HTTP-Request-Based Identification

Táto bakalářska práce sa zabýva identifikací pomocí požadavků HTTP v siťovém provoze. Je zde vysvětlen pricip komunikace HTTP a identifikace v daném protokole. Taktéž je vytvořen návrh aplikace, která identifikuje webový porhlížeč a následně je tato aplikace implementována. Aplikace je navržena jako samostatný modul, který je možné zařadit do projektů Moderní prostředky pro boj s kybernetickou kriminalitou na Internetu nové generace. Poté jsou provedeny experimenty s daným nástrojem pro ověření funkčnosti a užitečnosti nastroje.This bachelor thesis deals with the identification using HTTP requests in network traffic. It explains principles of HTTP communications and identification. Additionally the application design is created, which identifies web browser and then this application is implemented. The application is designed as a separate module which can be integrated into projects Moderní prostředky pro boj s kybernetickou kriminalitou na Internetu nové generace. Then are executed experiments with that tool to verify the functionality and utility of this tool.

Towards Soft Circuit Breaking in Service Meshes via Application-agnostic Caching

Service meshes factor out code dealing with inter-micro-service communication, such as circuit breaking. Circuit breaking actuation is currently limited to an "on/off" switch, i.e., a tripped circuit breaker will return an application-level error indicating service unavailability to the calling micro-service. This paper proposes a soft circuit breaker actuator, which returns cached data instead of an error. The overall resilience of a cloud application is improved if constituent micro-services return stale data, instead of no data at all. While caching is widely employed for serving web service traffic, its usage in inter-micro-service communication is lacking. Micro-services responses are highly dynamic, which requires carefully choosing adaptive time-to-life caching algorithms. We evaluate our approach through two experiments. First, we quantify the trade-off between traffic reduction and data staleness using a purpose-build service, thereby identifying algorithm configurations that keep data staleness at about 3% or less while reducing network load by up to 30%. Second, we quantify the network load reduction with the micro-service benchmark by Google Cloud called Hipster Shop. Our approach results in caching of about 80% of requests. Results show the feasibility and efficiency of our approach, which encourages implementing caching as a circuit breaking actuator in service meshes

Rotten Cellar: Security and Privacy of the Browser Cache Revisited

Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and allow Web pages to load faster. Content such as scripts, images, and style sheets, which are static most of the time or shared across multiple websites, are stored and loaded locally when recurring requests ask for cached resources. This behaviour can be exploited if the cache is based on a naive implementation. This paper summarises possible attacks on the browser cache and shows through extensive experiments that even modern web browsers still do not provide enough safeguards to protect their users. Moreover, the available built-in as well as addable cache controls offer rather limited functionality in terms of protection and ease of use. Due to the volatile and inhomogeneous APIs for controlling the cache in modern browsers, the development of enhanced user-centric cache controls remains -until further notice- in the hands of browser manufacturers

Erweiterbares Monitoring Backend für OpenTOSCA

Bei der Provisionierung von Cloud-Anwendungen laufen oft langwierige und komplexe Prozesse ab. Im Rahmen der TOSCA-Laufzeitumgebung OpenTOSCA wurde in einem Vorprojekt ein System entwickelt, um während dieser Prozesse Ereignisse zu erfassen und abrufbar zu machen. Dieses Monitoring Backend hat jedoch einige Schwachstellen, welche die Wartbarkeit und Erweiterbarkeit erschweren. In dieser Arbeit werden die Anforderungen an ein generisches, erweiterbares Monitoring Backend identifiziert, ein Entwurf für eine REST-Schnittstelle sowie die Speicherung ausgearbeitet, dieser Entwurf implementiert und letztlich eine Erweiterung für die OpenTOSCA-Laufzeitumgebung entworfen und implementiert

Equivalence classes for named function networking

Named Function Networking (NFN) is a generalization of Content-Centric Networking (CCN) and Named Data Networking (NDN). Beyond mere content retrieval, NFN enables to ask for results of computations. Names are not just content identifiers but λ-expressions that allow an arbitrary composition of function calls and data accesses. λ-expressions are pure and deterministic. In other words, they do not have side effects and they always yield the same result. Both properties together are known to as referential transparency. Referentially transparent functions can be evaluated individually no matter where and in what order, e.g. geographically distributed and concurrently. This simplifies the distribution of computations in a network, an attractive feature in times of rising needs for edge computing. However, NFN is affected by a lacking awareness for referentially opaque expressions that are characterized by having changing results or side effects, i.e. expressions that depend on outer conditions or modify outer states. The fundamental motivation of this thesis is to retrofit NFN with a clearer notion of referentially opaque expressions. They are indispensable not only to many common use cases such as e-mail and database applications, but also to network technologies such as software defined networking. We observed that many protocol decisions are based on expression matching, i.e. the search for equivalent expressions. Driven by this observation, this thesis explores possibilities to adapt the determination of equivalences in dependence of crucial expression properties such as their ability for aggregation, concurrent evaluation or permanently cacheable results. This exploration results in a comprehensive set of equivalence classes that is used for explicit attribution of expressions, leading to a system that is aware of the true nature of handled expressions. Moreover, we deliver a solution to support referentially opaque expressions and mutable states in an architecture that bases upon uniquely named and immutable data packets. Altogether, the findings condense to an extended execution model. It summarizes how the attribution of expressions with equivalence classes influences specific protocol decisions in order to support referentially transparent as well as referentially opaque expressions. We believe that our approach captivates due to its generality and extensibility. Equivalence classes depend upon universal properties. Therefore, our approach is not bound to a specific elaboration like NFN. We evaluate the applicability of our approach in a few application scenarios. Overall, the proposed solutions and concepts are an important contribution towards name-based distributed computations in information-centric networks

Desarrollo de una aplicación web de alquiler de espacios y red social para compartir pisos: Back-End

Este documento contiene la memoria del proyecto final de carrera. El objetivo de este proyecto es la creación de una aplicación web para que cualquier persona pueda publicar, alquilar o compartir espacios. Para cumplir con esta meta se ha realizado una especificación de requisitos, y a partir de ésta el análisis y diseño de la aplicación. A continuación se ha llevado a cabo una primera implementación, la cual se ha evaluado mediante una serie de pruebas específicas. En cada una de estas etapas, cuando se detecta un error o una posible mejora, se revisa la etapa correspondiente, volviendo a repetir el proceso hasta llegar al producto esperado.Escriche Izquierdo, C. (2013). Desarrollo de una aplicación web de alquiler de espacios y red social para compartir pisos: Back-End. http://hdl.handle.net/10251/31738.Archivo delegad