A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole application. Moreover, the analysis should take into consideration how file-system vulnerabilities might in- teract with other vulnerabilities leading an attacker to breach into the web application. In this paper, we first propose a classification of file- system vulnerabilities, and then, based on this classification, we present a formal approach that allows one to exploit file-system vulnerabilities. We give a formal representation of web applications, databases and file- systems, and show how to reason about file-system vulnerabilities. We also show how to combine file-system vulnerabilities and SQL-Injection vulnerabilities for the identification of complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing several real-world case studies, which are witness to the fact that our tool can generate, and exploit, complex attacks that, to the best of our knowledge, no other state-of-the-art-tool for the security of web applications can find

Orchestrating Forest Policy in Italy: Mission Impossible?

In the Italian political and economic agenda the forest sector occupies a marginal role. The forest sector in Italy is characterized by a high institutional fragmentation and centralized decision-making processes dominated by Public Forest Administrations. Public participation in forest policy processes has been implemented since the 1990s at national, regional and local levels in several cases. However, today no significant changes have been observed in the overall governance of the forest sector and stakeholders' involvement in Italian forest policy decision-making is still rather limited. The aims of this paper are to describe the state of forest-related participatory processes in Italy at various levels (national, regional and local) and identify which factors and actors hinder or support the establishment and implementation of participatory forest-related processes in the country. The forest-related participatory processes are analyzed adopting a qualitative-based approach and interpreting interactive, complex and non-linear participatory processes through the lens of panarchy theory

Strengthening measurements from the edges: application-level packet loss rate estimation

Network users know much less than ISPs, Internet exchanges and content providers about what happens inside the network. Consequently users cannot either easily detect network neutrality violations or readily exercise their market power by knowledgeably switching ISPs. This paper contributes to the ongoing efforts to empower users by proposing two models to estimate -- via application-level measurements -- a key network indicator, i.e., the packet loss rate (PLR) experienced by FTP-like TCP downloads. Controlled, testbed, and large-scale experiments show that the Inverse Mathis model is simpler and more consistent across the whole PLR range, but less accurate than the more advanced Likely Rexmit model for landline connections and moderate PL

Women and Petty Violence in Cheltenham and Exeter, 1880-1909

The historiography of female violence has largely centred on women’s experiences as victims or on their perpetration of lethal acts such as murder and infanticide. In the last decade, however, scholars have paid increasing attention to women’s perpetration of non-lethal violent crime. This thesis contributes to recent scholarship by examining female acts of assault in late Victorian and Edwardian England in an understudied region of the country: whilst most historians have focused on the North, South East or Midlands, this study draws attention to the South West of the country and situates women’s acts of minor violence within the context of wider national patterns. Focusing specifically on cases prosecuted at the Exeter and Cheltenham magistrates’ courts in the years 1880-1909, the thesis follows women through different stages of their offending trajectories: the perpetration of their acts; their treatment by magistrates; their portrayal in the media; and, finally, their experiences after facing prosecution.Using evidence from court records, newspapers and census returns, the study employs both quantitative and qualitative analyses in order to examine patterns in the perpetration and outcome of female non-lethal violence. These examinations reveal that women’s ‘expected’ and ‘actual’ roles – especially those relating to motherhood, wifehood and the neighbourhood – impacted not only the ways in which their assaults were committed but also on their treatment by the justice system and the media. It is also demonstrated that women’s positions could contribute to their propensity to reoffend, an action which sometimes resulted in women’s marginalisation in post-offending life. By following the women’s experiences from the onset to aftermath of their violence, this thesis offers an original and comprehensive contribution to the historiography of female violence in late Victorian and Edwardian England

A Semi-supervised Method to Identify Urban Anomalies through LTE PDCCH Fingerprinting

In this paper we advocate the use of mobile networks as sensing platforms to monitor metropolitan areas. In particular, we are interested in detecting urban anomalies (e.g., crowd gathering) by processing the control information exchanged among the base stations and the mobile users. For this, we design an anomaly detection framework based on semi-supervised learning, which enables the automatic identification of different types of anomalous events without any a-priori information. The proposed approach uses unsupervised learning techniques to gain confidence in real mobile traffic demand patterns from the city of Madrid in Spain and build an ad-hoc ground truth. A recurrent neural network is then trained to detect contextual anomalies and identify different types of urban events. Simulation results confirm the better performance of the semi-supervised method compared to pure unsupervised anomaly detection frameworks

High-frequency CO2-system observations from a moored sensor in the York River

These are CO2-system data from a moored sensor in the York River, a tributary of the Chesapeake Bay. Temperature, salinity and pH were acquired hourly over two deployments lasting several months. Sensor data were then averaged to 24-hour resolution. Data were calibrated with discrete dissolved inorganic carbon (TCO2) and alkalinity samples analyzed at the Virginia Institute of Marine Science, following standard procedures. The pH sensor data were then combined with salinity data, and a relationship between alkalinity and salinity, to compute the remaining CO2-system parameters (TCO2, CO2 partial pressure (pCO2), and saturation state of aragonite. There is one file for each deployment (D1, and D2); the data are in a comma-separated (csv) format. Hourly measured temperature, salinity, and pH are given, as well as derived alkalinity, TCO2, pCO2, and saturation state of aragonite are included. Units are in the first row of each file