Computational Resource Abuse in Web Applications

Internet browsers include Application Programming Interfaces (APIs) to support Web applications that require complex functionality, e.g., to let end users watch videos, make phone calls, and play video games. Meanwhile, many Web applications employ the browser APIs to rely on the user's hardware to execute intensive computation, access the Graphics Processing Unit (GPU), use persistent storage, and establish network connections. However, providing access to the system's computational resources, i.e., processing, storage, and networking, through the browser creates an opportunity for attackers to abuse resources. Principally, the problem occurs when an attacker compromises a Web site and includes malicious code to abuse its visitor's computational resources. For example, an attacker can abuse the user's system networking capabilities to perform a Denial of Service (DoS) attack against third parties. What is more, computational resource abuse has not received widespread attention from the Web security community because most of the current specifications are focused on content and session properties such as isolation, confidentiality, and integrity. Our primary goal is to study computational resource abuse and to advance the state of the art by providing a general attacker model, multiple case studies, a thorough analysis of available security mechanisms, and a new detection mechanism. To this end, we implemented and evaluated three scenarios where attackers use multiple browser APIs to abuse networking, local storage, and computation. Further, depending on the scenario, an attacker can use browsers to perform Denial of Service against third-party Web sites, create a network of browsers to store and distribute arbitrary data, or use browsers to establish anonymous connections similarly to The Onion Router (Tor). Our analysis also includes a real-life resource abuse case found in the wild, i.e., CryptoJacking, where thousands of Web sites forced their visitors to perform crypto-currency mining without their consent. In the general case, attacks presented in this thesis share the attacker model and two key characteristics: 1) the browser's end user remains oblivious to the attack, and 2) an attacker has to invest little resources in comparison to the resources he obtains. In addition to the attack's analysis, we present how existing, and upcoming, security enforcement mechanisms from Web security can hinder an attacker and their drawbacks. Moreover, we propose a novel detection approach based on browser API usage patterns. Finally, we evaluate the accuracy of our detection model, after training it with the real-life crypto-mining scenario, through a large scale analysis of the most popular Web sites

Comparación del desempeño de indicadores eléctricos para la detección de PID en paneles fotovoltaicos

La degradación inducida por potencial (PID) en paneles solares fotovoltaicos (FV) se produce debido a su operación en cadenas que hacen parte de grandes instalaciones, y bajo ciertas condiciones operativas de voltaje y ambientales, especialmente humedad y temperatura. El PID puede ocasionar hasta un 40 % de disminución en la capacidad de potencia generada del panel FV, y en los casos más severos la terminación de su vida útil. Cuando este fenómeno se detecta a tiempo, las causas se pueden corregir y el efecto en los paneles FV podría ser susceptible a un proceso de reversibilidad. Este artículo presenta un análisis comparativo del desempeño de cuatro indicadores eléctricos para detectar el PID reportados en la literatura reciente. Este estudio se realiza mediante simulación, utilizando el modelo de un solo diodo para representar el comportamiento del panel FV, y bajo diferentes condiciones de irradiancia y temperatura. Los resultados encontrados demuestran ventajas de un indicador basado en la resistencia paralelo normalizada, en cuanto a su practicidad y baja sensibilidad ante cambios en las condiciones de irradiancia y temperatura.Potential-induced degradation (PID) in photovoltaic (PV) solar panels occurs due to the operation in strings that are part of large installations, and under determinate voltage and environmental operating conditions, especially humidity and temperature. The PID can cause decreasing of up to 40 % in the generated power capacity of the PV panel and, in the most severe cases, the end of its lifetime. When this phenomenon is detected in time, the causes can be corrected and, the effect on the PV panels could be susceptible to a reversibility process. This article presents a comparative analysis of the performance of four electrical indicators to detect PID reported in recent literature. This study is carried out by simulation, using the single-diode model to represent the PV panel, and under different irradiance and temperature conditions. The results show the advantages of an indicator based on normalized parallel resistance, in terms of its practicality and low sensitivity to changes in irradiance and temperature conditions

Visual processing during short-term memory binding in mild Alzheimer's disease

Patients with Alzheimer's disease (AD) typically present with attentional and oculomotor abnormalities that can have an impact on visual processing and associated cognitive functions. Over the last few years, we have witnessed a shift toward the analyses of eye movement behaviors as a means to further our understanding of the pathophysiology of common disorders such as AD. However, little work has been done to unveil the link between eye moment abnormalities and poor performance on cognitive tasks known to be markers for AD patients, such as the short-term memory-binding task. We analyzed eye movement fixation behaviors of thirteen healthy older adults (Controls) and thirteen patients with probable mild AD while they performed the visual short-term memory binding task. The short-term memory binding task asks participants to detect changes across two consecutive arrays of two bicolored object whose features (i.e., colors) have to be remembered separately (i.e., Unbound Colors), or combined within integrated objects (i.e., Bound Colors). Patients with mild AD showed the well-known pattern of selective memory binding impairments. This was accompanied by significant impairments in their eye movements only when they processed Bound Colors. Patients with mild AD remarkably decreased their mean gaze duration during the encoding of color-color bindings. These findings open new windows of research into the pathophysiological mechanisms of memory deficits in AD patients and the link between its phenotypic expressions (i.e., oculomotor and cognitive disorders). We discuss these findings considering current trends regarding clinical assessment, neural correlates, and potential avenues for robust biomarkers

