277 research outputs found
Recommended from our members
Your Code Is My Code: Exploiting a Common Weakness in OAuth 2.0 Implementations
Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0-based single sign on. The security of OAuth 2.0 is therefore of critical importance, and it has been widely examined both in theory and in practice. In this paper we disclose a new class of practical attacks on OAuth 2.0 implementations, which we call Partial Redirection URI Manipulation Attacks. An attack of this type can be used by an attacker to gain a victim user’s OAuth 2.0 code (a token representing a right to access user data) without the user’s knowledge; this code can then be used to impersonate the user to the relevant relying party website. We examined 27 leading OAuth 2.0 identity providers, and found that 19 of them are vulnerable to these attacks
Analysing the Security of Google's implementation of OpenID Connect
Many millions of users routinely use their Google accounts to log in to
relying party (RP) websites supporting the Google OpenID Connect service.
OpenID Connect, a newly standardised single-sign-on protocol, builds an
identity layer on top of the OAuth 2.0 protocol, which has itself been widely
adopted to support identity management services. It adds identity management
functionality to the OAuth 2.0 system and allows an RP to obtain assurances
regarding the authenticity of an end user. A number of authors have analysed
the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in
practice remains an open question. We report on a large-scale practical study
of Google's implementation of OpenID Connect, involving forensic examination of
103 RP websites which support its use for sign-in. Our study reveals serious
vulnerabilities of a number of types, all of which allow an attacker to log in
to an RP website as a victim user. Further examination suggests that these
vulnerabilities are caused by a combination of Google's design of its OpenID
Connect service and RP developers making design decisions which sacrifice
security for simplicity of implementation. We also give practical
recommendations for both RPs and OPs to help improve the security of real world
OpenID Connect systems
Expressive Equivalence and Succinctness of Parametrized Automata with respect to Finite Memory Automata
International audienceWe compare parametrized automata, a class of automata recently introduced by the authors, against finite memory automata with non-deterministic assignment, an existing class of automata used to model services. We prove that both classes have the same expressive power, while parametrized automata can be exponentially succinct in some cases. We then prove that deciding simulation preorder for parametrized automata is EXPTIME-complete, extending an earlier result showing it in EXPTIME
LTL Parameter Synthesis of Parametric Timed Automata
The parameter synthesis problem for parametric timed automata is undecidable
in general even for very simple reachability properties. In this paper we
introduce restrictions on parameter valuations under which the parameter
synthesis problem is decidable for LTL properties. The investigated bounded
integer parameter synthesis problem could be solved using an explicit
enumeration of all possible parameter valuations. We propose an alternative
symbolic zone-based method for this problem which results in a faster
computation. Our technique extends the ideas of the automata-based approach to
LTL model checking of timed automata. To justify the usefulness of our
approach, we provide experimental evaluation and compare our method with
explicit enumeration technique.Comment: 23 pages, extended versio
Efficient Online Timed Pattern Matching by Automata-Based Skipping
The timed pattern matching problem is an actively studied topic because of
its relevance in monitoring of real-time systems. There one is given a log
and a specification (given by a timed word and a timed automaton
in this paper), and one wishes to return the set of intervals for which the log
, when restricted to the interval, satisfies the specification
. In our previous work we presented an efficient timed pattern
matching algorithm: it adopts a skipping mechanism inspired by the classic
Boyer--Moore (BM) string matching algorithm. In this work we tackle the problem
of online timed pattern matching, towards embedded applications where it is
vital to process a vast amount of incoming data in a timely manner.
