Global ETD Search

41	MITIGATION OF WEB-BASED PROGRAM SECURITY VULNERABILITY EXPLOITATIONS Shahriar, HOSSAIN 30 November 2011 (has links) Over the last few years, web-based attacks have caused significant harm to users. Many of these attacks occur through the exploitations of common security vulnerabilities in web-based programs. Given that, mitigation of these attacks is extremely crucial to reduce some of the harmful consequences. Web-based applications contain vulnerabilities that can be exploited by attackers at a client-side (browser) without the victim’s (browser user’s) knowledge. This thesis is intended to mitigate some exploitations due to the presence of security vulnerabilities in web applications while performing seemingly benign functionalities at the client-side. For example, visiting a webpage might result in JavaScript code execution (cross-site scripting), downloading a file might lead to the execution of JavaScript code (content sniffing), clicking on a hyperlink might result in sending unwanted legitimate requests to a trusted website (cross-site request forgery), and filling out a seemingly legitimate form may eventually lead to stealing of credential information (phishing). Existing web-based attack detection approaches suffer from several limitations such as (i) modification of both server and client-side environments, (ii) exchange of sensitive information between the server and client, and (iii) lack of detection of some attack types. This thesis addresses these limitations by mitigating four security vulnerabilities in web applications: cross-site scripting, content sniffing, cross-site request forgery, and phishing. We mitigate the exploitations of these vulnerabilities by developing automatic attack detection approaches at both server and client-sides. We develop server-side attack detection frameworks to detect attack symptoms within response pages before sending them to the client. The approaches are designed based on the assumption that the server-side program source is available for analysis, but we are not allowed to alter the program code and the runtime environments. Moreover, we develop client-side attack detection frameworks so that some level of protection is present when the source code of server websites (either trusted or untrusted) is not available. Our proposed solutions explore several techniques such as response page parsing and file content analysis, browser-level checking of requests and responses, and finite state machine-based behavior monitoring. The thesis evaluates the proposed attack detection approaches with real-world vulnerable programs. The evaluation results indicate that our approaches are effective and perform better than the related work. We also contribute to the development of benchmark suites for evaluating attack detection techniques. / Thesis (Ph.D, Computing) -- Queen's University, 2011-11-29 09:44:24.465 Security vulnerability Cross-site request forgery Phishing Content sniffing Parser-based analysis Browser-based checking Cross-site scripting Trustworthiness testing Web-based program
42	"IL TEATRO ERA ALLORA IL SUO SOSPIRO". SVEVO DRAMMATURGO ANTONINI, GABRIELE 19 March 2015 (has links) Seppur premiata da una fortuna minore rispetto a quella occorsa alle opere narrative, la produzione teatrale di Svevo rappresenta una parentesi determinante della sua carriera letteraria: il triestino, infatti, ci ha lasciato un corpus teatrale significativo, composto da tredici copioni, distribuiti su un arco biografico che si estende dal 1880, anno dell’Ariosto governatore, fino ad arrivare, con La rigenerazione, agli anni immediatamente precedenti alla morte. Si consideri, inoltre, che quella per il teatro fu una passione che accompagnò Svevo per l’intera esistenza, sia come frequentatore di spettacoli tanto in Italia quanto all’estero, sia come critico per le più importanti testate triestine. Per questi motivi, è parso opportuno in questo lavoro di ricerca tornare su un tema – quello delle commedie di Svevo – meno considerato dalla critica. Nella prima sezione della tesi, intitolata Svevo e il teatro, dopo un rapido profilo della critica e della storia delle rappresentazioni, si è cercato di delineare i confini del rapporto che unì Svevo al mondo del palcoscenico. Nella seconda sezione di del lavoro, intitolata Trasgressione, ribellione e falsificazione nel teatro sveviano, sono state prese in analisi le pièces del triestino; le commedie sono state raggruppate in base a tre nuclei tematici: trasgressione, ribellione e falsificazione. / Although rewarded by a minor fortune than that which occurred to the