39 Hits in 3.7 sec

Reining in the Web's Inconsistencies with Site Policy

Stefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock
2020 Zenodo  
In this paper, we formalize inconsistencies for cookie security attributes, CSP, and HSTS, and then quantify the magnitude and impact of inconsistencies at scale by crawling 15,000 popular sites.  ...  We then use our data to analyse to which extent the recent Origin Policy proposal can fix the problem of inconsistencies.  ...  [27] relied on automated CSP generation through observed scripts to assess the dangers of gadget-enabling libraries that are co-hosted with benign, required JavaScript.  ... 
doi:10.5281/zenodo.4312470 fatcat:vrvekaqimzhyrjijpd7nojm6tm

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers [article]

Sajjad Arshad
2020 arXiv   pre-print
The URL may not correspond to an actual server-side file system structure at all, or the web server may internally rewrite parts of the URL.  ...  On the other hand, even tough extensions provide useful additional functionality for web browsers, they are also an increasingly popular vector for attacks.  ...  12] , large-scale detection of DOM-based XSS [68, 76] , and bypassing XSS mitigations by Script Gadgets [67, 66] .  ... 
arXiv:2001.03643v1 fatcat:gl5zp7vamfaqfhn4qenui6q55q

Survey of new attack models on Cloud Infrastructure

Har Preet Singh
2018 International Journal Of Engineering And Computer Science  
In this paper we will discuss about the different kind of attacks and solution on cloud services  ...  It is Internet driven technology, which gives pool of resources such as Storage , Network , Application on demand basis.  ...  Content Security Policy (CSP) -restricts which scripts can be run or loaded on a Web page.  ... 
doi:10.18535/ijecs/v7i3.15 fatcat:jkrspfp32fhivdpdcwd347iqvi

Large-Scale Analysis of Style Injection by Relative Path Overwrite

Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, William Robertson
2018 Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW '18  
Our work shows that around 9% of the sites in the Alexa Top 10,000 contain at least one vulnerable page, out of which more than one third can be exploited.  ...  In this paper, we present the first large-scale study of the Web to measure the prevalence and significance of style injection using RPO.  ...  ACKNOWLEDGMENTS This work was supported by the National Science Foundation (NSF) under grant CNS-1703454 award, and Secure Business Austria.  ... 
doi:10.1145/3178876.3186090 dblp:conf/www/ArshadMLCKR18 fatcat:ul6grhiscnampjwiopba6kffse

IJMLNCE Editorial Note Volume No 03, Issue No 04

Shivani Agarwal, Manju Khari, Prakash Singh Tanwar
2020 International Journal of Machine Learning and Networked Collaborative Engineering  
This survey examines the published resources and studies, examines available concerns laterally with existing countermeasures to assess the complete assertion level of security of the cloud.  ...  The First research article authored by Priyanka and Manju Khari has written their article on the title "A Survey of Cloud Computing Security Issues."  ...  The integration of these technology trends in the public sector is the elixir for infinite issues such as lack of resources and allocation of the public spending on buying new tools for the business continuation  ... 
doi:10.30991/ijmlnce.2019v03i04 fatcat:bmorqooalrarvks6wj6v46sxh4

Towards Improving the Usability and Security of Web Single Sign-On Systems

San-Tsai Sun
2013 Zenodo  
The formal analysis identified three weaknesses in the protocol, and based on the attack traces from the model checking engine, six exploits and a semiautomated vulnerability assessment tool were designed  ...  Aimed at filling these knowledge gaps, we conducted several studies to further the understanding and improvements of the usability and security of these two mainstream web SSO solutions.  ...  and the complexity of XML parsing, signing and validation, make it difficult to scale to the Internet at large.  ... 
doi:10.5281/zenodo.3264671 fatcat:iorqjr7rmnevfp2opa7uvv3qpq

Journal of Computer Science IJCSIS June 2021 Full Volume

2021 Zenodo  
The International Journal of Computer Science and Information Security (IJCSIS) is one of the leading open access publisher, with hundreds of papers published each year related to different areas ranging  ...  The core vision of IJCSIS is to promote knowledge and technology advancement for the benefit of academia, professional research communities and industry practitioners.  ...  The study aimed at examining the impact e-commerce adoption has on SMEs Operators performance. The study employed the use of a quantitative research approach.  ... 
doi:10.5281/zenodo.5556913 fatcat:yineojxcujg4jnvqt6i742dhii

Understanding emerging client-Side web vulnerabilities using dynamic program analysis [article]

Marius Steffens, Universität Des Saarlandes
At the same time, new vulnerabilities keep being uncovered, for which we mostly rely on manual analysis of security experts.  ...  Unfortunately, such manual efforts do not scale to the problem space at hand.  ...  Not only is it necessary for many sites to add required hosts or sites to their CSP, but at the same time, a site operator regularly has to assess if their CSP is not too overly permissive, and remove  ... 
doi:10.22028/d291-34462 fatcat:t3sgni5r6zefnozf5m2vzouwyi

