1,613 research outputs found
Hypermedia-based discovery for source selection using low-cost linked data interfaces
Evaluating federated Linked Data queries requires consulting multiple sources on the Web. Before a client can execute queries, it must discover data sources, and determine which ones are relevant. Federated query execution research focuses on the actual execution, while data source discovery is often marginally discussed-even though it has a strong impact on selecting sources that contribute to the query results. Therefore, the authors introduce a discovery approach for Linked Data interfaces based on hypermedia links and controls, and apply it to federated query execution with Triple Pattern Fragments. In addition, the authors identify quantitative metrics to evaluate this discovery approach. This article describes generic evaluation measures and results for their concrete approach. With low-cost data summaries as seed, interfaces to eight large real-world datasets can discover each other within 7 minutes. Hypermedia-based client-side querying shows a promising gain of up to 50% in execution time, but demands algorithms that visit a higher number of interfaces to improve result completeness
COVID-19 & privacy: Enhancing of indoor localization architectures towards effective social distancing
Abstract The way people access services in indoor environments has dramatically changed in the last year. The countermeasures to the COVID-19 pandemic imposed a disruptive requirement, namely preserving social distance among people in indoor environments. We explore in this work the possibility of adopting the indoor localization technologies to measure the distance among users in indoor environments. We discuss how information about people's contacts collected can be exploited during three stages: before, during, and after people access a service. We present a reference architecture for an Indoor Localization System (ILS), and we illustrate three representative use-cases. We derive some architectural requirements, and we discuss some issues that concretely cope with the real installation of an ILS in real-world settings. In particular, we explore the privacy and trust reputation of an ILS, the discovery phase, and the deployment of the ILS in real-world settings. We finally present an evaluation framework for assessing the performance of the architecture proposed
The Anatomy of the Grid - Enabling Scalable Virtual Organizations
"Grid" computing has emerged as an important new field, distinguished from
conventional distributed computing by its focus on large-scale resource
sharing, innovative applications, and, in some cases, high-performance
orientation. In this article, we define this new field. First, we review the
"Grid problem," which we define as flexible, secure, coordinated resource
sharing among dynamic collections of individuals, institutions, and
resources-what we refer to as virtual organizations. In such settings, we
encounter unique authentication, authorization, resource access, resource
discovery, and other challenges. It is this class of problem that is addressed
by Grid technologies. Next, we present an extensible and open Grid
architecture, in which protocols, services, application programming interfaces,
and software development kits are categorized according to their roles in
enabling resource sharing. We describe requirements that we believe any such
mechanisms must satisfy, and we discuss the central role played by the
intergrid protocols that enable interoperability among different Grid systems.
Finally, we discuss how Grid technologies relate to other contemporary
technologies, including enterprise integration, application service provider,
storage service provider, and peer-to-peer computing. We maintain that Grid
concepts and technologies complement and have much to contribute to these other
approaches.Comment: 24 pages, 5 figure
Web Data Extraction, Applications and Techniques: A Survey
Web Data Extraction is an important problem that has been studied by means of
different scientific tools and in a broad range of applications. Many
approaches to extracting data from the Web have been designed to solve specific
problems and operate in ad-hoc domains. Other approaches, instead, heavily
reuse techniques and algorithms developed in the field of Information
Extraction.
This survey aims at providing a structured and comprehensive overview of the
literature in the field of Web Data Extraction. We provided a simple
classification framework in which existing Web Data Extraction applications are
grouped into two main classes, namely applications at the Enterprise level and
at the Social Web level. At the Enterprise level, Web Data Extraction
techniques emerge as a key tool to perform data analysis in Business and
Competitive Intelligence systems as well as for business process
re-engineering. At the Social Web level, Web Data Extraction techniques allow
to gather a large amount of structured data continuously generated and
disseminated by Web 2.0, Social Media and Online Social Network users and this
offers unprecedented opportunities to analyze human behavior at a very large
scale. We discuss also the potential of cross-fertilization, i.e., on the
possibility of re-using Web Data Extraction techniques originally designed to
work in a given domain, in other domains.Comment: Knowledge-based System
Demystifying RCE Vulnerabilities in LLM-Integrated Apps
In recent years, Large Language Models (LLMs) have demonstrated remarkable
potential across various downstream tasks. LLM-integrated frameworks, which
serve as the essential infrastructure, have given rise to many LLM-integrated
web apps. However, some of these frameworks suffer from Remote Code Execution
(RCE) vulnerabilities, allowing attackers to execute arbitrary code on apps'
servers remotely via prompt injections. Despite the severity of these
vulnerabilities, no existing work has been conducted for a systematic
investigation of them. This leaves a great challenge on how to detect
vulnerabilities in frameworks as well as LLM-integrated apps in real-world
scenarios.
To fill this gap, we present two novel strategies, including 1) a static
analysis-based tool called LLMSmith to scan the source code of the framework to
detect potential RCE vulnerabilities and 2) a prompt-based automated testing
approach to verify the vulnerability in LLM-integrated web apps. We discovered
13 vulnerabilities in 6 frameworks, including 12 RCE vulnerabilities and 1
arbitrary file read/write vulnerability. 11 of them are confirmed by the
framework developers, resulting in the assignment of 7 CVE IDs. After testing
51 apps, we found vulnerabilities in 17 apps, 16 of which are vulnerable to RCE
and 1 to SQL injection. We responsibly reported all 17 issues to the
corresponding developers and received acknowledgments. Furthermore, we amplify
the attack impact beyond achieving RCE by allowing attackers to exploit other
app users (e.g. app responses hijacking, user API key leakage) without direct
interaction between the attacker and the victim. Lastly, we propose some
mitigating strategies for improving the security awareness of both framework
and app developers, helping them to mitigate these risks effectively
Survey on detecting and preventing web application broken access control attacks
Web applications are an essential component of the current wide range of digital services proposition including financial and governmental services as well as social networking and communications. Broken access control vulnerabilities pose a huge risk to that echo system because they allow the attacker to circumvent the allocated permissions and rights and perform actions that he is not authorized to perform. This paper gives a broad survey of the current research progress on approaches used to detect access control vulnerabilities exploitations and attacks in web application components. It categorizes these approaches based on their key techniques and compares the different detection methods in addition to evaluating their strengths and weaknesses. We also spotted and elaborated on some exciting research gaps found in the current literature, Finally, the paper summarizes the general detection approaches and suggests potential research directions for the future
- …