AutoNav: Evaluation and Automatization of Web Navigation Policies

Undesired navigation in browsers powers a significant class of attacks on web applications. In a move to mitigate risks associated with undesired navigation, the security community has proposed a standard that gives control to web pages to restrict navigation. The standard draft introduces a new navigate-to directive of the Content Security Policy (CSP). The directive is currently being implemented by mainstream browsers. This paper is a first evaluation of navigate-to, focusing on security, performance, and automatization of navigation policies. We present new vulnerabilities introduced by the directive into the web ecosystem, opening up for attacks such as probing to detect if users are logged in to other websites or have active shopping carts, bypassing third-party cookie blocking, exfiltrating secrets, as well as leaking browsing history. Unfortunately, the directive triggers vulnerabilities even in websites that do not use the directive in their policies. We identify both specification- and implementation-level vulnerabilities and propose countermeasures to mitigate both. To aid developers in configuring navigation policies, we develop and implement AutoNav1, an automated black-box mechanism to infer navigation policies. AutoNav leverages the benefits of origin-wide policies in order to improve security without degrading performance. We evaluate the viability of navigate-to and AutoNav by an empirical study on Alexa\u27s top 10,000 websites

Circular economy indicators : what do they measure?

Circular Economy (CE) is a growing topic, especially in the European Union, that promotes the responsible and cyclical use of resources possibly contributing to sustainable development. CE is an umbrella concept incorporating different meanings. Despite the unclear concept, CE is turned into defined action plans supported by specific indicators. To understand what indicators used in CE measure specifically, we propose a classification framework to categorise indicators according to reasoning on what (CE strategies) and how (measurement scope), Despite different types, CE strategies can be grouped according to their attempt to preserve functions, products, components, materials, or embodied energy; additionally, indicators can measure the linear economy as a reference scenario. The measurement scope shows how indicators account for technological cycles with or without a Life Cycle Thinking (LCT) approach; or their effects on environmental, social, or economic dimensions. To illustrate the classification framework, we selected quantitative micro scale indicators from literature and macro scale indicators from the European Union 'CE monitoring framework'. The framework illustration shows that most of the indicators focus on the preservation of materials, with strategies such as recycling. However, micro scale indicators can also focus on other CE strategies considering LCT approach, while the European indicators mostly account for materials often without taking LCT into account. Furthermore, none of the available indicators can assess the preservation of functions instead of products, with strategies such as sharing platforms, schemes for product redundancy, or multifunctionality. Finally, the framework illustration suggests that a set of indicators should be used to assess CE instead of a single indicator

Comparison of methods for in-house screening of HLA*B57:01 to prevent abacavir hypersensitivity in HIV-1 care

Abacavir is a nucleoside reverse transcriptase inhibitor used as part of combination antiretroviral therapy in HIV-1-infected patients. Because this drug can cause a hypersensitivity reaction that is correlated with the presence of the HLA-B*57:01 allotype, screening for the presence of HLA-B*57:01 is recommended before abacavir initiation. Different genetic assays have been developed for HLA-B*57:01 screening, each with specific sensitivity, turnaround time and assay costs. Here, a new real-time PCR (qPCR) based analysis is described and compared to sequence specific primer PCR with capillary electrophoresis (SSP PCR CE) on 149 patient-derived samples, using sequence specific oligonucleotide hybridization combined with high resolution SSP PCR as gold standard. In addition to these PCR based methods, a complementary approach was developed using flow cytometry with an HLA-B17 specific monoclonal antibody as a pre-screening assay to diminish the number of samples for genetic testing. All three assays had a maximum sensitivity of >99. However, differences in specificity were recorded, i.e. 84.3%, 97.2% and >99% for flow cytometry, qPCR and SSP PCR CE respectively. Our data indicate that the most specific and sensitive of the compared methods is the SSP PCR CE. Flow cytometry pre-screening can substantially decrease the number of genetic tests for HLA-B*57:01 typing in a clinical setting

COVID-19 symptoms at hospital admission vary with age and sex: results from the ISARIC prospective multinational observational study

Background: The ISARIC prospective multinational observational study is the largest cohort of hospitalized patients with COVID-19. We present relationships of age, sex, and nationality to presenting symptoms. Methods: International, prospective observational study of 60 109 hospitalized symptomatic patients with laboratory-confirmed COVID-19 recruited from 43 countries between 30 January and 3 August 2020. Logistic regression was performed to evaluate relationships of age and sex to published COVID-19 case definitions and the most commonly reported symptoms. Results: ‘Typical’ symptoms of fever (69%), cough (68%) and shortness of breath (66%) were the most commonly reported. 92% of patients experienced at least one of these. Prevalence of typical symptoms was greatest in 30- to 60-year-olds (respectively 80, 79, 69%; at least one 95%). They were reported less frequently in children (≤ 18 years: 69, 48, 23; 85%), older adults (≥ 70 years: 61, 62, 65; 90%), and women (66, 66, 64; 90%; vs. men 71, 70, 67; 93%, each P < 0.001). The most common atypical presentations under 60 years of age were nausea and vomiting and abdominal pain, and over 60 years was confusion. Regression models showed significant differences in symptoms with sex, age and country. Interpretation: This international collaboration has allowed us to report reliable symptom data from the largest cohort of patients admitted to hospital with COVID-19. Adults over 60 and children admitted to hospital with COVID-19 are less likely to present with typical symptoms. Nausea and vomiting are common atypical presentations under 30 years. Confusion is a frequent atypical presentation of COVID-19 in adults over 60 years. Women are less likely to experience typical symptoms than men

