Tài liệu miễn phí Tổ chức sự kiện
Download Tài liệu học tập miễn phí Tổ chức sự kiện
In this paper we propose enhancing Web clients with
new security mechanisms that can not only prevent ex-
isting attacks, but are able to enforce all security policies
based on monitoring client behavior. In particular, our
new mechanisms support policies that range from disal-
lowing use of certain Web client features (e.g., IFRAMEs
or OBJECTs) to fine-grained, application-specific invari-
ants such as taint-based policies that regulate the flow of
credit-card information input by the user.
Concretely, we propose that client-side enforcement
proceed through a new client mechanism: Mutation-
Event Transforms, or METs. METs are introduce here;
some details like how to prevent their subversion are in
Appendix A. METs allowWeb application security poli-
cies...
8/30/2018 2:40:28 AM +00:00
On the following page, Figure 2 describes examples of
general policies that apply to client Web pages, their
script code, and the nodes and attributes of document
data. On the same page, Figure 3 shows how these poli-
cies can be readily instantiated usingMET callback func-
tions; this code should be read in conjunction with Ap-
pendix A. In what follows, these policies are referred to
by their number, in parentheses.
Policies (1), (3), and (6) are examples that restrict
potentially dangerous types of document nodes, allow
scripts only in certain portions of the document, or limit
scripts to a whitelist of trusted scripts (as in [9]).
Policies (2), (4), and (5)...
8/30/2018 2:40:28 AM +00:00
In this paper we study the question, whether the technique
of botnet tracking can be extended to analyze and mitigate P2P
based botnets. Roughly speaking, we adapt the three steps of
botnet tracking in the following way using Storm Worm as a
case study: In the first step, we must get hold of a copy of the
bot binary. In the case of this botnet, we use spam traps to col-
lect Storm Worm generated spam and client side honeypots to
simulate the infection process. The second step, the infiltration
of the botnet, is adopted since we need to use a P2P protocol in-
stead of IRC, HTTP, or...
8/30/2018 2:40:28 AM +00:00
Our measurements show that our strategy can be used as a
way to disable the communication within the Storm botnet to a
large extent. As a side effect, we are able to estimate the size of
the Storm botnet, in general a hard task [25]. Our measurements
are much more precise than previous measurements [12, 17].
This is because measurements previously were based on passive
techniques, e.g., by observing visible network events like the
number of spam mails supposedly sent via the bots. We are the
first to introduce an active measurement technique to actually
enumerate the number of infected machines: We crawl the P2P
network, keep track of all...
8/30/2018 2:40:28 AM +00:00
What has received much less attention is how mega-events are related to urban
processes, for they often transform urban space through the erection of landmark
structures or through the renewal of urban space such as plazas or parks or new housing/
retail developments. The extensive urban waterfront development in Barcelona for the
1992 Olympics is a particularly outstanding case in point (de Moragas Spa and Botella,
1994). In any event, the mega-event (formerly called hallmark event) may be of short
duration but it has an impact and meaning far beyond the event itself for the host city
(Ritchie, 1984; Hall, 1997)....
8/30/2018 2:40:28 AM +00:00
The showcase argument points out that mega-events are spectacles that can best be
understood as either instruments of hegemonic power (Ley and Olds, 1988) or public-
relations’ ventures far removed from the realities of urban problems and challenges.
Whatever the motivation, there is increased awareness that the mega-event can also be a
vehicle for some form of urban transformation. While there are usually significant conflicts
between event requirements and post-event usage (Servant and Takeda, 1996: 104), the
substantial fiscal demands of these projects has typically included some form of permanent
alteration to the urban environment. Particularly in postindustrial cities, the mega-event is
often linked to inner-city renewal and...
8/30/2018 2:40:28 AM +00:00
We could not have wished for a more distinguished speaker to give
the first lecture than Jeff Wall. Depiction, Object, Event, written
especially for this occasion, is an original and thought-provoking
interpretation of developments in the art of the last century that
have culminated over the past two decades in an alleged fusion of
art and life.
Today, artists are often regarded as the trendsetting members of a
‘creative class’ that is fully integrated within the tertiary sector of
the global economy. They are seen as fully-fledged service providers
who meet all the requirements of professional entrepreneurship and
contribute to the...