novels, Svevo’s plays are a determinant parenthesis of his literary career: in fact, the writer has left thirteen commedies, distributed over a biographical arch which extends from 1880, the year of Ariosto governatore, up to, with La rigenerazione, the years immediately preceding his death. Consider, too, that the theater was a passion that accompanied Svevo for the whole of life, both as a frequenter of shows in Italy and abroad, both as a critic for the most important newspapers in Trieste. For these reasons, it seemed appropriate in this research back on a theme - that of Svevo’s plays - less regarded by critics. In the first section of the thesis, entitled Svevo e il teatro, after a short outline of the criticism and of the history of representations, we tried to delineate the borders of the relationship that joined Svevo to the world of the stage. In the second section of the work, entitled Trasgressione, ribellione e falsificazione nel teatro sveviano, were taken into analysis the plays; comedies were grouped according to three themes: transgression, rebellion and forgery. L-FIL-LET/10: LETTERATURA ITALIANA
43	Documentoscopia por microespectroscopia Raman e microscopia de força atômica Brandão, Jandira Maria de Oliveira Bone 21 August 2015 (has links) Submitted by Morgana Andrade (morgana.andrade@ufes.br) on 2016-04-20T18:08:45Z No. of bitstreams: 2 license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) Dissertação - Jandira Brandao.PDF: 3676451 bytes, checksum: f81e6261408c6c253ba5df2e649db174 (MD5) / Approved for entry into archive by Patricia Barros (patricia.barros@ufes.br) on 2016-05-11T16:15:08Z (GMT) No. of bitstreams: 2 license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) Dissertação - Jandira Brandao.PDF: 3676451 bytes, checksum: f81e6261408c6c253ba5df2e649db174 (MD5) / Made available in DSpace on 2016-05-11T16:15:08Z (GMT). No. of bitstreams: 2 license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) Dissertação - Jandira Brandao.PDF: 3676451 bytes, checksum: f81e6261408c6c253ba5df2e649db174 (MD5) / CAPES, FAPES / Considerando o forte impacto social e financeiro causado pelas fraudes em documentos, principalmente o papel-moeda, e a diversidade de métodos empregados nas falsificações, sua crescente disseminação e sofisticação, é preciso desenvolver novas metodologias para análise de documentos que sejam sensíveis e não destrutivas, pois o material examinado precisa ser preservado na íntegra para continuidade dos processos judiciais. Assim, o objetivo deste trabalho foi desenvolver uma metodologia utilizando as técnicas de Microespectroscopia Raman e Microscopia de Força Atômica, que possibilite distinguir os documentos autênticos dos fraudados e determinar os meios empregados nas falsificações, de maneira confiável, com baixo tempo de análise e sem danos às amostras. Neste estudo foram utilizadas cédulas de R$100,00 e CNH’s autênticas e fraudadas, cédulas autênticas de dólar de diferentes valores (US $ 10,00 e US $ 20,00), e cédulas autênticas de € 5,00 de diferentes fabricantes; para cada tipo de amostra (autêntica e fraudada) foram utilizados três exemplares distintos. Todas as análises foram realizadas in situ, sem qualquer preparação das superfícies, utilizando microscópio confocal Alpha 300R WITEC do NCQP/UFES acoplado com microespectroscópio Raman e microscópio de força atômica, sendo selecionadas as mesmas regiões tanto nos documentos autênticos quanto nos fraudados. O trabalho foi dividido em duas partes. A primeira parte abordou a análise das amostras utilizando AFM, através da avaliação dos parâmetros de topografia, fase e rugosidade dos diferentes papéis utilizados na fabricação desses documentos. Os resultados obtidos por AFM permitiram diferenciar os documentos autênticos (com superfícies mais uniformes e regiões topográficas características para os elementos de segurança) dos fraudados (com superfícies mais irregulares e perfil topográfico semelhante em todas as regiões), discriminar o tipo de papel utilizado nas fraudes (propriedades físico-químicas semelhantes às do papel tipo Office), e ainda, distinguir entre cédulas autênticas produzidas por diferentes fabricantes (diferença nos valores de SSK e SKU). Na segunda parte foi abordada a análise das amostras utilizando RM, através da identificação dos pigmentos utilizados na confecção dos diversos documentos. Os resultados obtidos por RM permitiram distinguir os documentos autênticos (com predominância de bandas características para o carbon black, ftalocianina de cobre, diarileto e dióxido de titânio), dos fraudados (com predominância de fluorescência