71,225 research outputs found
Modeling and Testing Implementations of Protocols with Complex Messages
This paper presents a new language called APSL for formally describing
protocols to facilitate automated testing. Many real world communication
protocols exchange messages whose structures are not trivial, e.g. they may
consist of multiple and nested fields, some could be optional, and some may
have values that depend on other fields. To properly test implementations of
such a protocol, it is not sufficient to only explore different orders of
sending and receiving messages. We also need to investigate if the
implementation indeed produces correctly formatted messages, and if it responds
correctly when it receives different variations of every message type. APSL's
main contribution is its sublanguage that is expressive enough to describe
complex message formats, both text-based and binary. As an example, this paper
also presents a case study where APSL is used to model and test a subset of
Courier IMAP email server
FilteredWeb: A Framework for the Automated Search-Based Discovery of Blocked URLs
Various methods have been proposed for creating and maintaining lists of
potentially filtered URLs to allow for measurement of ongoing internet
censorship around the world. Whilst testing a known resource for evidence of
filtering can be relatively simple, given appropriate vantage points,
discovering previously unknown filtered web resources remains an open
challenge.
We present a new framework for automating the process of discovering filtered
resources through the use of adaptive queries to well-known search engines. Our
system applies information retrieval algorithms to isolate characteristic
linguistic patterns in known filtered web pages; these are then used as the
basis for web search queries. The results of these queries are then checked for
evidence of filtering, and newly discovered filtered resources are fed back
into the system to detect further filtered content.
Our implementation of this framework, applied to China as a case study, shows
that this approach is demonstrably effective at detecting significant numbers
of previously unknown filtered web pages, making a significant contribution to
the ongoing detection of internet filtering as it develops.
Our tool is currently deployed and has been used to discover 1355 domains
that are poisoned within China as of Feb 2017 - 30 times more than are
contained in the most widely-used public filter list. Of these, 759 are outside
of the Alexa Top 1000 domains list, demonstrating the capability of this
framework to find more obscure filtered content. Further, our initial analysis
of filtered URLs, and the search terms that were used to discover them, gives
further insight into the nature of the content currently being blocked in
China.Comment: To appear in "Network Traffic Measurement and Analysis Conference
2017" (TMA2017
A Brief History of Web Crawlers
Web crawlers visit internet applications, collect data, and learn about new
web pages from visited pages. Web crawlers have a long and interesting history.
Early web crawlers collected statistics about the web. In addition to
collecting statistics about the web and indexing the applications for search
engines, modern crawlers can be used to perform accessibility and vulnerability
checks on the application. Quick expansion of the web, and the complexity added
to web applications have made the process of crawling a very challenging one.
Throughout the history of web crawling many researchers and industrial groups
addressed different issues and challenges that web crawlers face. Different
solutions have been proposed to reduce the time and cost of crawling.
Performing an exhaustive crawl is a challenging question. Additionally
capturing the model of a modern web application and extracting data from it
automatically is another open question. What follows is a brief history of
different technique and algorithms used from the early days of crawling up to
the recent days. We introduce criteria to evaluate the relative performance of
web crawlers. Based on these criteria we plot the evolution of web crawlers and
compare their performanc
Analyzing Android Browser Apps for file:// Vulnerabilities
Securing browsers in mobile devices is very challenging, because these
browser apps usually provide browsing services to other apps in the same
device. A malicious app installed in a device can potentially obtain sensitive
information through a browser app. In this paper, we identify four types of
attacks in Android, collectively known as FileCross, that exploits the
vulnerable file:// to obtain users' private files, such as cookies, bookmarks,
and browsing histories. We design an automated system to dynamically test 115
browser apps collected from Google Play and find that 64 of them are vulnerable
to the attacks. Among them are the popular Firefox, Baidu and Maxthon browsers,
and the more application-specific ones, including UC Browser HD for tablet
users, Wikipedia Browser, and Kids Safe Browser. A detailed analysis of these
browsers further shows that 26 browsers (23%) expose their browsing interfaces
unintentionally. In response to our reports, the developers concerned promptly
patched their browsers by forbidding file:// access to private file zones,
disabling JavaScript execution in file:// URLs, or even blocking external
file:// URLs. We employ the same system to validate the ten patches received
from the developers and find one still failing to block the vulnerability.Comment: The paper has been accepted by ISC'14 as a regular paper (see
https://daoyuan14.github.io/). This is a Technical Report version for
referenc
A survey of UK university web management: staffing, systems and issues
Purpose:
The purpose of the paper is to summarize the findings of a survey of UK universities about how their web site is managed and resourced, which technologies are in use and what are seen as the main issues and priorities.
Methodology/approach:
The paper is based on a web based questionnaire distributed in summer 2006, and which received 104 usable responses from 87 insitutions.
Findings:
The survey showed that some web teams were based in IT and some in external relations, yet in both cases the site typically served internal and external audiences. The role of web manager is partly management of resources, time and people, partly about marketing and liaison and partly also concerned with more technical aspects including interface design and HTML. But it is a diverse role with a wide spread of responsibilities. On the whole web teams were relatively small. Three quarters of responding institutions had a CMS, but specific systems in use were diverse. 60% had a portal. There was evidence of increasing use of blogs and wikis. The key driver for the web site is student recruitment, with instituitional reputation and information to stakeholders also being important. The biggest perceived weaknesses were maintaining consistency with devolved content creation and currency of content; lack of resourcing a key threat while comprehensiveness was a key strength. Current and wished for projects pointed again to the diversity of the sector.
Research implications/limitations:
The lack of comparative data and difficulties of interpreting responses to closed questions where respondents could have quite different status (partly reflecting divergent patterns of governance of the web across the sector) create issues with the reliability of the research.
Practical implications:
Data about resourcing of web management, technology in use etc at comparable institutions is invaluable for practitioners in their efforts to gain resource in their own context.
Originality/value of paper:
The paper adds more systematic, current data to our limited knowledge about how university web sites are managed
- …