A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole application. Moreover, the analysis should take into consideration how file-system vulnerabilities might in- teract with other vulnerabilities leading an attacker to breach into the web application. In this paper, we first propose a classification of file- system vulnerabilities, and then, based on this classification, we present a formal approach that allows one to exploit file-system vulnerabilities. We give a formal representation of web applications, databases and file- systems, and show how to reason about file-system vulnerabilities. We also show how to combine file-system vulnerabilities and SQL-Injection vulnerabilities for the identification of complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing several real-world case studies, which are witness to the fact that our tool can generate, and exploit, complex attacks that, to the best of our knowledge, no other state-of-the-art-tool for the security of web applications can find

Orchestrating Forest Policy in Italy: Mission Impossible?

In the Italian political and economic agenda the forest sector occupies a marginal role. The forest sector in Italy is characterized by a high institutional fragmentation and centralized decision-making processes dominated by Public Forest Administrations. Public participation in forest policy processes has been implemented since the 1990s at national, regional and local levels in several cases. However, today no significant changes have been observed in the overall governance of the forest sector and stakeholders' involvement in Italian forest policy decision-making is still rather limited. The aims of this paper are to describe the state of forest-related participatory processes in Italy at various levels (national, regional and local) and identify which factors and actors hinder or support the establishment and implementation of participatory forest-related processes in the country. The forest-related participatory processes are analyzed adopting a qualitative-based approach and interpreting interactive, complex and non-linear participatory processes through the lens of panarchy theory

Imitation/self-imitation in computer-assisted prosody training for Chinese learners of L2 Italian.

Recent studies on L2 acquisition, speech synthesis and automatic identification of foreign accents argue for a major role of prosody in the perception of non-native speech. Research on the relationship between pronunciation improvement and student/teachers’ voice similarities has also shown that the better the match between the learners' and native speakers' voices in terms of f0 and articulation rate, the more positive the impact on pronunciation training. This study investigates the effects of imitation and self-imitation on the acquisition of L2 suprasegmental patterns. Degree of foreign accent, improvements in intelligibility, and effectiveness of communication were measured to determine the success of each technique. For this purpose, a prosodic transplantation technique and a computer-assisted learning methodology were used. Recent studies on L2 acquisition, speech synthesis and automatic identification of foreign accents argue for a major role of prosody in the perception of non-native speech. Research on the relationship between pronunciation improvement and student/teachers’ voice similarities has also shown that the better the match between the learners' and native speakers' voices in terms of f0 and articulation rate, the more positive the impact on pronunciation training. This study investigates the effects of imitation and self-imitation on the acquisition of L2 suprasegmental patterns. Degree of foreign accent, improvements in intelligibility, and effectiveness of communication were measured to determine the success of each technique. For this purpose, a prosodic transplantation technique and a computer-assisted learning methodology were used

Transformação dos principais usos da floresta no município de Moju, nordeste paraense.

As reflexões aqui apresentadas foram resultantes de uma pesquisa realizada na comunidade Santa Maria, uma das comunidades componentes do Assentamento Olho D?Água II, município de Moju, estado do Pará. O objetivo do artigo é analisar as transformações vivenciadas por um grupo de agricultores quanto ao uso da floresta, mais especificamente as associadas à obtenção de caças e à realização das roças, após a mudança da condição de uso comum (posseiros) para o uso privado (assentados) a partir da implantação do assentamento em 2002. Os resultados apontam que ocorreram transformações nas dinâmicas de uso dos recursos com a intensificação do cultivo de roças e a diminuição da obtenção de caças devido à grande dificuldade em obtê-las, em decorrência das novas condições de acesso privado à terra e ao aumento demográfico cuja demanda por caça supera em muito a oferta dos animais

Agent-based interoperability for e-government

The provision of valuable e-government services depends upon the capacity to integrate the disperse provision of services by the public administration and thus upon the availability of interoperability platforms. These platforms are commonly built according to the principles of service oriented architectures, which raise the question of how to dynamically orchestrate services while preserving information security. Recently, it was presented an e-government interoperability model that preserves privacy during the dynamic orchestration of services. In this paper we present a prototype that implements that model using software agents. The model and the prototype are briefly described; an illustrative use case is presented; and the advantages of using software agents to implement the model are discussed. © Springer International Publishing Switzerland 2013

Exploring low-degree nodes first accelerates network exploration

We consider information diffusion on Web-like networks and how random walks can simulate it. A well-studied problem in this domain is Partial Cover Time, i.e., the calculation of the expected number of steps a random walker needs to visit a given fraction of the nodes of the network. We notice that some of the fastest solutions in fact require that nodes have perfect knowledge of the degree distribution of their neighbors, which in many practical cases is not obtainable, e.g., for privacy reasons. We thus introduce a version of the Cover problem that considers such limitations: Partial Cover Time with Budget. The budget is a limit on the number of neighbors that can be inspected for their degree; we have adapted optimal random walks strategies from the literature to operate under such budget. Our solution is called Min-degree (MD) and, essentially, it biases random walkers towards visiting peripheral areas of the network first. Extensive benchmarking on six real datasets proves that the---perhaps counter-intuitive strategy---MD strategy is in fact highly competitive wrt. state-of-the-art algorithms for cover

Levetiracetam in patients with epilepsy and chronic liver disease: observations in a case series.