e bandas características do carbonato de cálcio utilizado no tratamento do papel comercial), além de identificar o tipo de impressão utilizada nas falsificações. A combinação das duas técnicas mostrou ser promissora para a análise forense de documentos, pois fornece resultados precisos e reprodutíveis, em pouco tempo e, principalmente, sem prejuízo ao material analisado. / Considering the strong social and financial impact caused by document forgery, especially banknote, and the diversity of methods used in the forgeries, their increasing spread and sophistication, it is necessary to develop new methods for document analysis that are sensitive and non-destructive, because the material examined must be preserved in its entirety for continuity of legal proceedings. The objective of this study was to develop a methodology using the techniques of Microspectroscopy Raman and Atomic Force Microscopy, which allows to distinguish the authentic documents of counterfeit, and to determine the means employed in the forgery, that is reliable, with low analysis time and undamaged the samples. This study used authentic and counterfeit banknotes of R$ 100.00 and CNH, authentic dollar banknotes of different values ($ 10.00 and $ 20.00), and authentic banknotes of € 5.00 from different manufacturers; for each sample type (authentic and counterfeit) were used three different copies. All analyzes were performed in situ without any surface preparation, using confocal microscope Alpha 300R WITEC of NCQP / UFES coupled with Raman microspectroscope and atomic force microscope, being selected the same regions in both the authentic and counterfeit documents. The study divided into two parts. The first part dealt with the analysis of samples using AFM, by assessing the topography parameters, phase and roughness of the different papers used in manufacturing these documents. The results obtained by AFM could differentiate the authentic documents (with smoother surfaces and topographical regions characteristics for the security features) of counterfeit (over uneven surfaces and similar topographic profile in all regions), discriminate the type of paper used for forgery (physicochemical properties similar to Office type paper), and also distinguish between authentic banknotes produced by different manufacturers (difference between SSK and SKU values). In the second part, we addressed the analysis of samples using RM, through the identification of pigments used in the preparation of various documents. The results obtained by RM possible to distinguish authentic documents (with a predominance of characteristic peaks for the carbon black, copper phthalocyanine, diarylide and titanium dioxide), of counterfeit (predominantly fluorescence and calcium carbonate bands characteristic of the commercial paper treatment), and identify the type of printing used in the forgeries. The combination of the two techniques has shown promise for the forensic analysis of documents because it provides accurate and reproducible results in a short time and, above all, without prejudice to the analyzed material. Forense Documents Forgery Forensic Atomic force microscopy Raman microspectroscopy banknote 54 Documentos Microscopia de força atômica Raman, Espectroscopia de Papel-moeda falsificação de documentos
44	Generating web applications containing XSS and CSRF vulnerabilities Ahlberg, Gustav January 2014 (has links) Most of the people in the industrial world are using several web applications every day. Many of those web applications contain vulnerabilities that can allow attackers to steal sensitive data from the web application's users. One way to detect these vulnerabilities is to have a penetration tester examine the web application. A common way to train penetration testers to find vulnerabilities is to challenge them with realistic web applications that contain vulnerabilities. The penetration tester's assignment is to try to locate and exploit the vulnerabilities in the web application. Training on the same web application twice will not provide any new challenges to the penetration tester, because the penetration tester already knows how to exploit all the vulnerabilities in the web application. Therefore, a vast number of web applications and variants of web applications are needed to train on. This thesis describes a tool designed and developed to automatically generate vulnerable web applications. First a web application is prepared, so that the tool can generate a vulnerable version of the web application. The tool injects Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities in prepared web