227 research outputs found
Computational Resource Abuse in Web Applications
Internet browsers include Application Programming Interfaces (APIs) to support Web applications that require complex functionality, e.g., to let end users watch videos, make phone calls, and play video games. Meanwhile, many Web applications employ the browser APIs to rely on the user's hardware to execute intensive computation, access the Graphics Processing Unit (GPU), use persistent storage, and establish network connections.
However, providing access to the system's computational resources, i.e., processing, storage, and networking, through the browser creates an opportunity for attackers to abuse resources. Principally, the problem occurs when an attacker compromises a Web site and includes malicious code to abuse its visitor's computational resources. For example, an attacker can abuse the user's system networking capabilities to perform a Denial of Service (DoS) attack against third parties. What is more, computational resource abuse has not received widespread attention from the Web security community because most of the current specifications are focused on content and session properties such as isolation, confidentiality, and integrity.
Our primary goal is to study computational resource abuse and to advance the state of the art by providing a general attacker model, multiple case studies, a thorough analysis of available security mechanisms, and a new detection mechanism. To this end, we implemented and evaluated three scenarios where attackers use multiple browser APIs to abuse networking, local storage, and computation. Further, depending on the scenario, an attacker can use browsers to perform Denial of Service against third-party Web sites, create a network of browsers to store and distribute arbitrary data, or use browsers to establish anonymous connections similarly to The Onion Router (Tor). Our analysis also includes a real-life resource abuse case found in the wild, i.e., CryptoJacking, where thousands of Web sites forced their visitors to perform crypto-currency mining without their consent. In the general case, attacks presented in this thesis share the attacker model and two key characteristics: 1) the browser's end user remains oblivious to the attack, and 2) an attacker has to invest little resources in comparison to the resources he obtains.
In addition to the attack's analysis, we present how existing, and upcoming, security enforcement mechanisms from Web security can hinder an attacker and their drawbacks. Moreover, we propose a novel detection approach based on browser API usage patterns. Finally, we evaluate the accuracy of our detection model, after training it with the real-life crypto-mining scenario, through a large scale analysis of the most popular Web sites
Comparación del desempeño de indicadores eléctricos para la detección de PID en paneles fotovoltaicos
La degradación inducida por potencial (PID) en paneles solares fotovoltaicos (FV) se produce debido a su operación en cadenas que hacen parte de grandes instalaciones, y bajo ciertas condiciones operativas de voltaje y ambientales, especialmente humedad y temperatura. El PID puede ocasionar hasta un 40 % de disminución en la capacidad de potencia generada del panel FV, y en los casos más severos la terminación de su vida útil. Cuando este fenómeno se detecta a tiempo, las causas se pueden corregir y el efecto en los paneles FV podría ser susceptible a un proceso de reversibilidad. Este artículo presenta un análisis comparativo del desempeño de cuatro indicadores eléctricos para detectar el PID reportados en la literatura reciente. Este estudio se realiza mediante simulación, utilizando el modelo de un solo diodo para representar el comportamiento del panel FV, y bajo diferentes condiciones de irradiancia y temperatura. Los resultados encontrados demuestran ventajas de un indicador basado en la resistencia paralelo normalizada, en cuanto a su practicidad y baja sensibilidad ante cambios en las condiciones de irradiancia y temperatura.Potential-induced degradation (PID) in photovoltaic (PV) solar panels occurs due to the operation in strings that are part of large installations, and under determinate voltage and environmental operating conditions, especially humidity and temperature. The PID can cause decreasing of up to 40 % in the generated power capacity of the PV panel and, in the most severe cases, the end of its lifetime. When this phenomenon is detected in time, the causes can be corrected and, the effect on the PV panels could be susceptible to a reversibility process. This article presents a comparative analysis of the performance of four electrical indicators to detect PID reported in recent literature. This study is carried out by simulation, using the single-diode model to represent the PV panel, and under different irradiance and temperature conditions. The results show the advantages of an indicator based on normalized parallel resistance, in terms of its practicality and low sensitivity to changes in irradiance and temperature conditions
Visual processing during short-term memory binding in mild Alzheimer's disease
Patients with Alzheimer's disease (AD) typically present with attentional and oculomotor abnormalities that can have an impact on visual processing and associated cognitive functions. Over the last few years, we have witnessed a shift toward the analyses of eye movement behaviors as a means to further our understanding of the pathophysiology of common disorders such as AD. However, little work has been done to unveil the link between eye moment abnormalities and poor performance on cognitive tasks known to be markers for AD patients, such as the short-term memory-binding task. We analyzed eye movement fixation behaviors of thirteen healthy older adults (Controls) and thirteen patients with probable mild AD while they performed the visual short-term memory binding task. The short-term memory binding task asks participants to detect changes across two consecutive arrays of two bicolored object whose features (i.e., colors) have to be remembered separately (i.e., Unbound Colors), or combined within integrated objects (i.e., Bound Colors). Patients with mild AD showed the well-known pattern of selective memory binding impairments. This was accompanied by significant impairments in their eye movements only when they processed Bound Colors. Patients with mild AD remarkably decreased their mean gaze duration during the encoding of color-color bindings. These findings open new windows of research into the pathophysiological mechanisms of memory deficits in AD patients and the link between its phenotypic expressions (i.e., oculomotor and cognitive disorders). We discuss these findings considering current trends regarding clinical assessment, neural correlates, and potential avenues for robust biomarkers
