Computational Resource Abuse in Web Applications

Internet browsers include Application Programming Interfaces (APIs) to support Web applications that require complex functionality, e.g., to let end users watch videos, make phone calls, and play video games. Meanwhile, many Web applications employ the browser APIs to rely on the user's hardware to execute intensive computation, access the Graphics Processing Unit (GPU), use persistent storage, and establish network connections. However, providing access to the system's computational resources, i.e., processing, storage, and networking, through the browser creates an opportunity for attackers to abuse resources. Principally, the problem occurs when an attacker compromises a Web site and includes malicious code to abuse its visitor's computational resources. For example, an attacker can abuse the user's system networking capabilities to perform a Denial of Service (DoS) attack against third parties. What is more, computational resource abuse has not received widespread attention from the Web security community because most of the current specifications are focused on content and session properties such as isolation, confidentiality, and integrity. Our primary goal is to study computational resource abuse and to advance the state of the art by providing a general attacker model, multiple case studies, a thorough analysis of available security mechanisms, and a new detection mechanism. To this end, we implemented and evaluated three scenarios where attackers use multiple browser APIs to abuse networking, local storage, and computation. Further, depending on the scenario, an attacker can use browsers to perform Denial of Service against third-party Web sites, create a network of browsers to store and distribute arbitrary data, or use browsers to establish anonymous connections similarly to The Onion Router (Tor). Our analysis also includes a real-life resource abuse case found in the wild, i.e., CryptoJacking, where thousands of Web sites forced their visitors to perform crypto-currency mining without their consent. In the general case, attacks presented in this thesis share the attacker model and two key characteristics: 1) the browser's end user remains oblivious to the attack, and 2) an attacker has to invest little resources in comparison to the resources he obtains. In addition to the attack's analysis, we present how existing, and upcoming, security enforcement mechanisms from Web security can hinder an attacker and their drawbacks. Moreover, we propose a novel detection approach based on browser API usage patterns. Finally, we evaluate the accuracy of our detection model, after training it with the real-life crypto-mining scenario, through a large scale analysis of the most popular Web sites

Exploring the benefits of a traveller clustering approach based on multimodality attitudes and behaviours

This paper presents a new market segmentation study of travellers based on measures of multimodality attitudes and behaviours. The study involved a sample of researchers and clerical workers of the French national transport research institute to allow for a long and detailed questionnaire on multimodality habits. Two different cluster analyses are implemented. The first one considers variables related to the specific trip that was investigated in the survey, namely the intention to make such trip with changing travel means over time and the propensity to use a different mode in the future. The second study focuses on the more general multimodality behaviour, contemplating the actual and desired frequencies of use of different means and the propensity to try new services that are not yet existing in reality. The resulting market segments are compared and they are consistently pointing at almost the same classification of travellers. The best transport policy measures to achieve a behavioural change for each market segment are discussed

Conservation of coevolving protein interfaces bridges prokaryote-eukaryote homologies in the twilight zone

Protein-protein interactions are fundamental for the proper functioning of the cell. As a result, protein interaction surfaces are subject to strong evolutionary constraints. Recent developments have shown that residue coevolution provides accurate predictions of heterodimeric protein interfaces from sequence information. So far these approaches have been limited to the analysis of families of prokaryotic complexes for which large multiple sequence alignments of homologous sequences can be compiled. We explore the hypothesis that coevolution points to structurally conserved contacts at protein-protein interfaces, which can be reliably projected to homologous complexes with distantly related sequences. We introduce a domain-centered protocol to study the interplay between residue coevolution and structural conservation of protein-protein interfaces. We show that sequence-based coevolutionary analysis systematically identifies residue contacts at prokaryotic interfaces that are structurally conserved at the interface of their eukaryotic counterparts. In turn, this allows the prediction of conserved contacts at eukaryotic protein-protein interfaces with high confidence using solely mutational patterns extracted from prokaryotic genomes. Even in the context of high divergence in sequence (the twilight zone), where standard homology modeling of protein complexes is unreliable, our approach provides sequence-based accurate information about specific details of protein interactions at the residue level. Selected examples of the application of prokaryotic coevolutionary analysis to the prediction of eukaryotic interfaces further illustrate the potential of this approach.We thank F. Abascal and M. L. Tress for helpful discussions. This work was supported by Spanish Ministry of Economy and Competitiveness Projects BFU2015-71241-R and BIO2012-40205, cofunded by the European Regional Development Fund.S