applications. Different variations of the same vulnerability can also be injected, so that different methods are needed to exploit the vulnerability depending on the variation. A purpose of the tool is that it should generate web applications which shall be used to train penetration testers, and some of the vulnerabilities the tool can inject, cannot be detected by current free web application vulnerability scanners, and would thus need to be detected by a penetration tester. To inject the vulnerabilities, the tool uses abstract syntax trees and taint analysis to detect where vulnerabilities can be injected in the prepared web applications. Tests confirm that web application vulnerability scanners cannot find all the vulnerabilities on the web applications which have been generated by the tool. Web security CSRF XSS Cross Site Request Forgery Cross Site Scripting Taint analysis vulnerability generating web applications Computer Sciences Datavetenskap (datalogi)
45	Les modes de plasmon sur film métallique ondulé, appliqués aux documents de sécurité / Plasmon modes applied to the Optical Document Security Sauvage-Vincent, Jean 22 October 2013 (has links) La présente thèse se propose de résoudre les problématiques de facilités de contrôle optique d’un document de sécurité pourvu d’un hologramme par l’application d’une structure optique complexe mettant en œuvre les modes de plasmons de surface. Dans une partie dédiée nous démontrerons l’adaptation de la transmission extraordinaire plasmonique à travers une couche métallique continue ; un concept de sécurité sera aussi présenté permettant l’observation et l’authentification de l’effet transmissif. Dans une autre partie nous présentons un effet de réflexion plasmonique extraordinaire. En lieu et place des phénomènes classiques d’absorption sur une couche métallique épaisse, nous présentons un phénomène que nous avons nommé balance énergétique à médiation plasmonique. Cet effet est bien évidemment mis en évidence à travers un concept final adapté au domaine de l’optique de sécurité / The aim of this PhD thesis is to find optical solutions based on plasmon modes excitation for the control and the authentication of optical security documents. We developed complex optical structures for the excitation of plasmon modes in order to create “easy to catch” and “easy to check" effect. In the first part of the thesis we demonstrated the extraordinary optical transmission through a thin corrugated metallic layer using the Long range plasmon mode; a concept of optical document security is demonstrated. In a second part of the thesis we developed an unusual plasmon effect in reflexion. Instead of having absorption of the spectrum due to the plasmon excitation, we have reflection of the spectrum due to the plasmon excitation using higher diffracted orders. We call this effect "reflection switch" mediated by plasmon. At the end we developed the concept to an optical security document Plasmon Document de sécurité Réseau de diffraction Contrefaçon Guide d'onde Transmission plasmonique Bascule énérgétique Plasmon Document security Grating Forgery Waveguide Plasmon transmission Energy balance
46	Выявление признаков постобработки изображений : магистерская диссертация / Photo tampering detecton Antselevich, A. A., Анцелевич, А. А. January 2015 (has links) An algorithm, which is able to find out, whether a given digital photo was tampered, and to generate tampering map, which depicts the processed parts of the image, was analyzed in details and implemented. The software was also optimized, deeply tested, the modes giving the best quality were found. The program can be launched on a usual user PC. / В процессе работы был детально разобран и реализован алгоритм поиска признаков постобработки в изображениях. Разработанное приложение было оптимизировано, было проведено его тестирование, были найдены режимы работы приложения с более высокими показателями точности. Реализованное приложение может быть запущено на обычном персональном компьютере. Помимо информации о наличии выявленных признаков постобработки полученное приложение генерирует карту поданного на вход изображения, на которой выделены его участки, возможно подвергнутые постобработке. MASTER'S THESIS IMAGE FORGERY PHOTO TAMPERING IMAGE SEGMENTATION GRAPH NORMALIZED CUT DUPLICATES ОБРАБОТКА ГРАФ ДУБЛИКАТЫ