OBJECTIVES: To evaluate levetiracetam (LEV) tolerability in patients with epilepsy and liver disease. METHODS: Fourteen patients with epilepsy and concomitant liver disease were treated with LEV in an open prospective investigation mimicking the daily clinical practice. All patients were stabilized (ie, for at least 1 year) on traditional antiepileptic drugs with complete or partial control of seizures. In the 6-month pre-LEV baseline period, seizure frequency ranged from 3 to 300. Levetiracetam was added on to the basal treatment at a starting daily dose of 250 mg, and the dose was adjusted according to the tolerability and the therapeutic response. Four patients discontinued the drug within the first 3 months because of intolerable side effects. The remaining 10 continued LEV treatment, and the present follow-up is 12 to 38 months. RESULTS: In the last 6 months of observation, none of the patients showed worsening of liver function on the basis of blood chemistry, and in 4 patients, a complete normalization or a trend toward physiological values of transaminase and/or gamma-glutamyltransferase activity was observed. A greater than 50% reduction in seizure frequency occurred in all uncontrolled patients, 2 of whom achieved seizure freedom during LEV treatment. CONCLUSIONS: Based on these observations, LEV seems to be an attractive therapeutic option in epileptic patients with chronic liver diseases

Criminal networks analysis in missing data scenarios through graph distances

Data collected in criminal investigations may suffer from issues like: (i) incompleteness, due to the covert nature of criminal organizations; (ii) incorrectness, caused by either unintentional data collection errors or intentional deception by criminals; (iii) inconsistency, when the same information is collected into law enforcement databases multiple times, or in different formats. In this paper we analyze nine real criminal networks of different nature (i.e., Mafia networks, criminal street gangs and terrorist organizations) in order to quantify the impact of incomplete data, and to determine which network type is most affected by it. The networks are firstly pruned using two specific methods: (i) random edge removal, simulating the scenario in which the Law Enforcement Agencies fail to intercept some calls, or to spot sporadic meetings among suspects; (ii) node removal, modeling the situation in which some suspects cannot be intercepted or investigated. Finally we compute spectral distances (i.e., Adjacency, Laplacian and normalized Laplacian Spectral Distances) and matrix distances (i.e., Root Euclidean Distance) between the complete and pruned networks, which we compare using statistical analysis. Our investigation identifies two main features: first, the overall understanding of the criminal networks remains high even with incomplete data on criminal interactions (i.e., when 10% of edges are removed); second, removing even a small fraction of suspects not investigated (i.e., 2% of nodes are removed) may lead to significant misinterpretation of the overall network. Copyright

Ising Model Coupled to Three-Dimensional Quantum Gravity

We have performed Monte Carlo simulations of the Ising model coupled to three-dimensional quantum gravity based on a summation over dynamical triangulations. These were done both in the microcanonical ensemble, with the number of points in the triangulation and the number of Ising spins fixed, and in the grand canoncal ensemble. We have investigated the two possible cases of the spins living on the vertices of the triangulation (``diect'' case) and the spins living in the middle of the tetrahedra (``dual'' case). We observed phase transitions which are probably second order, and found that the dual implementation more effectively couples the spins to the quantum gravity.Comment: 11 page

Thinning in black pine (Pinus nigra J.F. Arnold) forests: The economic sustainability of the wood-energy supply chain in a case study in Italy

In Italy, black pine has been largely used in reforestation projects in the past. Most of these reforestations are characterized by a high instability, vulnerability, and a limited resistance to atmospheric agents. In this situation, it is crucial to define silvicultural interventions able to increase the ecological stability of black pine stands and at the same time to guarantee the economic sustainability of the wood products obtained. Thinning in black pine forests can provide wood material for energy use. The main aim of the present study was to investigate the economic sustainability of a local wood-energy supply chain applying three different forest management options. The case study was Monte Morello forest, a degraded black pine forest located in Central Italy. The results show that the long-term economic sustainability of the wood-energy supply chain is ensured only when the use of bio-fuel is characterized by high energy efficiency. In addition, the results show that public contributions are fundamental to ensure that silvicultural interventions are realized with a positive economic balance and that to surmount this situation many loggings companies are organizing. Finally, the results highlighted the importance of the quantities of thermal energy sold to ensure the economic and environmental efficiency of the wood-energy supply chain