FigGen: Text to Scientific Figure Generation

The generative modeling landscape has experienced tremendous growth in recent years, particularly in generating natural images and art. Recent techniques have shown impressive potential in creating complex visual compositions while delivering impressive realism and quality. However, state-of-the-art methods have been focusing on the narrow domain of natural images, while other distributions remain unexplored. In this paper, we introduce the problem of text-to-figure generation, that is creating scientific figures of papers from text descriptions. We present FigGen, a diffusion-based approach for text-to-figure as well as the main challenges of the proposed task. Code and models are available at https://github.com/joanrod/figure-diffusionComment: Published at ICLR 2023 as a Tiny Pape

Complications in the treatment with alveolar extraosseous distractors: literature review

Background: To review the literature that analyses the types and frequency of complications associated with the use of extraosseous alveolar distraction from 2007 to 2013. Material and Methods: Review of the literature in PubMed, using these keywords; alveolar ridge, alveolar distraction osteogenesis, complication, literature review. Inclusion criteria were: articles published between 2007 and 2013 that included the distraction protocol, the complications encountered and the time when they occurred. Results: According to the above criteria, 12 articles were included in this review, where 334 extraosseous distractors were placed and 395 complications were encountered, of which 19 (4.81%) were intraoperative, 261 (66.07%) postoperative and 115 (29.11 %) were postdistraction. The most common complication was the incorrect distraction vector found in 105 cases (26.58%), in 23 cases (5.82%) there were severe complications, of which 14 (3.54%) were mandibular fracture and 9 (2.27%) were fractures of the distractor elements. Conclusions: According to this review, although alveolar distraction is a safe and predictable technique, it can cause complications; however, they are usually minor and easily resolved without affecting the treatment outcome

Notch Sensitivity Study in U-notched Polymers Built by Additive Manufacturing (AM)

Onyx ® is a new material composed of Polyamide 6 reinforced with short carbon fiber, used in the novel additive manufacturing composites technique. This paper aims to present the axial fatigue performance of this material with and without U-notches. The experimentally determined S-N fatigue curve was obtained under axial load with a load inversion ratio, R = 0.1, and compared to fatigue performance of U-notched samples ranging from 0.25 to 2 mm radius. In addition, the stress concentration factor was compared for static and alternative loading to obtain the notch sensitivity in terms of the U-notch radius, showing that there is indeed a difference in stress concentration between them. The advantage of the approach is that it permits using commonly used dimensioning methods for this AM material

A Comprehensive Study on Pain Assessment from Multimodal Sensor Data

Pain assessment is a critical aspect of healthcare, influencing timely interventions and patient well-being. Traditional pain evaluation methods often rely on subjective patient reports, leading to inaccuracies and disparities in treatment, especially for patients who present difficulties to communicate due to cognitive impairments. Our contributions are three-fold. Firstly, we analyze the correlations of the data extracted from biomedical sensors. Then, we use state-of-the-art computer vision techniques to analyze videos focusing on the facial expressions of the patients, both per-frame and using the temporal context. We compare them and provide a baseline for pain assessment methods using two popular benchmarks: UNBC-McMaster Shoulder Pain Expression Archive Database and BioVid Heat Pain Database. We achieved an accuracy of over 96% and over 94% for the F1 Score, recall and precision metrics in pain estimation using single frames with the UNBC-McMaster dataset, employing state-of-the-art computer vision techniques such as Transformer-based architectures for vision tasks. In addition, from the conclusions drawn from the study, future lines of work in this area are discussed

