Global ETD Search

81	Sécurité et vie privée dans les applications web / Web applications security and privacy Somé, Dolière Francis 29 October 2018 (has links) Dans cette thèse, nous nous sommes intéressés aux problématiques de sécurité et de confidentialité liées à l'utilisation d'applications web et à l'installation d'extensions de navigateurs. Parmi les attaques dont sont victimes les applications web, il y a celles très connues de type XSS (ou Cross-Site Scripting). Les extensions sont des logiciels tiers que les utilisateurs peuvent installer afin de booster les fonctionnalités des navigateurs et améliorer leur expérience utilisateur. Content Security Policy (CSP) est une politique de sécurité qui a été proposée pour contrer les attaques de type XSS. La Same Origin Policy (SOP) est une politique de sécurité fondamentale des navigateurs, régissant les interactions entre applications web. Par exemple, elle ne permet pas qu'une application accède aux données d'une autre application. Cependant, le mécanisme de Cross-Origin Resource Sharing (CORS) peut être implémenté par des applications désirant échanger des données entre elles. Tout d'abord, nous avons étudié l'intégration de CSP avec la Same Origin Policy (SOP) et démontré que SOP peut rendre CSP inefficace, surtout quand une application web ne protège pas toutes ses pages avec CSP, et qu'une page avec CSP imbrique ou est imbriquée dans une autre page sans ou avec un CSP différent et inefficace. Nous avons aussi élucidé la sémantique de CSP, en particulier les différences entre ses 3 versions, et leurs implémentations dans les navigateurs. Nous avons ainsi introduit le concept de CSP sans dépendances qui assure à une application la même protection contre les attaques, quelque soit le navigateur dans lequel elle s'exécute. Finalement, nous avons proposé et démontré comment étendre CSP dans son état actuel, afin de pallier à nombre de ses limitations qui ont été révélées dans d'autres études. Les contenus tiers dans les applications web permettent aux propriétaires de ces contenus de pister les utilisateurs quand ils naviguent sur le web. Pour éviter cela, nous avons introduit une nouvelle architecture web qui une fois déployée, supprime le pistage des utilisateurs. Dans un dernier temps, nous nous sommes intéressés aux extensions de navigateurs. Nous avons d'abord démontré que les extensions qu'un utilisateur installe et/ou les applications web auxquelles il se connecte, peuvent le distinguer d'autres utilisateurs. Nous avons aussi étudié les interactions entre extensions et applications web. Ainsi avons-nous trouvé plusieurs extensions dont les privilèges peuvent être exploités par des sites web afin d'accéder à des données sensibles de l'utilisateur. Par exemple, certaines extensions permettent à des applications web d'accéder aux contenus d'autres applications, bien que cela soit normalement interdit par la Same Origin Policy. Finalement, nous avons aussi trouvé qu'un grand nombre d'extensions a la possibilité de désactiver la Same Origin Policy dans le navigateur, en manipulant les entêtes CORS. Cela permet à un attaquant d'accéder aux données de l'utilisateur dans n'importe qu'elle autre application, comme par exemple ses mails, son profile sur les réseaux sociaux, et bien plus. Pour lutter contre ces problèmes, nous préconisons aux navigateurs un système de permissions plus fin et une analyse d'extensions plus poussée, afin d'alerter les utilisateurs des dangers réels liés aux extensions. / In this thesis, we studied security and privacy threats in web applications and browser extensions. There are many attacks targeting the web of which XSS (Cross-Site Scripting) is one of the most notorious. Third party tracking is the ability of an attacker to benefit from its presence in many web applications in order to track the user has she browses the web, and build her browsing profile. Extensions are third party software that users install to extend their browser functionality and improve their browsing experience. Malicious or poorly programmed extensions can be exploited by attackers in web applications, in order to benefit from extensions privileged capabilities and access sensitive user information. Content Security Policy (CSP) is a security mechanism for mitigating the impact of content injection attacks in general and in particular XSS. The Same Origin Policy (SOP) is a security mechanism implemented by browsers to isolate web applications of different origins from one another. In a first work on CSP, we