An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources

Web developers can (and do) include subresources such as scripts, stylesheets and images in their webpages. Such subresources might be stored on remote servers such as content delivery networks (CDNs). This practice creates security and privacy risks, should a subresource be corrupted, as was recently the case for the British Airways websites. The subresource integrity (SRI) recommendation, released in mid-2016 by the W3C, enables developers to include digests in their webpages in order for web browsers to verify the integrity of subresources before loading them. In this paper, we conduct the first large-scale longitudinal study of the use of SRI on the Web by analyzing massive crawls (3B unique URLs) of the Web over the last 3.5 years. Our results show that the adoption of SRI is modest (3.40%), but grows at an increasing rate and is highly influenced by the practices of popular library developers (e.g., Bootstrap) and CDN operators (e.g., jsDelivr). We complement our analysis about SRI with a survey of web developers (N =227): It shows that a substantial proportion of developers know SRI and understand its basic functioning, but most of them ignore important aspects of the specication, such as the case of malformed digests. The results of the survey also show that the integration of SRI by developers is mostly manual-hence not scalable and error prone. This calls for a better integration of SRI in build tools

RiPKI: The Tragic Story of RPKI Deployment in the Web Ecosystem

Previous arXiv version of this paper has been published under the title "When BGP Security Meets Content Deployment: Measuring and Analysing RPKI-Protection of Websites", Proc. of Fourteenth ACM Workshop on Hot Topics in Networks (HotNets), New York:ACM, 2015Previous arXiv version of this paper has been published under the title "When BGP Security Meets Content Deployment: Measuring and Analysing RPKI-Protection of Websites", Proc. of Fourteenth ACM Workshop on Hot Topics in Networks (HotNets), New York:ACM, 2015Web content delivery is one of the most important services on the Internet. Access to websites is typically secured via TLS. However, this security model does not account for prefix hijacking on the network layer, which may lead to traffic blackholing or transparent interception. Thus, to achieve comprehensive security and service availability, additional protective mechanisms are necessary such as the RPKI, a recently deployed Resource Public Key Infrastructure to prevent hijacking of traffic by networks. This paper argues two positions. First, that modern web hosting practices make route protection challenging due to the propensity to spread servers across many different networks, often with unpredictable client redirection strategies, and, second, that we need a better understanding why protection mechanisms are not deployed. To initiate this, we empirically explore the relationship between web hosting infrastructure and RPKI deployment. Perversely, we find that less popular websites are more likely to be secured than the prominent sites. Worryingly, we find many large-scale CDNs do not support RPKI, thus making their customers vulnerable. This leads us to explore business reasons why operators are hesitant to deploy RPKI, which may help to guide future research on improving Internet security

Computational modelling and experimental tank testing of the multi float WaveSub under regular wave forcing

A submerged wave device generates energy from the relative motion of floating bodies. In WaveSub, three floats are joined to a reactor; each connected to a spring and generator. Electricity generated damps the orbital movements of the floats. The forces are non-linear and each float interacts with the others. Tuning to the wave climate is achieved by changing the line lengths, so there is a need to understand the performance trade-offs for a large number of configurations. This requires an efficient, large displacement, multidirectional, multi-body numerical scheme. Results from a 1/25 scale wave basin experiment are described. Here, we show that a time domain linear potential flow formulation (Nemoh, WEC-Sim) can match the tank testing provided that suitably tuned drag coefficients are employed. Inviscid linear potential models can match some wave device experiments; however, additional viscous terms generally provide better accuracy. Scale experiments are also prone to mechanical friction, and we estimate friction terms to improve the correlation further. The resulting error in mean power between numerical and physical models is approximately 10%. Predicted device movement shows a good match. Overall, drag terms in time domain wave energy modelling will improve simulation accuracy in wave renewable energy device design

Computational modelling and experimental tank testing of the multi float WaveSub under regular wave forcing

A submerged wave device generates energy from the relative motion of floating bodies. In 1 WaveSub, three floats are joined to a reactor; each connected to a spring and generator. Electricity generated 2 damps the orbital movements of the floats. The forces are non-linear and each float interacts with the others. 3 Tuning to the wave climate is achieved by changing the line lengths so there is a need to understand the 4 performance trade-offs for a large number of configurations. This requires an efficient, large displacement, 5 multidirectional, multi-body numerical scheme. Results from a 1/25 scale wave basin experiment are described. 6 Here we show that a time domain linear potential flow formulation (Nemoh, WEC-Sim) can match the tank 7 testing provided that suitably tuned drag coefficients are employed. Inviscid linear potential models can match 8 some wave device experiments, however, additional viscous terms generally provide better accuracy. Scale 9 experiments are also prone to mechanical friction and we estimate friction terms to improve the correlation 10 further. The resulting error in mean power between numerical and physical models is approximately 10%. 11 Predicted device movement shows a good match. Overall, drag terms in time domain wave energy modelling 12 will improve simulation accuracy in wave renewable energy device design

Climacteric Lowers Plasma Levels of Platelet-Derived Microparticles: A Pilot Study in Pre-versus Postmenopausal Women