47	How Secure is Verisure’s Alarm System? Hamid, Lars-Eric, Möller, Simon January 2020 (has links) Security is a very important part of today’s society.Verisure is the leader in home alarm systems with 30 years ofexperience. In this project, we aim to evaluate how secure theiralarm system is from a software perspective. The system wasbought in January 2020. After an initial threat modeling, followedby penetration testing it turns out that the alarm system is not assecure as Verisure markets. We could find several security flawsin the system. Some of them let an attacker block the system,and others yield full control without the user’s knowledge. Thereare also a couple of vulnerabilities that could be exploited bypeople without any special knowledge regarding hacking or thesystem in general. / Säkerhet är en mycket viktig del i dagens samhälle. Verisure är ledande inom hemmalarmsystem med 30 års erfarenhet. I det här projektet utvärderar vi hur säkert deras larmsystem är från ett mjukvaruperspektiv. Systemet köptes i januari 2020. Efter en inledande hotmodellering och följande penetrationstester visar det sig att larmsystemet inte är lika säkert som Verisure marknadsför. Vi kunde under projektets gång hitta flera säkerhetsbrister i systemet. Några av dessa gör att en angripare kan blockera systemet och andra ger full kontroll utan användarnas vetskap. Det finns också ett par sårbarheter som kan utnyttjas av människor utan någon speciell kunskap om hacking eller systemet i allmänhet. / Kandidatexjobb i elektroteknik 2020, KTH, Stockholm Alarm system Cross-site request forgery Cyber-security Denial of Service Hacking Internet of Things Verisure Elektroteknik och elektronik
48	Förfalskningar : En undersökning om förfalskningar av konstverk på den svenska auktionsverk Mill, Lovis January 2024 (has links) Denna uppsats "Förfalskningar: En undersökning om förfalskningar av konstverk på den svenska auktionsmarknaden, undersöker förekomsten och effekten av konstförfalskningar på den svenska auktionsmarknaden. Den undersöker den historiska kontexten för konstförfalskning, de juridiska ramar som styr handeln med konstverk och auktionshusens roller och ansvar för att upptäcka och förhindra försäljning av förfalskningar. Studien undersöker också samarbetet mellan auktionsverk och polismyndigheten för att ta itu med konstbrott och mediebevakningens inverkan på marknaden allmänhetens uppfattning. Genom en kvalitativ analys av auktionshuspolicyer, juridiska dokument och medierapporter synliggör uppsatsen komplexiteten och utmaningarna med att autentisera konstverk. Den belyser vikten av proveniensforskning, due diligence och autentiseringsförfaranden för att upprätthålla konstmarknadens integritet. Dessutom diskuteras de etiska övervägandena och behovet av ökad transparens och utbildning för att bekämpa konstförfalskning på ett effektivt sätt. Uppsatsen avslutas med rekommendationer för att förbättra upptäckten och hanteringen av förfalskningar och föreslår områden för vidare forskning för att öka förståelsen och förebyggandet av konstbedrägerier. / This essay ”Förfalskningar: En undersökning om förfalskningar av konstverk på den svenska auktionsmarknaden, investigates the prevalence and impact of art forgeries in the swedish auction market. It examines the historical context of art forgery, the legal framworks govering the trade of artworks, and the roles and responsibilities of auction houses in detecting and preventing the sale of forgeries. The study also explores the collaboration between auction houses and police authorities in addressing art crimes and the influence of media coverage on public perception and market dynamics Through a qualitative analysis of auction house policies, legal documents and media reports, the essay reveals the complexities and challenges involved in authenticating artworks. It highlights the importance of provenance research, due diligence and authentication procedurs in maintaining the integrity of the art market. Additionally, the study discusses the ethical considerations and the need for enhanced transparency and education to combat art forgery effectively. The essay concludes with recommendations for improving the detection and management of forgeries and suggests areas for further research to enhance the understanding and prevention of art fraud. Fakes and forgery art provenance authenticity media coverage copyright laws and conventions. Förfalskning konstverk proveniens autenticitet lagar och konventioner upphovsrätt mediabevakning. Humanities and the Arts Humaniora och konst