analyzed the interplay of CSP with SOP and demonstrated that the latter allows the former to be bypassed. Then we scrutinized the three CSP versions and found that a CSP is differently interpreted depending on the browser, the version of CSP it implements, and how compliant the implementation is with respect to the specification. To help developers deploy effective policies that encompass all these differences in CSP versions and browsers implementations, we proposed the deployment of dependency-free policies that effectively protect against attacks in all browsers. Finally, previous studies have identified many limitations of CSP. We reviewed the different solutions proposed in the wild, and showed that they do not fully mitigate the identified shortcomings of CSP. Therefore, we proposed to extend the CSP specification, and showed the feasibility of our proposals with an example of implementation. Regarding third party tracking, we introduced and implemented a tracking preserving architecture, that can be deployed by web developers willing to include third party content in their applications while preventing tracking. Intuitively, third party requests are automatically routed to a trusted middle party server which removes tracking information from the requests. Finally considering browser extensions, we first showed that the extensions that users install and the websites they are logged into, can serve to uniquely identify and track them. We then studied the communications between browser extensions and web applications and demonstrate that malicious or poorly programmed extensions can be exploited by web applications to benefit from extensions privileged capabilities. Also, we demonstrated that extensions can disable the Same Origin Policy by tampering with CORS headers. All this enables web applications to read sensitive user information. To mitigate these threats, we proposed countermeasures and a more fine-grained permissions system and review process for browser extensions. We believe that this can help browser vendors identify malicious extensions and warn users about the threats posed by extensions they install. Web Navigateurs Applications web Sécurité Extensions de navigateurs Communication inter-iframes Confidentialité Vie privé Pistage Empreinte de navigateurs Web Browser Web applications Security Same origin policy Content origin policy Cross-origin resource sharing Browser extensions Privacy Cross-iframe communication Third party web tracking Browser fingerprinting
82	A survey of the available browse for the black rhinoceros (Diceros bicornis ssp. bicornis Linnaeus, 1758) in a farmland area in the Kunene region, Namibia Olsson, Sanna January 2015 (has links) No description available. black rhinoceros black rhino rhinoceros rhino Black Rhino Custodianship Program Namibia browser herbivore southern Africa browse availability Diceros bicornis shrub tree browse forage
83	Dark web och integritet på Internet : En kvalitativ studie av mediala gestaltningar av det dolda nätverket Dark web samt anonymitetens paradox Rivero Mildén, Linn January 2018 (has links) Denna studie är av kvalitativ karaktär och har tagit sin epistemologiska utgångspunkt i gestaltningsteorin för att undersöka digitala representationer av ett tillsynes undangömt nätverk. Syftet med uppsatsen är att undersöka hur Dark web gestaltas i ett urval mediekanaler för att fastställa vanliga representationer av nätverket. Studien ämnar för att besvara i vilka sammanhang som nätverket gestaltas som en risk respektive möjlighet. Studien genomförs med hjälp av kvalitativ textanalys inspirerad av kritisk diskursanalys. Det empiriska materialet hämtades från de fyra mediekanalerna Expressen, Computer World, Sveriges Radio och Tor Blog. Vidare diskuteras termerna anonymitetsparadox och moralpanik i studien eftersom att de visade sig vara av särskild relevans vid forskning av ett sådant digitalt och till synes anonymt mediefenomen. Studiens resultat påvisar att tillgången till ett fritt och anonymiserat Internet tycks blivit en fråga vad avser demokratiska rättigheter. Ur denna aspekt fungerar Dark web som en potentiell lösning mot den kartläggning som förekommer på det traditionella Internet. Computer World hade en uteslutande teknisk gestaltning av Dark web där intresset låg i att presentera teknologin bakom nätverket. Kvällspressen fokuserade huvudsakligen på den kriminalitet som cirkulerar på det dolda nätverket och redogjorde främst för narkotikahandel och kortbedrägerier. Tog Blog belyste både tekniken och anonymitetsaspekten bakom Dark web medan Sveriges Radio visade sig vara det medium som hade mest omfattande och genomgripande porträtteringar vad avser Dark web. Slutligen visade studien att det är i samspelet mellan de risker och möjligheter kring Dark web som paradoxen med anonymitet uppstår. Dark Web Surface Web Tor Browser Gestaltningsteori Risksamhälle Representation Integritet Anonymitet Kriminalitet Kvalitativ textanalys Moralpanik Internet Media and Communication Technology Medieteknik Media Studies Medievetenskap