Aplicación del paragrafo final del artículo 94 del CGP en los seguros

Ahora, en materia de seguros se encuentran las siguientes dificultades: • La calidad de acreedor y deudor en la mayoría de controversias derivadas de contrato de seguro no se encuentra definida desde la reclamación, en ocasiones por el ramo y/o producto sobre el cual verse la discusión o porque se este discutiendo la validez del contrato. • Por ejemplo, en un seguro de responsabilidad civil, donde quien reclame sea la víctima en ejercicio de la acción directa consagrada en el artículo 1127 del Código de Comercio, habrá situaciones donde la responsabilidad del asegurado no se encuentra acreditada o existen dudas al respecto, por lo que no se entiende como se puede considerar que la compañía aseguradora es deudora, lo cual haría inaplicable la norma señalada. • Algo similar ocurriría en controversias derivadas de seguros de vida deudor, donde quien reclame sea un tercero interesado diferente a la entidad Bancaria, quien normalmente ostenta la calidad de beneficiaria, como podría considerarse que ese tercero es acreedor y mucho menos como podría pensarse que ese tercero interrumpió el cómputo de la prescripción. • Lo anterior, para concluir que esta norma no es de fácil aplicación en materia de seguros, pues en muchas ocasiones la calidad de quienes reclaman no se encuentra acreditada y esto llevaría a una aplicación restrictiva de la norma, reservándola casi que exclusivamente a los seguros de daños reales, y en ocasiones, a algunos productos de los seguros de personas. • Ahora, al no haberse realizado una distinción por parte del legislador, se considera que lo pertinente sería aplicar la norma de manera estricta, es decir, cuando se tenga certeza de la calidad en la que se actúa.In terms of insurance, we can find the following challenges: • The figure of creditor and debtor in most disputes arising from the insurance contract is not defined since the moment the claim is made, due to, in some cases, to the type of insurance/product on which to be seen the discussion or because the validity of the contract is being discussed. • For example, regarding the liability insurance, in the case of the direct action enshrined in article 1127 of the Commercial Colombian Code, the claim comes from the victim in, so it is possible that the responsibility of the insured is not proven or there are doubts that it even exists, but the insurance company will be in debt with the victim, which would make the indicated rule inapplicable. • Something similar would occur regarding the life insurances, where the claiming party is an interested third party different than the Banking entity, who normally holds the status of the beneficiary, and unexplainable would be the fact that the third party would be considered as the creditor and much less as it could be thought that that third party interrupted the calculation of the prescription. •The foregoing, to conclude that this rule is not easy to apply in insurance matters, since on many occasions the quality of those who claim is not accredited and this would lead to a restrictive application of the rule, reserving it almost exclusively to insurance of actual damages, and sometimes, to some personal insurance products • Now, since a distinction has not been made by the legislator, it is considered that the pertinent thing would be to apply the rule strictly, that is when the quality in which it acts is certainEspecialista en Derecho de SegurosEspecializació

Low cost storage techniques and models applied to small and medium enterprises

Este artículo fue escrito con el objetivo de presentarle a aquellas pequeñas y medianas empresas creadas en Colombia, técnicas y modelos de almacenamiento como opción que permitan el crecimiento empresarial, la reducción de costos y reconocimiento en el sector al que pertenecen. Por medio de la investigación cualitativa se aglomeraron y se escogieron las mejores técnicas y modelos de bajo costo aplicables a este tipo de empresas, finalmente se realiza la caracterización por tamaño de empresa y tipo de producto almacenado obteniendo como resultado la consolidación de varias opciones de selección que permita a las pequeñas y medianas empresas lograr obtener un ahorro en el manejo de los inventarios, en el productos faltante por mermas o ventas perdidas por clientes insatisfechos, además de estos ahorros permiten a las empresas un crecimiento ordenado y eficiente.This article was written with the objective of presenting to those small and medium sized companies created in Colombia techniques and storage models as an option that allow business growth, cost reduction and recognition in the sector to which they belong, through qualitative research the best techniques and low-cost models applicable to this type of companies were agglomerated and chosen, finally the characterization by company size and type of stored product is carried out, resulting in the consolidation of several selection options that allow small and medium sized companies achieve savings in the management of inventories, in the missing products due to losses or sales lost by unsatisfied customers, in addition to these savings allow companies to orderly and efficiently grow.Especializació

An Optimization Model For Prioritizing Sewerage Maintenance Scheduling

Water utility companies, responsible for providing water supply and sewerage services to the urban population, are constantly seeking to improve their service.In the case of sewer systems, effective scheduling of preventive maintenance of urban water infrastructure has been identified as an important activity in order to reduce costs and protect the integrity of citizens and the surrounding, both built and natural, environments. Consequently, with particular focus on Bogotá (Colombia), we developed an optimization model that generates a preventive maintenance plan on a set of zones withinthe city. These zones have in common a high failure probability over a defined time period due to sediment-related blockages. Failure probabilities are obtained from the statistical model proposed by Rodríguez et al. (2012) which uses an exceptionally long and spatially detailed failure data set obtained from a customer complaints database. The mixed integer optimization model implemented here, which is an adaptation from the one presented by Medaglia et al.(2008), considers a multi-objective function which maximizes the protection of the city. For the maximization process we take into account the entities that would be affected in case of flooding (health centers, education centers, market places, etc.) caused by a sediment-related sewer system blockage. The information about the entities is obtained and modified through Geographic Information Systems (GIS) and Analytic Hierarchy Process (AHP). Furthermore, the model satisfies budget and operational capacity restrictions, due to their finite nature. Based on a model sensitivity analysis, we can conclude that the ratio between preventive and corrective maintenance costs is critical to define a proactive maintenance schedule, while other parameters such as the available budget are not. Making a comparison of the methodology currently used by the local water utility and our model, the later obtained better results in terms of city protection and budget and resources allocation