Background: Climacteric increases the risk of thrombotic events by alteration of plasmatic coagulation. Up to now, less is known about changes in platelet-(PMP) and endothelial cell-derived microparticles (EMP). Methods: In this prospective study, plasma levels of microparticles (MP) were compared in 21 premenopausal and 19 postmenopausal women. Results: No altered numbers of total MP or EMP were measured within the study groups. However, the plasma values of CD61-exposing MP from platelets/megakaryocytes were higher in premenopausal women (5,364 x 10(6)/l, range 4,384-17,167) as compared to postmenopausal women (3,808 x 10(6)/l, range 2,009-8,850; p = 0.020). This differentiation was also significant for the subgroup of premenopausal women without hormonal contraceptives (5,364 x 10(6)/l, range 4,223-15,916; p = 0.047; n = 15). Furthermore, in premenopausal women, higher plasma levels of PMP exposing CD62P were also present as compared to postmenopausal women (288 x 10(6)/l, range 139-462, vs. 121 x 10(6)/l, range 74-284; p = 0.024). This difference was also true for CD63+ PMP levels (281 x 10(6)/l, range 182-551, vs. 137 x 10(6)/l, range 64-432; p = 0.015). Conclusion: Climacteric lowers the level of PMP but has no impact on the number of EMP in women. These data suggest that PMP and EMP do not play a significant role in enhancing the risk of thrombotic events in healthy, postmenopausal women. Copyright (C) 2012 S. Karger AG, Base

A Membrane-Bound Vertebrate Globin

The family of vertebrate globins includes hemoglobin, myoglobin, and other O2-binding proteins of yet unclear functions. Among these, globin X is restricted to fish and amphibians. Zebrafish (Danio rerio) globin X is expressed at low levels in neurons of the central nervous system and appears to be associated with the sensory system. The protein harbors a unique N-terminal extension with putative N-myristoylation and S-palmitoylation sites, suggesting membrane-association. Intracellular localization and transport of globin X was studied in 3T3 cells employing green fluorescence protein fusion constructs. Both myristoylation and palmitoylation sites are required for correct targeting and membrane localization of globin X. To the best of our knowledge, this is the first time that a vertebrate globin has been identified as component of the cell membrane. Globin X has a hexacoordinate binding scheme and displays cooperative O2 binding with a variable affinity (P50∼1.3–12.5 torr), depending on buffer conditions. A respiratory function of globin X is unlikely, but analogous to some prokaryotic membrane-globins it may either protect the lipids in cell membrane from oxidation or may act as a redox-sensing or signaling protein

Increasing Dominance - the Role of Advertising, Pricing and Product Design

Despite the empirical relevance of advertising strategies in concentrated markets, the economics literature is largely silent on the effect of persuasive advertising strategies on pricing, market structure and increasing (or decreasing) dominance. In a simple model of persuasive advertising and pricing with differentiated goods, we analyze the interdependencies between ex-ante asymmetries in consumer appeal, advertising and prices. Products with larger initial appeal to consumers will be advertised more heavily but priced at a higher level - that is, advertising and price discounts are strategic substitutes for products with asymmetric initial appeal. We find that the escalating effect of advertising dominates the moderating effect of pricing so that post-competition market shares are more asymmetric than pre-competition differences in consumer appeal. We further find that collusive advertising (but competitive pricing) generates the same market outcomes, and that network effects lead to even more extreme market outcomes, both directly and via the effect on advertising

Macrocyclisation of small peptides enabled by oxetane incorporation

Cyclic peptides are an important source of new drugs but are challenging to produce synthetically. We show that head-to-tail peptide macrocyclisations are greatly improved, as measured by isolated yields, reaction rates and product distribution, by substitution of one of the backbone amide C═O bonds with an oxetane ring. The cyclisation precursors are easily made by standard solution- or solid-phase peptide synthesis techniques. Macrocyclisations across a range of challenging ring sizes (tetra-, penta- and hexapeptides) are enabled by incorporation of this turn-inducing element. Oxetane incorporation is shown to be superior to other established amino acid modifications such as N-methylation. The positional dependence of the modification on cyclisation efficiency is mapped using a cyclic peptide of sequence LAGAY. We provide the first direct experimental evidence that oxetane modification induces a turn in linear peptide backbones, through the observation of dNN (i, i + 2) and dαN (i, i + 2) NOEs, which offers an explanation for these improvements. For cyclic peptide, cLAGAY, a combination of NMR derived distance restraints and molecular dynamics simulations are used to show that this modification alters the backbone conformation in proximity to the oxetane, with the flexibility of the ring reduced and a new intramolecular H-bond established. Finally, we incorporated an oxetane into a cyclic pentapeptide inhibitor of Aminopeptidase N, a transmembrane metalloprotease overexpressed on the surface of cancer cells. The inhibitor, cCNGRC, displayed similar IC50 values in the presence or absence of an oxetane at the glycine residue, indicating that bioactivity is fully retained upon amide C═O bond replacement

Synthesis and Functionalization of Azetidine-Containing Small Macrocyclic Peptides

Cyclic peptides are increasingly important structures in drugs but their development can be impeded by difficulties associated with their synthesis. Here, we introduce the 3-aminoazetidine (3-AAz) subunit as a new turn-inducing element for the efficient synthesis of small head-to-tail cyclic peptides. Greatly improved cyclizations of tetra-, penta- and hexapeptides (28 examples) under standard reaction conditions are achieved by introduction of this element within the linear peptide precursor. Post-cyclization deprotection of the amino acid side chains with strong acid is realized without degradation of the strained four-membered azetidine. A special feature of this chemistry is that further late-stage modification of the resultant macrocyclic peptides can be achieved via the 3-AAz unit. This is done by: (i) chemoselective deprotection and substitution at the azetidine nitrogen, or by (ii) a click-based approach employing a 2-propynyl carbamate on the azetidine nitrogen. In this way, a range of dye and biotin tagged macrocycles are readily produced. Structural insights gained by XRD analysis of a cyclic tetrapeptide indicate that the azetidine ring encourages access to the less stable, all-trans conformation. Moreover, introduction of a 3-AAz into a representative cyclohexapeptide improves stability towards proteases compared to the homodetic macrocycle