84	Overcoming Limitations of Serial Audio Search Hidalgo, Isabela Cordeiro Ribeiro Moura 01 January 2012 (has links) The typical approach for finding audio recordings, such as music and sound effects, in a database is to enter some textual information into a search field. The results appear summarized in a list of textual descriptions of the audio files along with a function for playing back the recordings. Exploring such a list sequentially is a time-consuming and tedious way to search for sounds. This research evaluates whether searching for audio information can become more effective with a user interface capable of presenting multiple audio streams simultaneously. A prototype audio player was developed with a user interface suitable for both search and browsing of a hierarchically organized audio collection. The audio recordings are presented either serially (serial output mode) or simultaneously (parallel output mode), spatially distributed in both vertical and horizontal planes. Users select individual recordings by simply pointing at its source location with a remote control. Two within-subjects experiments were conducted to compare the performance of the audio player's output modes in audio search tasks. The experiments differ in the maximum number of audio recordings played simultaneously - either four or six. In both experiments, search tasks were performed about 25% faster using parallel audio output than using serial output. Over 80% of participants preferred searching parallel output. The results indicate that using parallel output can be a valuable improvement to the current methods of audio search, which typically use only serial output. Auditory User Interfaces Human-Computer Interaction Music Browser Parallel Output Simultaneous Sounds Wii Remote American Studies Arts and Humanities Computer Engineering Computer Sciences
85	MITIGATION OF WEB-BASED PROGRAM SECURITY VULNERABILITY EXPLOITATIONS Shahriar, HOSSAIN 30 November 2011 (has links) Over the last few years, web-based attacks have caused significant harm to users. Many of these attacks occur through the exploitations of common security vulnerabilities in web-based programs. Given that, mitigation of these attacks is extremely crucial to reduce some of the harmful consequences. Web-based applications contain vulnerabilities that can be exploited by attackers at a client-side (browser) without the victim’s (browser user’s) knowledge. This thesis is intended to mitigate some exploitations due to the presence of security vulnerabilities in web applications while performing seemingly benign functionalities at the client-side. For example, visiting a webpage might result in JavaScript code execution (cross-site scripting), downloading a file might lead to the execution of JavaScript code (content sniffing), clicking on a hyperlink might result in sending unwanted legitimate requests to a trusted website (cross-site request forgery), and filling out a seemingly legitimate form may eventually lead to stealing of credential information (phishing). Existing web-based attack detection approaches suffer from several limitations such as (i) modification of both server and client-side environments, (ii) exchange of sensitive information between the server and client, and (iii) lack of detection of some attack types. This thesis addresses these limitations by mitigating four security vulnerabilities in web applications: cross-site scripting, content sniffing, cross-site request forgery, and phishing. We mitigate the exploitations of these vulnerabilities by developing automatic attack detection approaches at both server and client-sides. We develop server-side attack detection frameworks to detect attack symptoms within response pages before sending them to the client. The approaches are designed based on the assumption that the server-side program source is available for analysis, but we are not allowed to alter the program code and the runtime environments. Moreover, we