8/30/2018 2:40:28 AM +00:00
One of Wall’s theses is that the fusion of art and non-art is in a
sense an illusion, a mimetic operation that leaves the institutional
art context fully intact. Non-artistic phenomena, including various
forms of economic and social activity, make their ‘second appear-
ance’ in, or rather as, art. Artists and curators appropriate these
activities without actually having to leave the institutional domain
of art. The heteronomy of contemporary art is, in Wall’s term, a
‘pseudo-heteronomy’....
8/30/2018 2:40:28 AM +00:00
There are no criteria available to judge the quality of these crea-
tive expressions, because, as Wall states, aesthetic criteria are only
valid within the classic disciplines—painting, drawing, sculpture,
the graphic arts, and photography. These ‘canonical forms’ are still
thriving, by the way, in spite of all efforts by artists to subvert them
from within; but they thrive as a separate sector within contempo-
rary art, as a genre with its own laws and standards. By contrast,
the success of the alternative, pseudo-heteronomous art forms lies in
the very fact that they have managed to neutralize these aesthetic ....
8/30/2018 2:40:28 AM +00:00
I am think-
ing here of Allan Kaprow, John Cage, or George Maciunas. They
sensed that the depictive arts could not be displaced by any
more upheavals from within, any more radical versions of depic-
tion or anti-depiction. They came to recognize that there was
something about the depictive arts that would not permit an-
other art form or art dimension to evolve out of them. The new
challenge to western art would be advanced in terms of move-
ment and the arts of movement. Cage’s piano concert, 4’33”, first
presented in 1952, can be seen as the first explicit statement of
this...
8/30/2018 2:40:28 AM +00:00
This was, of course, opposed by proponents of the canon,
pre-eminently Clement Greenberg. Greenberg published his es-
say Towards a Newer Laocoon in 1940, twelve years before Cage’s
concert. In it he wrote, “There has been, is, and will be, such a
thing as a confusion of the arts.” He argues that, in each era,
there can be, and has been, a dominant art, one all the others
tend to imitate to their own detriment, perversion, and loss of
integrity. From the early 17th century to the last third of the
19th, he says that the dominant art was literature. What...
8/30/2018 2:40:28 AM +00:00
The Readymade did not and was not able to address itself to
depiction; its concern is with the object, and so if we were to
classify it within the canonical forms it would be sculpture. But
no-one who has thought about it accepts that a Readymade is
sculpture. Rather it is an object that transcends the traditional
classifications and stands as a model for art as a whole, art as a
historical phenomenon, a logic, and an institution. As Thierry
de Duve has so well demonstrated, this object designates itself
as the abstraction ‘art as such’, the thing that can...
8/30/2018 2:40:28 AM +00:00
Or, to be more circumspect, it is the object from which the name
art cannot logically be withheld. The Readymade therefore
proved that an arbitrary object can be designated as art and
that there is no argument available to refute that designation.
Depictions are works of art by definition. They may be popular
art, amateur art, even entirely unskilled and unappealing art,
but they are able to nominate themselves as art nonetheless.
They are art because the depictive arts are founded on the mak-
ing of depictions, and that making necessarily displays artistry. ...
8/30/2018 2:40:28 AM +00:00
The only distinctions remaining to be made here are between
‘fine’ art and ‘applied’ art, or ‘popular’ art and ‘high’ art, between
‘amateur’ art and ‘professional’ art, and, of course, between
good art and less good art. Selecting a very poor, amateurish,
depiction (say a businessman’s deskpad doodle) and presenting
it in a nice frame in a serious exhibition might be interesting,
but it would not satisfy the criteria Duchamp established for
the Readymade. The doodle is already nominated as art and the
operation of the Readymade in regard to it is redundant....
8/30/2018 2:40:28 AM +00:00
This paper presents a new mechanism that allows the
application to register its interest in a specific event, and
then efficiently collect the notification of the event at a
later time. The set of events that this mechanism covers
is shown to include not only those described above, but
may also be extended to unforeseen event sources with
no modification to the API.
The rest of this paper is structured as follows: Section
2 examines where the central bottleneck of poll() and se-
lect() is, Section 3 explains the design goals, and Section
4 presents the API of new mechanism. Section 5 details
how to use the new API and provides...
8/30/2018 2:40:28 AM +00:00
Another goal was to keep the interface simple enough
that it could be easily understood, and also possible to
convert poll() or select() based applications to the new
API with a minimum of changes. It was recognized that
if the new interface was radically different, then it would
essentially preclude modification of legacy applications
which might otherwise take advantage of the new API.