49	A pattern-driven and model-based vulnerability testing for Web applications / Une approche à base de modèles et de patterns pour le test de vulnérabilités d'applications Web Vernotte, Alexandre 29 October 2015 (has links) Cette thèse propose une approche originale de test de vulnérabilité Web à partir de modèles etdirigée par des patterns de tests, nommée PMVT. Son objectif est d’améliorer la capacité de détectionde quatre types de vulnérabilité majeurs, Cross-Site Scripting, Injections SQL, Cross-Site RequestForgery, et Privilege Escalation. PMVT repose sur l’utilisation d’un modèle comportemental del’application Web, capturant ses aspects fonctionnels, et sur un ensemble de patterns de test devulnérabilité qui adressent un type de vulnérabilité de manière générique, quelque soit le type del’application Web sous test.Par l’adaptation de technologies MBT existantes, nous avons développé une chaîne outillée complèteautomatisant la détection des quatre types de vulnérabilité. Ce prototype a été exprimenté et évaluésur deux applications réelles, actuellement utiliseés par plusieurs dizaines de milliers d’utilisateurs.Les résultats d’expérimentation démontrent la pertinence et de l’efficience de PMVT, notamment enaméliorant de façon significative la capacité de détection de vulnérabilités vis à vis des scannersautomatiques d’applications Web existants. / This thesis proposes an original approach, dubbed PMVT for Pattern-driven and Model-basedVulnerability Testing, which aims to improve the capability for detecting four high-profile vulnerabilitytypes, Cross-Site Scripting, SQL Injections, CSRF and Privilege Escalations, and reduce falsepositives and false negatives verdicts. PMVT relies on the use of a behavioral model of theapplication, capturing its functional aspects, and a set of vulnerability test patterns that addressvulnerabilities in a generic way. By adapting existing MBT technologies, an integrated toolchain that supports PMVT automates thedetection of the four vulnerability types in Web applications. This prototype has been experimentedand evaluated on two real-life Web applications that are currently used by tens of thousandsusers. Experiments have highlighted the effectiveness and efficiency of PMVT and shown astrong improvement of vulnerability detection capabilities w.r.t. available automated Web applicationscanners for these kind of vulnerabilities. Test de Vulnérabilité Test à partir de Modèles Patterns de Test de Vulnérabilité Applications Web Cross-Site Scripting Injections SQL Cross-Site Request Forgery Privilege Escalation Vulnerability Testing Model-Based Testing Vulnerability Test Patterns Web applications Cross- Site Scripting SQL Injections Cross-Site Request Forgery Privilege Escalation 004.678
50	Handwriting as individualisation technique in fraud investigation Aschendorf, Cynthia Bernice 21 October 2013 (has links) The aim of this research is to investigate how handwriting as an individualisation technique in fraud investigation can be used by police detectives, SARS investigators and forensic investigation specialists, who are responsible for the investigation and linking the perpetrator, with a view to criminal prosecution. A further intent was to share and introduce a number of important concepts, namely: criminal investigation, identification, individualisation, fraud, evidence and handwriting. The research will explain the sophisticated investigation techniques used to obtain sufficient information to prove the true facts in a court of law. Identification is the collective aspect of the set of characteristics by which an object is definitively recognisable or known, while the individual characteristics establish the individuality of a specific object. Many types of evidence may be used to link an individual with a crime scene, and associate that individual with the performed illegal handling. It also explained that during a cheque/document fraud investigation, it is in most cases the only link to information to trace, identify and individualise the perpetrator, and to obtain a handwriting specimen. It is also discussed how to eliminate a person being a writer of a document, and how to collect, package and mark a disputed document during the investigation. If the investigators use their knowledge of these concepts, it should enhance their investigative skills, and empower them to be become better equipped for the challenges they face in identifying, individualising and linking the perpetrators, in order to ensure successful prosecution and conviction. / Police Practice / M.Tech. (Forensic Investigation) Criminal investigation Handwriting Individualisation techniques Identification Evidence Investigator Fraud Forensic investigation Dispute document Investigation of crime 363.2565 Writing -- Identification Criminal investigation -- South Africa Forgery -- South Africa Graphology Evidence (Law) -- South Africa Legal documents -- Identification

Search results