develop client-side attack detection frameworks so that some level of protection is present when the source code of server websites (either trusted or untrusted) is not available. Our proposed solutions explore several techniques such as response page parsing and file content analysis, browser-level checking of requests and responses, and finite state machine-based behavior monitoring. The thesis evaluates the proposed attack detection approaches with real-world vulnerable programs. The evaluation results indicate that our approaches are effective and perform better than the related work. We also contribute to the development of benchmark suites for evaluating attack detection techniques. / Thesis (Ph.D, Computing) -- Queen's University, 2011-11-29 09:44:24.465 Security vulnerability Cross-site request forgery Phishing Content sniffing Parser-based analysis Browser-based checking Cross-site scripting Trustworthiness testing Web-based program
86	The Null Game: feature-specific player enjoyment in massively multiplayer online role playing games Bouchard, Matthew Unknown Date No description available. RPG MOG MMO MMORPG BB-MMORPG browser-based MMORPG MUD fun enjoyment player enjoyment bad games video games managed player efficiency MPE meritocratic play
87	The Null Game: feature-specific player enjoyment in massively multiplayer online role playing games Bouchard, Matthew 06 1900 (has links) Massively Multiplayer Online Role Playing Games (MMORPGs) are complex and interesting objects of study. They are quite popular among both casual and connoisseur gamers, and they are often played continuously over many years. Despite a reasonable amount of existing research on MMORPGs, no clear explanation has emerged to explain what particular game features encourage so many players to enjoy these games for so long. In this thesis, I contend that the most important elements in the success of an MMORPG are meritocratic play and managed player efficiency (MPE). This contention is proved by examining the existing literature on player enjoyment and game design, surveying popular MMORPGs, and building and testing a simple, browser-based game that implements meritocratic play and managed player efficiency. While existing research and my survey of popular MMORPGS provide good support for the importance of meritocratic play and MPE, participants in my study provided much stronger support by reporting particular enjoyment of game tasks that displayed the clearest meritocratic play and the best opportunities to manage player efficiency. RPG MOG MMO MMORPG BB-MMORPG browser-based MMORPG MUD fun enjoyment player enjoyment bad games video games managed player efficiency MPE meritocratic play
88	A Mobile Deaf-to-hearing communication aid for medical diagnosis Mutemwa, Muyowa January 2011 (has links) >Magister Scientiae - MSc / Many South African Deaf people use their mobile phones for communication with SMSs yet they would prefer to converse in South African Sign Language. Deaf people with a capital `D' are different from deaf or hard of hearing as they primarily use sign language to communicate. This study explores how to design and evaluate a prototype that will allow a Deaf person using SASL to tell a hearing doctor how s/he is feeling and provide a way for the doctor to respond. A computer{based prototype was designed and evaluated with the Deaf people in a previous study. Results from the user trial of the computer{based mock{up indicated that Deaf users would like to see the prototype on a cell phone. Those user trial results, combined with our own user survey results conducted with Deaf people, are used as requirements. We built a prototype for a mobile phone browser by embedding SASL videos inside XHTML pages using Adobe Flash. The prototype asks medical questions using SASL videos. These questions are arranged in an organized way that helps in identifying a medical problem. The answers to the questions are then displayed in English and shown to the doctor on the phone. A content authoring tool was also designed and implemented. The content authoring tool is used for populating the prototype in a context free manner allowing for plug and play scenarios such as a doctor's office, Department of Home A airs or police station. A focus group consisting of Deaf people was conducted to help in the design and pilot trial of the system. A final user trial was conducted with more than thirty Deaf people and the results are presented and analyzed. Data is collected with questionnaires, semi-structured