Artificial Intelligence and Robotics [article]

Javier Andreu Perez, Fani Deligianni, Daniele Ravi, Guang-Zhong Yang
2018 arXiv   pre-print
To understand the impact of AI, it is important to draw lessons from it's past successes and failures and this white paper provides a comprehensive explanation of the evolution of AI, its current status  ...  The recent successes of AI have captured the wildest imagination of both the scientific communities and the general public.  ...  effort needs to be invested on assessing the economic impact and understanding how to maximise the benefits of these technologies while mitigating adverse effects. • The government needs to tangibly support  ... 
arXiv:1803.10813v1 fatcat:p2czbmak4jcyxbtncqfqlkxtma

State-of-the-Art Review on IoT Threats and Attacks: Taxonomy, Challenges and Solutions

Ritika Raj Krishna, Aanchal Priyadarshini, Amitkumar V. Jha, Bhargav Appasani, Avireni Srinivasulu, Nicu Bizon
2021 Sustainability  
In addition, the impact of different threats and attacks along with their detection, mitigation, and prevention are comprehensively presented.  ...  It is known that almost 98% of IoT traffic is not encrypted, exposing confidential and personal information on the network.  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/su13169463 doaj:44db3364484545048c70058a0a459fd4 fatcat:f5ruitiqprhxlfnx4iiwcf67ju

Reining in the Web's Inconsistencies with Site Policy

Stefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock
2021 Proceedings 2021 Network and Distributed System Security Symposium   unpublished
In this paper, we formalize inconsistencies for cookie security attributes, CSP, and HSTS, and then quantify the magnitude and impact of inconsistencies at scale by crawling 15,000 popular sites.  ...  In particular, we show that inconsistencies might harm the expected guarantees of cookies activating specific security attributes, introduce CSP loopholes enabling script injection on apparently secure  ...  ACKNOWLEDGMENTS We would like to thank the reviewers for their advice on how to improve the presentation of our paper. In particular, we thank Adam Doupé for shepherding our paper.  ... 
doi:10.14722/ndss.2021.23091 fatcat:g6qo5ajst5aqtovpa4mffsndvy

Conflict Detection and Resolution in IoT Systems: A Survey

Pavana Pradeep, Krishna Kant
2022 IoT  
We also highlight the significance of detecting/resolving conflicts proactively, i.e., dynamically but with a look-ahead into the future based on the context.  ...  that interact with one another and share concurrent access to the devices.  ...  Conflicts of Interest: The authors declare no conflicts of interest.  ... 
doi:10.3390/iot3010012 fatcat:2xobygknerbxbfal27vmghsbyy

Investigations for the improvement of the Cyber Security using Cloud Computing methods and Architecture

Dr. Sai Manoj Kudavaralli
2021 Zenodo  
Investigations for the improvement of the Cyber Security using Cloud Computing methods and Architecture: D.Sc. Thesis  ...  The assessment result implies the parallel procedure utilized to store and recuperate the gigantic scale NetCDF gainfully.  ...  CSP developers, a highly scaled and elastic computing infrastructure that is used to run applications.  ... 
doi:10.5281/zenodo.5148421 fatcat:lzanqvxdlre2dh3hdhjxibdrim

Evil Offspring - Ransomware and Crypto Technology

Hilarie Orman
2016 IEEE Internet Computing  
First, it keeps software packages simple; each package solves one type of physics on a limited scale. Second, it couples the packages at a higher level.  ...  We can only hope that the designers of these gadgets realize their vulnerabilities and make sure that any essential data the gadgets hold is backed up with guards on the data's integrity and that it can  ...  The incumbent will augment the department's emphases in at least one of the following areas: cloud computing, particularly secure cloud computing; mobile computing, particularly secure mobile computing  ... 
doi:10.1109/mic.2016.90 fatcat:v5zmzx7qrba5dkqxweoo3ifvry

The impact of software engineering research on modern progamming languages

Barbara G. Ryder, Mary Lou Soffa, Margaret Burnett
2005 ACM Transactions on Software Engineering and Methodology  
Each of these papers is being published in ACM TOSEM. Additional information about the project can be found at Pages 431-477. • B. G.  ...  Using this approach, this study provides evidence of the impact of software engineering research on modern programming language design and documents the close relationship between these two fields.  ...  We also wish to thank the other members of the IMPACT Project team for their support of our research. Finally, we thank the anonymous reviewers for their helpful comments.  ... 
doi:10.1145/1101815.1101818 fatcat:es7r5vkwbngjflyk37ekwzbdwi
« Previous Showing results 1 — 15 out of 39 results