85 research outputs found
Can i take your subdomain? Exploring same-site attacks in the modern web
Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited attention from the research community. In this paper we define and quantify for the first time the threats that related-domain attackers pose to web application security. In particular, we first clarify the capabilities that related-domain attackers can acquire through different attack vectors, showing that different instances of the related-domain attacker concept are worth attention. We then study how these capabilities can be abused to compromise web application security by focusing on different angles, including cookies, CSP, CORS, postMessage, and domain relaxation. By building on this framework, we report on a large-scale security measurement on the top 50k domains from the Tranco list that led to the discovery of vulnerabilities in 887 sites, where we quantified the threats posed by related-domain attackers to popular web applications
From early stress to 12-month development in very preterm infants: Preliminary findings on epigenetic mechanisms and brain growth
Very preterm (VPT) infants admitted to Neonatal Intensive Care Unit (NICU) are at risk for altered brain growth and less-than-optimal socio-emotional development. Recent research suggests that early NICU-related stress contributes to socio-emotional impairments in VPT infants at 3 months through epigenetic regulation (i.e., DNA methylation) of the serotonin transporter gene (SLC6A4). In the present longitudinal study we assessed: (a) the effects of NICU-related stress and SLC6A4 methylation variations from birth to discharge on brain development at term equivalent age (TEA); (b) the association between brain volume at TEA and socio-emotional development (i.e., Personal-Social scale of Griffith Mental Development Scales, GMDS) at 12 months corrected age (CA). Twenty-four infants had complete data at 12-month-age. SLC6A4 methylation was measured at a specific CpG previously associated with NICU-related stress and socio-emotional stress. Findings confirmed that higher NICU-related stress associated with greater increase of SLC6A4 methylation at NICU discharge. Moreover, higher SLC6A4 discharge methylation was associated with reduced anterior temporal lobe (ATL) volume at TEA, which in turn was significantly associated with less-than-optimal GMDS Personal-Social scale score at 12 months CA. The reduced ATL volume at TEA mediated the pathway linking stress-related increase in SLC6A4 methylation at NICU discharge and socio-emotional development at 12 months CA. These findings suggest that early adversity-related epigenetic changes might contribute to the long-lasting programming of socio-emotional development in VPT infants through epigenetic regulation and structural modifications of the developing brain
The Assertive Brain : Anterior Cingulate Phosphocreatine plus Creatine Levels Correlate With Self-Directedness in Healthy Adolescents
Despite various advances in the study of the neurobiological underpinnings of personality traits, the specific neural correlates associated with character and temperament traits are not yet fully understood. Therefore, this study aims to fill this gap by exploring the biochemical basis of personality, which is explored with the temperament and character inventory (TCI), during brain development in a sample of adolescents. Twenty-six healthy adolescents (aged between 13 and 21 years; 9 males and 18 females) with behavioral and emotional problems underwent a TCI evaluation and a 3T single-voxel proton magnetic resonance spectroscopy (1H MRS) acquisition of the anterior cingulate cortex (ACC). Absolute metabolite levels were estimated using LCModel: significant correlations between metabolite levels and selective TCI scales were identified. Specifically, phosphocreatine plus creatine (PCr+Cre) significantly correlated with self-directedness, positively, and with a self-transcendence (ST), negatively, while glycerophosphocholine plus phosphocholine (GPC+PC) and myo-inositol negatively correlated with ST. To the best of our knowledge, this is the first study reporting associations of brain metabolites with personality traits in adolescents. Therefore, our results represent a step forward for personality neuroscience within the study of biochemical systems and brain structures
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
Cerebellar Volume and Disease Staging in Parkinson's Disease: An ENIGMA-PD Study.
peer reviewed[en] BACKGROUND: Increasing evidence points to a pathophysiological role for the cerebellum in Parkinson's disease (PD). However, regional cerebellar changes associated with motor and non-motor functioning remain to be elucidated.
OBJECTIVE: To quantify cross-sectional regional cerebellar lobule volumes using three dimensional T1-weighted anatomical brain magnetic resonance imaging from the global ENIGMA-PD working group.
METHODS: Cerebellar parcellation was performed using a deep learning-based approach from 2487 people with PD and 1212 age and sex-matched controls across 22 sites. Linear mixed effects models compared total and regional cerebellar volume in people with PD at each Hoehn and Yahr (HY) disease stage, to an age- and sex- matched control group. Associations with motor symptom severity and Montreal Cognitive Assessment scores were investigated.
RESULTS: Overall, people with PD had a regionally smaller posterior lobe (dmax  = -0.15). HY stage-specific analyses revealed a larger anterior lobule V bilaterally (dmax  = 0.28) in people with PD in HY stage 1 compared to controls. In contrast, smaller bilateral lobule VII volume in the posterior lobe was observed in HY stages 3, 4, and 5 (dmax  = -0.76), which was incrementally lower with higher disease stage. Within PD, cognitively impaired individuals had lower total cerebellar volume compared to cognitively normal individuals (d = -0.17).
CONCLUSIONS: We provide evidence of a dissociation between anterior "motor" lobe and posterior "non-motor" lobe cerebellar regions in PD. Whereas less severe stages of the disease are associated with larger motor lobe regions, more severe stages of the disease are marked by smaller non-motor regions
The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches
Service workers boost the user experience of modern web applications by taking advantage of the Cache API to improve responsiveness and support offline usage. In this paper, we present the first security analysis of the threats posed by this programming practice, identifying an attack with major security implications. In particular, we show how a traditional XSS attack can abuse the Cache API to escalate into a personin-The-middle attack against cached content, thus compromising its confidentiality and integrity. Remarkably, this attack enables new threats which are beyond the scope of traditional XSS. After defining the attack, we study its prevalence in the wild, finding that the large majority of the sites which register service workers using the Cache API are vulnerable as long as a single webpage in the same origin of the service worker is affected by an XSS. Finally, we propose a browser-side countermeasure against this attack, and we analyze its effectiveness and practicality in terms of security benefits and backward compatibility with existing web applications
Gran: model checking grsecurity RBAC policies
Role-based Access Control (RBAC) is one of the most widespread security mechanisms in use today. Given the growing complexity of policy languages and access control systems, verifying that such systems enforce the desired invariants is recognized as a security problem of crucial importance. In the present paper, we develop a framework for the formal verification of grsecurity, an access control system developed on top of Unix/Linux systems. The verification problem in grsecurity presents much of the complexity of modern RBAC systems, due to the presence of policy state changes that may arise both from explicit administrative primitives supported by grsecurity, and as the result of the interaction with the underlying operating system facilities. We develop a formal semantics for grsecurity’s RBAC system, based on a labelled transition system, and a sound abstraction of that semantics providing a bounded approximation, amenable to model checking. We report on the result of the experimental analysis conducted with gran, the model checker we implemented based on our abstract semantics, on existing public servers running grsecurity to implement their RBAC systems
- …