Response to comment on 'Amphibian fungal panzootic causes catastrophic and ongoing loss of biodiversity'

Lambert et al. question our retrospective and holistic epidemiological assessment of the role of chytridiomycosis in amphibian declines. Their alternative assessment is narrow and provides an incomplete evaluation of evidence. Adopting this approach limits understanding of infectious disease impacts and hampers conservation efforts. We reaffirm that our study provides unambiguous evidence that chytridiomycosis has affected at least 501 amphibian species

Monitorización y seguimiento del esfuerzo realizado por los estudiantes y de su asistencia a actividades presenciales

Este artículo documenta el planteamiento, la metodología y los primeros resultados de un plan de monitorización detallada del esfuerzo y de asistencia a actividades presenciales por parte de los estudiantes de las titulaciones ofertadas por la Escuela Técnica Superior de Ingenieros Navales de la Universidad Politécnica de Madrid durante el segundo cuatrimestre del curso 2011-2012. Se ha establecido un sistema mecánico de recogida de datos de esfuerzo por parte de los estudiantes utilizando una hoja tipo test especialmente configurada al efecto. Se pasa una hoja en todas y cada una de las actividades presenciales realizadas y en la hoja se solicita información sobre el trabajo "fuera de clase". Se documenta en este artículo cómo se ha estructurado esa hoja, qué tipo de datos se recogen, cómo se tratan mediante una base de datos creada al efecto, qué tipo de análisis se puede realizar y qué resultados preliminares obtenemos de dichos análisis

Measurement of the cosmic ray spectrum above 4×10184{\times}10^{18} eV using inclined events detected with the Pierre Auger Observatory

A measurement of the cosmic-ray spectrum for energies exceeding $4{\times}10^{18}$ eV is presented, which is based on the analysis of showers with zenith angles greater than $60^{\circ}$ detected with the Pierre Auger Observatory between 1 January 2004 and 31 December 2013. The measured spectrum confirms a flux suppression at the highest energies. Above $5.3{\times}10^{18}$ eV, the "ankle", the flux can be described by a power law $E^{-\gamma}$ with index $\gamma=2.70 \pm 0.02 \,\text{(stat)} \pm 0.1\,\text{(sys)}$ followed by a smooth suppression region. For the energy ($E_\text{s}$) at which the spectral flux has fallen to one-half of its extrapolated value in the absence of suppression, we find $E_\text{s}=(5.12\pm0.25\,\text{(stat)}^{+1.0}_{-1.2}\,\text{(sys)}){\times}10^{19}$ eV.Comment: Replaced with published version. Added journal reference and DO

Energy Estimation of Cosmic Rays with the Engineering Radio Array of the Pierre Auger Observatory

The Auger Engineering Radio Array (AERA) is part of the Pierre Auger Observatory and is used to detect the radio emission of cosmic-ray air showers. These observations are compared to the data of the surface detector stations of the Observatory, which provide well-calibrated information on the cosmic-ray energies and arrival directions. The response of the radio stations in the 30 to 80 MHz regime has been thoroughly calibrated to enable the reconstruction of the incoming electric field. For the latter, the energy deposit per area is determined from the radio pulses at each observer position and is interpolated using a two-dimensional function that takes into account signal asymmetries due to interference between the geomagnetic and charge-excess emission components. The spatial integral over the signal distribution gives a direct measurement of the energy transferred from the primary cosmic ray into radio emission in the AERA frequency range. We measure 15.8 MeV of radiation energy for a 1 EeV air shower arriving perpendicularly to the geomagnetic field. This radiation energy -- corrected for geometrical effects -- is used as a cosmic-ray energy estimator. Performing an absolute energy calibration against the surface-detector information, we observe that this radio-energy estimator scales quadratically with the cosmic-ray energy as expected for coherent emission. We find an energy resolution of the radio reconstruction of 22% for the data set and 17% for a high-quality subset containing only events with at least five radio stations with signal.Comment: Replaced with published version. Added journal reference and DO

Measurement of the Radiation Energy in the Radio Signal of Extensive Air Showers as a Universal Estimator of Cosmic-Ray Energy

We measure the energy emitted by extensive air showers in the form of radio emission in the frequency range from 30 to 80 MHz. Exploiting the accurate energy scale of the Pierre Auger Observatory, we obtain a radiation energy of 15.8 \pm 0.7 (stat) \pm 6.7 (sys) MeV for cosmic rays with an energy of 1 EeV arriving perpendicularly to a geomagnetic field of 0.24 G, scaling quadratically with the cosmic-ray energy. A comparison with predictions from state-of-the-art first-principle calculations shows agreement with our measurement. The radiation energy provides direct access to the calorimetric energy in the electromagnetic cascade of extensive air showers. Comparison with our result thus allows the direct calibration of any cosmic-ray radio detector against the well-established energy scale of the Pierre Auger Observatory.Comment: Replaced with published version. Added journal reference and DOI. Supplemental material in the ancillary file