Isolating and Restricting Client-Side JavaScript

In today s web applications, no one disputes the important role of JavaScript asa client-side programming language. JavaScript can turn the Web into a lively,dynamic and interactive end-user experience. Unfortunately, JavaScript canalso be used to steal sensitive information and abuse powerful functionality. Sloppy input validation can make a web application vulnerable, allowingmalicious JavaScript code to leak into a web application s JavaScript executionenvironment, where it leads to unintended code execution. An otherwise secure web application may intentionally include JavaScript froma third-party script provider. This script provider may in turn serve untrustedor even malicious JavaScript, leading to the intended execution of untrustedcode. In both the intended and unintended case, untrusted JavaScript ending up inthe JavaScript execution environment of a trusted web application, gains accessto sensitive resources and powerful functionality. Web application securitywould be greatly improved if this untrusted JavaScript could be isolated and itsaccess restricted. In this work, we first investigate ways in which JavaScript code can leak into thebrowser, leading to unintended JavaScript execution. We find that, due to badinput validation, malicious JavaScript code can be injected into a JavaScriptexecution environment through both browser plugins and browser extensions. Next, we review JavaScript sandboxing systems designed to isolate and restrictuntrusted JavaScript code and divide them into three categories, discussingtheir advantages and disadvantages: JavaScript subsets and rewriting systems,JavaScript sandboxing through browser modifications and JavaScript sandboxingsystems without browser modifications. We further research the last twocategories, developing and evaluating a prototype of each.nrpages: 230status: publishe

Javascript sandboxing: Isolating and restricting client-side javascript

Today’s web applications rely on the same-origin policy, the primary security policy of the Web, to isolate their web origin from malicious client-side JavaScript. When an attacker can somehow breach the same-origin policy and execute JavaScript code inside a web application’s origin, he gains full control over all available functionality and data in that web origin. In the JavaScript sandboxing field, we assume that an attacker has the ability to execute JavaScript code in a web application’s origin. The goal of JavaScript sandboxing is to isolate the execution of certain JavaScript code and restrict what functionality and data is available to it. In this paper we discuss proposed JavaScript sandboxing systems divided into three categories: JavaScript sandboxing through JavaScript subsets and rewriting systems, JavaScript sandboxing using browser modifications and JavaScript sandboxing without browser modifications

Untimely Teachers: Recovering Postmodernism's Anachronic Pedagogies

During the late 1950s and 1970s, when a re-examination of history unfolded against the backdrop of growing student protest in architecture schools, different architects and historians reread the work of major architects of the past, thereby staking out a position in a growing controversy over how architects should learn from history (Wright and Parks 1990). Whether out of sympathy with dissatisfied pupils, or as a counter reaction, several educators looked past the masters of modernism (i.e. their own teachers) in search of new, untimely mentors - those who might offer lessons ‘controversial and alive as ever’ that transcend ‘temporal conditions’ (Ungers 1981, 118). This panel aims to explore the pedagogical consequences of this turn to archaic teachers.How were such untimely lessons assimilated through experimental historicist or operative pedagogies in architecture schools? Oswald Mathias Ungers’s seminar teaching was directly informed by the architecture of Karl Friedrich Schinkel; Bruno Zevi asked students to design ‘critical models’ of Michelangelo’s architecture for the 1964 exhibition co-curated with Paolo Portoghesi; and Colin Rowe developed a pedagogy founded on a Gestalt-psychological rereading of the villas of Andrea Palladio (to cite but three instances of pedagogical reenactments, which like all survivals, reveal more about the concerns of the reenactors than of the reenacted). Recent research projects on architectural pedagogies in the postwar years (Anderson 1999; Ockman 2012; Colomina 2015) contain multiple leads as to how the postmodern concept of ‘history as a teacher’ entered architecture schools, parallel to new formalist, activist and environmental approaches. Little research, however, is available that documents the teaching of history in close proximity to studio programs, a space of exchange that triggered intense debates about historicist form-making and non-figurative ways of integrating history in design.This session invites contributions that investigate anachronic pedagogical experiments in the period described above, the untimeliness of which is less concerned with the shock of the old as provoked by the 1975 MoMA exhibition ‘The Architecture of the Ecole des Beaux-Arts’, and more with imaginary didactic dialogues staged around the work of outmoded masters. It proposes to understand these encounters through a sense of contemporariness, which as Agamben defined it, is ‘that relationship with time that adheres to it through a disjunction and an anachronism’ (Agamben 2009, 41). We invite papers that examine unforeseen ways of reading antiquated masters and of ‘interpolating time’, and as such, challenging the classical theorizations of postmodern time consciousness.info:eu-repo/semantics/inPres

Untimely Teachers: Recovering Postmodernism's Anachronic Pedagogies -- 2

info:eu-repo/semantics/submittedForPublication2

Life cycle analysis of Enhanced Landfill Mining: Case study for the Remo Landfill

status: publishe