  }
	
//--------------------------------------------------------------------
	
function IsAGoodCombination ( iBRNumber, iCombSize ) {        
    var NumberOfOne = 0 ;
    for (j=0;j<=iBRNumber.length-1;j++) {        
        if (iBRNumber[j]=="1") {          
          NumberOfOne++;          
          if ( NumberOfOne >  iCombSize ) {
             break;
          };
        };     
    };    
    if ( NumberOfOne == iCombSize ) {
       return true; 
    }   
    else {
       return false;   
    };
  }  
//--------------------------------------------------------------------

WEB APPLICATION CLIENT-SIDE JAVASCRIPT PERFORMANCE

The results of using as benchmark the JavaScript program previously described are the following ones.

How we can see from the tables and graphs above SpiderMonkey Engine in this test result the winner.

Only in the increase of execution time for high number of combinations it is not the best.

REFERENCES

[01] Donald E. Knuth, The Art of Computer Programming Volume 4 Generating All Combinations and Partitions Fascicle 3, July 2005;

[02] JavaScript Execution and Browser Limits https://www.sitepoint.com/javascript-execution-browser-limits/ ;

[03] Web Browser http://www.volucer.it/?p=143

1 Comment

Just some personal notes and thoughts about a different approach to cybersecurity defense system.

In the cyberspace the scenario in which every day an Information System (IS) lives is more or less this one:

  1. It could have a cyberattack by bad guys/organizations;
  2. If the cyberattack has success the Information System could be compromised in a hide or manifest way;
  3. If we realize that the Information System is compromised, we start the security crisis management;
  4. After the incident management we analyze what happened and try to harden more the defense system.    

Cybersecurity attacks

The cyberspace is not a secure world you can be the target of many types of attacks, for example we can have:

  • Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks;
  • Man-in-the-middle (MitM) attack;
  • Drive-by attack;
  • Password attack;
  • SQL injection attack;
  • Cross-site scripting (XSS) attack;
  • Eavesdropping attack;
  • Birthday attack;
  • Malware attack;
  • Phishing and spear phishing attacks;
  • And so on.

Cybersecurity HIDE incident

If the attack has been success but we don’t have any idea about what’s going on. This is the worse situation in which we can be. No one alerts us about it. The question is: where is my high defense system? In this situation only a very smart and good monitor system can detect that my system is compromised and where is the problem.

Cybersecurity manifest incident

If the attack has been success and we realize that our information system is compromised we can only face and manage the incident, which could be:

  • A Data leakage of any type: mails, photos, credit card data, sensitive personal data and so on;
  • A Crashed web sites;
  • A Breached networks;
  • A Denials of service;
  • A Hacked devices;
  • A Organizations’ decrease of reputation by leakage of information or successful cyberattack with huge economic loss;
  • A Personal loss of reputation;
  • And so on

Post-incident analysis

In this phase it occurs to assess the causes and to analyze the company’s crisis management capabilities in order to eliminate deficiencies in the cyber defense system to improve its resilience.

First Line of defense model

But what is the first line of defense model? As we can see in schema is the monitor system. It is very important and its role is crucial and fundamental. Every slice of second it has to tell us:

  • First of all I’m good I’m working well, I’m not compromised;
  • the IS is not under attack;
  • the IS is working according the specifications and it is not compromised.

or:

  • The IS is under attack but it is not compromised and I immediately inform the emergency team to stop it.
  • The system is compromised I didn’t detect the intrusion but I realize that the attack had success we need to recovery. This is the worse situation but the monitor immediately alert system advises about it in order to contain the damage.

Or:

Anyone of the above sentence is a fake news. This means the monitoring system does work well. In this case we are in the very bad situation that we need to minimize by increasing and improving the capabilities and intelligence of control and auditing every days of monitor system.

But what does the monitor mean?

Monitor means to check, to verify that everything is working according the rules and specifications.

The monitoring activity should be at different levels:

  • Network level that is packet analysis and so on;
  • Operating system level;
  • Application Level;
  • User behavior;

and it should  analyze, combine and correlate events at different levels for a better control of IS. I think we can have the last defense technology but without a very smart monitor working 24/7 on the information system we don’t have a good cyber security system.