Specifically, we start with the Franek-Jennings-Smyth (FJS) string matching
algorithm---a recent variant of the BM algorithm---and extend it to timed
pattern matching. Our experiments indicate the efficiency of our FJS-type
algorithm in online and offline timed pattern matching
Efficient Emptiness Check for Timed B\"uchi Automata (Extended version)
The B\"uchi non-emptiness problem for timed automata refers to deciding if a
given automaton has an infinite non-Zeno run satisfying the B\"uchi accepting
condition. The standard solution to this problem involves adding an auxiliary
clock to take care of the non-Zenoness. In this paper, it is shown that this
simple transformation may sometimes result in an exponential blowup. A
construction avoiding this blowup is proposed. It is also shown that in many
cases, non-Zenoness can be ascertained without extra construction. An
on-the-fly algorithm for the non-emptiness problem, using non-Zenoness
construction only when required, is proposed. Experiments carried out with a
prototype implementation of the algorithm are reported.Comment: Published in the Special Issue on Computer Aided Verification - CAV
2010; Formal Methods in System Design, 201
Speeding up the constraint-based method in difference logic
"The final publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-40970-2_18"Over the years the constraint-based method has been successfully applied to a wide range of problems in program analysis, from invariant generation to termination and non-termination proving. Quite often the semantics of the program under study as well as the properties to be generated belong to difference logic, i.e., the fragment of linear arithmetic where atoms are inequalities of the form u v = k. However, so far constraint-based techniques have not exploited this fact: in general, Farkas’ Lemma is used to produce the constraints over template unknowns, which leads to non-linear SMT problems. Based on classical results of graph theory, in this paper we propose new encodings for generating these constraints when program semantics and templates belong to difference logic. Thanks to this approach, instead of a heavyweight non-linear arithmetic solver, a much cheaper SMT solver for difference logic or linear integer arithmetic can be employed for solving the resulting constraints. We present encouraging experimental results that show the high impact of the proposed techniques on the performance of the VeryMax verification systemPeer ReviewedPostprint (author's final draft
A stitch in time: Efficient computation of genomic DNA melting bubbles
Background: It is of biological interest to make genome-wide predictions of
the locations of DNA melting bubbles using statistical mechanics models.
Computationally, this poses the challenge that a generic search through all
combinations of bubble starts and ends is quadratic.
Results: An efficient algorithm is described, which shows that the time
complexity of the task is O(NlogN) rather than quadratic. The algorithm
exploits that bubble lengths may be limited, but without a prior assumption of
a maximal bubble length. No approximations, such as windowing, have been
introduced to reduce the time complexity. More than just finding the bubbles,
the algorithm produces a stitch profile, which is a probabilistic graphical
model of bubbles and helical regions. The algorithm applies a probability peak
finding method based on a hierarchical analysis of the energy barriers in the
Poland-Scheraga model.
Conclusions: Exact and fast computation of genomic stitch profiles is thus
feasible. Sequences of several megabases have been computed, only limited by
computer memory. Possible applications are the genome-wide comparisons of
bubbles with promotors, TSS, viral integration sites, and other melting-related
regions.Comment: 16 pages, 10 figure
Earliest Triassic microbialites in the South China Block and other areas; controls on their growth and distribution
Earliest Triassic microbialites (ETMs) and inorganic carbonate crystal fans formed after the end-Permian mass extinction (ca. 251.4 Ma) within the basal Triassic Hindeodus parvus conodont zone. ETMs are distinguished from rarer, and more regional, subsequent Triassic microbialites. Large differences in ETMs between northern and southern areas of the South China block suggest geographic provinces, and ETMs are most abundant throughout the equatorial Tethys Ocean with further geographic variation. ETMs occur in shallow-marine shelves in a superanoxic stratified ocean and form the only widespread Phanerozoic microbialites with structures similar to those of the Cambro-Ordovician, and briefly after the latest Ordovician, Late Silurian and Late Devonian extinctions. ETMs disappeared long before the mid-Triassic biotic recovery, but it is not clear why, if they are interpreted as disaster taxa. In general, ETM occurrence suggests that microbially mediated calcification occurred where upwelled carbonate-rich anoxic waters mixed with warm aerated surface waters, forming regional dysoxia, so that extreme carbonate supersaturation and dysoxic conditions were both required for their growth. Long-term oceanic and atmospheric changes may have contributed to a trigger for ETM formation. In equatorial western Pangea, the earliest microbialites are late Early Triassic, but it is possible that ETMs could exist in western Pangea, if well-preserved earliest Triassic facies are discovered in future work
University rankings:What do they really show?
University rankings as developed by the media are used by many stakeholders in higher education: students looking for university places; academics looking for university jobs; university managers who need to maintain standing in the competitive arena of student recruitment; and governments who want to know that public funds spent on universities are delivering a world class higher education system. Media rankings deliberately draw attention to the performance of each university relative to all others, and as such they are undeniably simple to use and interpret. But one danger is that they are potentially open to manipulation and gaming because many of the measures underlying the rankings are under the control of the institutions themselves. This paper examines media rankings (constructed from an amalgamation of variables representing performance across numerous dimensions) to reveal the problems with using a composite index to reflect overall performance. It ends with a proposal for an alternative methodology which leads to groupings rather than point estimates
- …