interviews and video recordings. The results indicate that most of the Deaf people found the system easy to learn, easy to navigate through, did not get lost and understood the sign language in the videos on the mobile phone. The hand gestures and facial expressions on the sign language videos were clear. Most of them indicated they would like to use the system for free, and that the system did not ask too many questions. Most of them were happy with the quality of the sign language videos on the mobile phone and would consider using the system in real life. Finally they felt their private information was safe while using the system. Many South African Deaf people use their mobile phones for communication with SMSs yet they would prefer to converse in South African Sign Language. Deaf people with a capital `D' are different from deaf or hard of hearing as they primarily use sign language to communicate. This study explores how to design and evaluate a prototype that will allow a Deaf person using SASL to tell a hearing doctor how s/he is feeling and provide a way for the doctor to respond. A computer{based prototype was designed and evaluated with the Deaf people in a previous study. Results from the user trial of the computer{based mock{up indicated that Deaf users would like to see the prototype on a cell phone. Those user trial results, combined with our own user survey results conducted with Deaf people, are used as requirements. We built a prototype for a mobile phone browser by embedding SASL videos inside XHTML pages using Adobe Flash. The prototype asks medical questions using SASL videos. These questions are arranged in an organized way that helps in identifying a medical problem. The answers to the questions are then displayed in English and shown to the doctor on the phone. A content authoring tool was also designed and implemented. The content authoring tool is used for populating the prototype in a context free manner allowing for plug and play scenarios such as a doctor's office, Department of Home A airs or police station. A focus group consisting of Deaf people was conducted to help in the design and pilot trial of the system. A final user trial was conducted with more than thirty Deaf people and the results are presented and analyzed. Data is collected with questionnaires, semi-structured interviews and video recordings. The results indicate that most of the Deaf people found the system easy to learn, easy to navigate through, did not get lost and understood the sign language in the videos on the mobile phone. The hand gestures and facial expressions on the sign language videos were clear. Most of them indicated they would like to use the system for free, and that the system did not ask too many questions. Most of them were happy with the quality of the sign language videos on the mobile phone and would consider using the system in real life. Finally they felt their private information was safe while using the system. / South Africa Adobe Flash Content authoring tool Deaf people Diagnosis eXtensible HyperText Markup Language Lookup dictionary Medical doctor Mobile phone browser South Africa Sign Language Prerecorded sign language video
89	Mitteilungen des URZ 1/2003 Ziegler,, Richter,, Riedel,, Hille, 10 March 2003 (has links) Mitteilungen des URZ 1/2003 Archivieren Jahresrückblick URZ 2002 MONARCH Version 2 Mozilla Standard-WWW-Browser TU-Software-News Übersicht Dienste des URZ ddc:050 ddc:004
90	Development of a framework for creating cross-platform TV HTML5 applications Eilert, Rickard January 2015 (has links) When developing HTML5 applications for TV platforms, the TV platforms provide, in addition to standardHTML5 functionality, also extra APIs for TV-specific features. These extra APIs differ between TVplatforms, and that is a problem when developing an application targeting several platforms. This thesis hasexamined if it is possible to design a framework which provides the developer with one API that works formany platforms by wrapping their platform-specific code. The answer is yes. With success, platform-specificfeatures including: TV remote control input, video, volume, Internet connection status, TV channel streamsand EPG data have been harmonised under an API in a JavaScript library. Furthermore, a build systempackages the code in the way the platforms expect. The framework eases the development of TV platformHTML5 applications. At the moment, the framework supports the Pace, PC and Samsung Smart TVplatforms, but it can be