The PHP Server Engine Architecture

PHP is a recursive acronym that stands for “PHP Hypertext Preprocessor” (though it originally stood for “Personal Home Page” in 1995). It allows embedding code within HTML templates, using a language similar to Perl and Unix shells.

It is parsed and executed by the Zend Engine on the server side.

PHP Web Server
Figure 1 - PHP Web Server Architecture

Zend refers to the language engine, PHP's core. “The Zend Engine is an open source scripting engine opcode-based: (a Virtual Machine), commonly known for the important role it plays in the web automation language PHP. It was originally developed by Andi Gutmans and Zeev Suraski while they were students at the Technion - Israel Institute of Technology. They later founded a company called Zend Technologies in Ramat Gan, Israel. The name Zend is a combination of their forenames, Zeev and Andi.”1

Now we are going to explain the most important modules of PHP web server shown in Figure 1.

External modules can be loaded from the disk at script runtime using the function “bool dl (string $library)”. After the script is terminated, the external module is discarded from memory.

Built-in modules are compiled directly into PHP and carried around with every PHP process; their functionality is available to every script that's being run.

Memory Management: Zend gets full control over all memory allocations in fact it determines whether a block is in use, automatically freeing unused blocks and blocks with lost references, and thus prevent memory leaks.

Zend Executor: Zend Engine compiles the PHP Code in the intermediate code Opcode which is executed by the Zend Executor which converts it to machine language.

 

How PHP Server Engine works

A PHP script is executed by walking it through the following steps:

  1. The script is run through a lexical analyzer to convert the human-readable code into tokens. These tokens are then passed to the parser.

  1. The parser parses, manipulates and optimizes the stream of tokens passed to it from the lexical analyzer and generates an intermediate code called opcodes2 that runs on the Zend Engine. This two steps which represents the compilation phase are provided by the Run-Time Compiler module as shown in Figure 1.

  2. After the intermediate code is generated, it is passed to the Executor. The executor steps through the op array, using a function for each opcode and HTML is generated for the same.

  3. This generated HTML is sent to client, if the web browser supports compressed web pages the HTML is encoded using gzip or deflate before sending.

  4. This opcode is flushed from memory after execution.

Here it is the modern working flow using of cached to improve speed of PHP processing:

2 This intermediate code (opcodes ) is an ordered array of instructions (known as opcodesshort for operation code) that are basically three-address code: two operands for the inputs, a third operand for the result, plus the handler that will process the operands. The operands are either constants or an offset to a temporary variable, which is effectively a register in the Zend virtual machine.

Zend Processing
Figure 2 -Zend Processing

 

An easy example

Let’s consider the following PHP document (.php) in order to understand what happens:

<html>

<head>

<title>Party List</title>

</head>

<body>

<?php
$guest[00]=”Irma”;
$guest[01]=”Salvatore”;
$guest[02]=”Caterina”;
$guest[03]=”Simone”;
?>
<p> The list of participants to the event is: </p>
<ol>
<?php
Foreach ($aGuest as $Guest) {
Echo “<li>”.$aGuest.”</li>;
};
?>
</ol>
</body>
</html>

PHP document of input

The .php file is pre-processed by the server considering the text embedded within “<?php ?>” blocks as PHP syntax, while text outside these blocks as arguments passed to “print” statements. The resulting output file of pre-processing phase is the following file.

Print “<html>”;
Print “<head>”;
Print “<title>Party List</title>”;
Print “</head>”;
Print “<body>”;
$guest[00]=”Irma”;
$guest[01]=”Salvatore”;
$guest[02]=”Caterina”;
$guest[03]=”Simone”;
Print “<p> The list of participants to the event is: </p>”;
Print “<ol>”;
Foreach ($aGuest as $Guest) {
Echo “<li>”.$aGuest.”</li>;
};
Print </ol>”;
Print “</body>”;
Print “</html>”;

PHP document after pre-processing

Then the file above is processed by PHP processor (Zend Engine) generating the following HTML document which is sent back to the user agent:

<html>
<head>
<title>Party List</title>
</head>
<body>
<p> The list of participants to the event is: </p>
<ol>
<li>Irma</li>
<li>Salvatore</li>
<li>Caterina</li>
<li>Simone</li>
</ol>
</body>
</html>

PHP document after Zend Engine Processing