Response to comment on 'Amphibian fungal panzootic causes catastrophic and ongoing loss of biodiversity'
Lambert et al. question our retrospective and holistic epidemiological assessment of the role of chytridiomycosis in amphibian declines. Their alternative assessment is narrow and provides an incomplete evaluation of evidence. Adopting this approach limits understanding of infectious disease impacts and hampers conservation efforts. We reaffirm that our study provides unambiguous evidence that chytridiomycosis has affected at least 501 amphibian species
Monitorización y seguimiento del esfuerzo realizado por los estudiantes y de su asistencia a actividades presenciales
Este artículo documenta el planteamiento, la metodología y los primeros resultados de un plan de monitorización detallada del esfuerzo y de asistencia a actividades presenciales por parte de los estudiantes de las titulaciones ofertadas por la Escuela Técnica Superior de Ingenieros Navales de la Universidad Politécnica de Madrid durante el segundo cuatrimestre del curso 2011-2012. Se ha establecido un sistema mecánico de recogida de datos de esfuerzo por parte de los estudiantes utilizando una hoja tipo test especialmente configurada al efecto. Se pasa una hoja en todas y cada una de las actividades presenciales realizadas y en la hoja se solicita información sobre el trabajo "fuera de clase". Se documenta en este artículo cómo se ha estructurado esa hoja, qué tipo de datos se recogen, cómo se tratan mediante una base de datos creada al efecto, qué tipo de análisis se puede realizar y qué resultados preliminares obtenemos de dichos análisis
Measurement of the cosmic ray spectrum above eV using inclined events detected with the Pierre Auger Observatory
A measurement of the cosmic-ray spectrum for energies exceeding
eV is presented, which is based on the analysis of showers
with zenith angles greater than detected with the Pierre Auger
Observatory between 1 January 2004 and 31 December 2013. The measured spectrum
confirms a flux suppression at the highest energies. Above
eV, the "ankle", the flux can be described by a power law with
index followed by
a smooth suppression region. For the energy () at which the
spectral flux has fallen to one-half of its extrapolated value in the absence
of suppression, we find
eV.Comment: Replaced with published version. Added journal reference and DO
Energy Estimation of Cosmic Rays with the Engineering Radio Array of the Pierre Auger Observatory
The Auger Engineering Radio Array (AERA) is part of the Pierre Auger
Observatory and is used to detect the radio emission of cosmic-ray air showers.
These observations are compared to the data of the surface detector stations of
the Observatory, which provide well-calibrated information on the cosmic-ray
energies and arrival directions. The response of the radio stations in the 30
to 80 MHz regime has been thoroughly calibrated to enable the reconstruction of
the incoming electric field. For the latter, the energy deposit per area is
determined from the radio pulses at each observer position and is interpolated
using a two-dimensional function that takes into account signal asymmetries due
to interference between the geomagnetic and charge-excess emission components.
The spatial integral over the signal distribution gives a direct measurement of
the energy transferred from the primary cosmic ray into radio emission in the
AERA frequency range. We measure 15.8 MeV of radiation energy for a 1 EeV air
shower arriving perpendicularly to the geomagnetic field. This radiation energy
-- corrected for geometrical effects -- is used as a cosmic-ray energy
estimator. Performing an absolute energy calibration against the
surface-detector information, we observe that this radio-energy estimator
scales quadratically with the cosmic-ray energy as expected for coherent
emission. We find an energy resolution of the radio reconstruction of 22% for
the data set and 17% for a high-quality subset containing only events with at
least five radio stations with signal.Comment: Replaced with published version. Added journal reference and DO
Measurement of the Radiation Energy in the Radio Signal of Extensive Air Showers as a Universal Estimator of Cosmic-Ray Energy
We measure the energy emitted by extensive air showers in the form of radio
emission in the frequency range from 30 to 80 MHz. Exploiting the accurate
energy scale of the Pierre Auger Observatory, we obtain a radiation energy of
15.8 \pm 0.7 (stat) \pm 6.7 (sys) MeV for cosmic rays with an energy of 1 EeV
arriving perpendicularly to a geomagnetic field of 0.24 G, scaling
quadratically with the cosmic-ray energy. A comparison with predictions from
state-of-the-art first-principle calculations shows agreement with our
measurement. The radiation energy provides direct access to the calorimetric
energy in the electromagnetic cascade of extensive air showers. Comparison with
our result thus allows the direct calibration of any cosmic-ray radio detector
against the well-established energy scale of the Pierre Auger Observatory.Comment: Replaced with published version. Added journal reference and DOI.
Supplemental material in the ancillary file
- …