2,676 research outputs found
COMPUTER-FACILITATED COMMUNICATION NEEDS AND VALUES
Teaching/Communication/Extension/Profession,
Recommended from our members
Your Code Is My Code: Exploiting a Common Weakness in OAuth 2.0 Implementations
Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0-based single sign on. The security of OAuth 2.0 is therefore of critical importance, and it has been widely examined both in theory and in practice. In this paper we disclose a new class of practical attacks on OAuth 2.0 implementations, which we call Partial Redirection URI Manipulation Attacks. An attack of this type can be used by an attacker to gain a victim user’s OAuth 2.0 code (a token representing a right to access user data) without the user’s knowledge; this code can then be used to impersonate the user to the relevant relying party website. We examined 27 leading OAuth 2.0 identity providers, and found that 19 of them are vulnerable to these attacks
Education Law Abstract: A Survey of Prominent Issues in Mississippi Public Schools
Symposiuim on Education La
Hyperelastic cloaking theory: Transformation elasticity with pre-stressed solids
Transformation elasticity, by analogy with transformation acoustics and
optics, converts material domains without altering wave properties, thereby
enabling cloaking and related effects. By noting the similarity between
transformation elasticity and the theory of incremental motion superimposed on
finite pre-strain it is shown that the constitutive parameters of
transformation elasticity correspond to the density and moduli of
small-on-large theory. The formal equivalence indicates that transformation
elasticity can be achieved by selecting a particular finite (hyperelastic)
strain energy function, which for isotropic elasticity is semilinear strain
energy. The associated elastic transformation is restricted by the requirement
of statically equilibrated pre-stress. This constraint can be cast as \tr
{\mathbf F} = constant, where is the deformation gradient,
subject to symmetry constraints, and its consequences are explored both
analytically and through numerical examples of cloaking of anti-plane and
in-plane wave motion.Comment: 20 pages, 5 figure
Model for Folding and Aggregation in RNA Secondary Structures
We study the statistical mechanics of RNA secondary structures designed to
have an attraction between two different types of structures as a model system
for heteropolymer aggregation. The competition between the branching entropy of
the secondary structure and the energy gained by pairing drives the RNA to
undergo a `temperature independent' second order phase transition from a molten
to an aggregated phase'. The aggregated phase thus obtained has a
macroscopically large number of contacts between different RNAs. The partition
function scaling exponent for this phase is \theta ~ 1/2 and the crossover
exponent of the phase transition is \nu ~ 5/3. The relevance of these
calculations to the aggregation of biological molecules is discussed.Comment: Revtex, 4 pages; 3 Figures; Final published versio
Analysing the Security of Google's implementation of OpenID Connect
Many millions of users routinely use their Google accounts to log in to
relying party (RP) websites supporting the Google OpenID Connect service.
OpenID Connect, a newly standardised single-sign-on protocol, builds an
identity layer on top of the OAuth 2.0 protocol, which has itself been widely
adopted to support identity management services. It adds identity management
functionality to the OAuth 2.0 system and allows an RP to obtain assurances
regarding the authenticity of an end user. A number of authors have analysed
the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in
practice remains an open question. We report on a large-scale practical study
of Google's implementation of OpenID Connect, involving forensic examination of
103 RP websites which support its use for sign-in. Our study reveals serious
vulnerabilities of a number of types, all of which allow an attacker to log in
to an RP website as a victim user. Further examination suggests that these
vulnerabilities are caused by a combination of Google's design of its OpenID
Connect service and RP developers making design decisions which sacrifice
security for simplicity of implementation. We also give practical
recommendations for both RPs and OPs to help improve the security of real world
OpenID Connect systems
A lattice model of hydrophobic interactions
Hydrogen bonding is modeled in terms of virtual exchange of protons between
water molecules. A simple lattice model is analyzed, using ideas and techniques
from the theory of correlated electrons in metals. Reasonable parameters
reproduce observed magnitudes and temperature dependence of the hydrophobic
interaction between substitutional impurities and water within this lattice.Comment: 7 pages, 3 figures. To appear in Europhysics Letter
Associations between street connectivity and active transportation
Background: Past studies of associations between measures of the built environment, particularly street connectivity, and active transportation (AT) or leisure walking/bicycling have largely failed to account for spatial autocorrelation of connectivity variables and have seldom examined both the propensity for AT and its duration in a coherent fashion. Such efforts could improve our understanding of the spatial and behavioral aspects of AT. We analyzed spatially identified data from Los Angeles and San Diego Counties collected as part of the 2001 California Health Interview Survey. Results: Principal components analysis indicated that ~85% of the variance in nine measures of street connectivity are accounted for by two components representing buffers with short blocks and dense nodes (PRIN1) or buffers with longer blocks that still maintain a grid like structure (PRIN2). PRIN1 and PRIN2 were positively associated with active transportation (AT) after adjustment for diverse demographic and health related variables. Propensity and duration of AT were correlated in both Los Angeles (r = 0.14) and San Diego (r = 0.49) at the zip code level. Multivariate analysis could account for the correlation between the two outcomes. After controlling for demography, measures of the built environment and other factors, no spatial autocorrelation remained for propensity to report AT (i.e., report of AT appeared to be independent among neighborhood residents). However, very localized correlation was evident in duration of AT, particularly in San Diego, where the variance of duration, after accounting for spatial autocorrelation, was 5% smaller within small neighborhoods (~0.01 square latitude/longitude degrees = 0.6 mile diameter) compared to within larger zip code areas. Thus a finer spatial scale of analysis seems to be more appropriate for explaining variation in connectivity and AT. Conclusions: Joint analysis of the propensity and duration of AT behavior and an explicitly geographic approach can strengthen studies of the built environment and physical activity (PA), specifically AT. More rigorous analytical work on cross-sectional data, such as in the present study, continues to support the need for experimental and longitudinal study designs including the analysis of natural experiments to evaluate the utility of environmental interventions aimed at increasing PA
By the Old Rustic Bridge : Sweetheart Nell
https://digitalcommons.library.umaine.edu/mmb-vp/1192/thumbnail.jp
- …