extended with more TV platform back-ends. / Lorsque l’on développe des applications HTML5 pour des plateformes TV, les plateformes TV fournissent,en plus de la fonctionnalité standard d'HTML5, des APIs supplémentaires pour les particularités d'une TV.Ces APIs supplémentaires diffèrent entre les plateformes TV, et ceci cause un problème lors dudéveloppement d’une application pour plusieurs plateformes. Cette thèse a fait l’examen de la possibilité deconcevoir un cadre d'applications qui fournit au concepteur une API qui peut servir à plusieurs plateformes,cachant le code spécifique de celles-ci. La réponse est oui. On a réussi à harmoniser : l’entrée de latélécommande, le lecteur vidéos, le volume, la connexion Internet, le flux TV et leurs données GPE, dans uneAPI qui réside dans une bibliothèque JavaScript. En outre, un système de compilation met le code d’unemanière dont la plateforme peut comprendre. Le cadre d'applications facilite le développement d'applicationsHTML5 des plateformes TV. Pour le moment, le cadre d'applications peut supporter la Pace, le PC et laplateforme de Samsung Smart TV, mais il peut également fonctionner avec d'autres plateformes TV. / Wenn man HTML5-Anwendungen für TV-Plattformen entwickelt, stellen die Plattformen neben denStandardfunktionalitäten von HTML5 auch extra APIs für TV spezifische Features zur verfügung. Diesezuzätzlichen APIs unterscheiden zwischen TV-Plattformen und das ist ein Problem bei der Entwicklung vonAnwendungen, die auf mehreren Plattformen laufen sollen. Diese These untersucht, ob es möglich ist, einFramework zu entwerfen, dass dem Entwickler eine API bereitstellt, welche für mehrere Plattformenfunktioniert, indem deren Plattform spezifischer Code verpackt wird. Die Antwort ist ja. Das Frameworkharmonisiert: Fernbedienungeingabe, Video, Volumen, Internet-Anschlussstatus, Fensehkanalstreams undelektronische Programmführer, zu einer gemeinsamen JavaScript-Bibliothek-API. Weiterhin verpackt einbuild system den Code so, wie es die Plattform erwartet. Das Framework erleichtert die Entwicklung vonHTML5-Applikationen für TV-Plattformen. Im Moment deckt das Framework: Pace-, PC- und SamsungSmart TV-Plattformen, aber es kann mit weiteren TV-Plattformen erweitert werden. / Quando si sviluppano delle applicazioni HTML5 per le piattaforme TV, quest'ustime offrono, oltre allafunzionalità comune di HTML5, anche APIs addizionali per funzionalità specifiche della TV. Queste APIsaddizionali differiscono tra le varie piattaforme TV e questo è un problema quando si sviluppaun'applicazione che funzioni per ciascuna piattaforma. Il presente lavoro esamina la possibilità di progettareun framework che fornisca allo sviluppatore una sola API, la quale sia funzionante per molte piattaforme esia idonea a nascondere il codice specifico di ciascuna di esse. La risposta è sì. Il framework fonde:l'immissione del telecomando, il video, il volume, lo stato della connessione Internet, i flussi dei canali TV edei dati della guida elettronica dei programmi, all'interno di una API secondo il modello di una libreriaJavaScript. Inoltre, il sistema di compilazione crea un pacchetto del codice nel modo in cui le piattaforme siaspettano. Il framework facilita lo sviluppo di applicazioni HTML5 per le piattaforme TV. Al momento, ilframework sostiene le seguenti piatteforme: Pace, PC e Samsung Smart TV, ma può essere esteso anche adaltre. / När man utvecklar HTML5-applikationer för TV-plattformar, finns utöver HTML5s standardfunktionalitet,även extra APIer för att komma åt TV-specifika funktioner. Dessa extra APIer skiljer sig åt mellan TV-plattformar, och det är ett problem när man utvecklar en applikation för många plattformar. Dettaexamensarbete har undersökt om det är möjligt att designa ett ramverk som förser utvecklaren med ett APIsom fungerar för många plattformar genom att wrappa deras plattformsspecifika kod. Svaret är ja. Ramverketharmoniserar: fjärrkontrollsindata, video, volym, internetförbindelse, TV-kanalströmmar och deras TV-tablåer, till ett gemensamt JavaScript-bibliotek-API. Vidare paketerar ett byggsystem koden på de sätt somplattformarna förväntar sig. Ramverket underlättar utveckling av HTML5-applikationer för TV-plattformar.För tillfället stöder ramverket plattformarna: Pace, PC och Samsung Smart TV, men det kan breddas med flerTV-plattformar. Smart TV cross-browser cross-platform set-top box JavaScript library build system framework HTML5 Other Computer and Information Science Annan data- och informationsvetenskap

Search results