Expanding the amount information returned to the ap-
plication to more than just the fact that an event occurred
was also considered desirable. For readable sockets, the
user may want to know how many bytes are actually
pending in the socket buffer in order to avoid multiple
read() calls....
8/30/2018 2:40:28 AM +00:00
Within the kernel, the situation is also not ideal. Space
must be found to hold the descriptor list; for large lists,
this is done by calling malloc(), and the area must in
turn be freed before returning. After the copy is per-
formed, the kernel must examine every entry to deter-
mine whether there is pending activity on the descriptor.
If the kernel has not found any active descriptors in the
current scan, it will then update the descriptor’s selinfo
entry; this information is used to perform a wakeup on
the process in the event that it calls tsleep() while wait-
ing for activity on the descriptor. After the process...
8/30/2018 2:40:28 AM +00:00
As an example, consider the case where several net-
work packets arrive for a socket. We could consider each
incoming packet as a discrete event, recording one event
for each packet. However, the number of incoming pack-
ets is essentially unbounded, while the amount of mem-
ory in the system is finite; we would be unable to provide
a guarantee that no events would be lost.
The result of the above scenario is that multiple pack-
ets are coalesced into a single event. Events that are
delivered to the application may correspond to multiple
occurrences of activity on the event source being moni-
tored.
In addition, suppose a packet arrives containing
bytes, and...
8/30/2018 2:40:28 AM +00:00
A final design criteria was that the API should be cor-
rect, in that events should only be reported if they are
applicable. Consider the case where a packet arrives on
a socket, in turn generating an event. However, before
the application is notified of this pending event, it per-
forms a close() on the socket. Since the socket is no
longer open, the event should not be delivered to the ap-
plication, as it is no longer relevant. Furthermore, if the
event happens to be identified by the file descriptor, and
another descriptor is created with the same identity, the
event should be removed, to preclude the possibility of
false...
8/30/2018 2:40:28 AM +00:00
Finally, the last design goal for the API is that it should
be possible for a library to use the mechanism without
fear of conflicts with the main program. This allows
3
party code that uses the API to be linked into the
application without conflict. While on the surface this
appears to be obvious, several counter examples exist.
Within a process, a signal may only have a single sig-
nal handler registered, so library code typically can not
use signals. X-window applications only allow for a sin-
gle event loop. The existing select() and poll() calls do
not have this problem, since they are stateless, but our
new API, which moves...
8/30/2018 2:40:28 AM +00:00
The READ and WRITE filters are intended to work
on any file descriptor, and the ident field contains the
descriptor number. These filters closely mirror the be-
havior of poll() or select(), in that they are intended to
return whenever there is data ready to read, or if the ap-
plication can write without blocking. The kernel func-
tion corresponding to the filter depends on the descriptor
type, so the implementation is tailored for the require-
ments of each type of descriptor in use. In general, the
amount of data that is ready to read (or able to be writ-
ten) will be returned in the data field within the...
8/30/2018 2:40:28 AM +00:00
For example, the read filter for socket descriptors is
triggered as long as there is data in the socket buffer
greater than the SO LOWAT mark, or when the socket
has shutdown and is unable to receive any more data.
The filter will return the number of bytes pending in the
socket buffer, as well as set an EOF flag for the shutdown
case. This providesmore information that the application
can use while processing the event. As EOF is explicitly
returned when the socket is shutdown, the application no
longer needs to make an additional call to read() in order
to discover an EOF condition.
A non kqueue-aware application using the...
8/30/2018 2:40:28 AM +00:00
A traditional application built around poll will have a
single structure containing all active descriptors, which
is passed to the kernel every time the applications goes
through the central event loop. A kqueue-aware applica-
tion will need to notify the kernel of any changes to the
list of active descriptors, instead of passing in the entire
list. This can be done either by calling kevent() for each
update to the active descriptor list, or by building up a
list of descriptor changes and then passing this list to the
kernel the next time the event loop is called. The lat-
ter approach offers better performance, as it reduces the
number of...
8/30/2018 2:40:28 AM +00:00
Maliciously modified devices are already a reality. In
2006, Apple shipped iPods infected with the RavMonE
virus [4]. During the cold war, the CIA sabotaged oil
pipeline control software, which was then allowed to
be “stolen” by Russian spies [10]. Conversely, Russian
agents intercepted and modified typewriters which were
to be used at the US embassy in Moscow; the modifica-
tions allowed the Russians to copy any documents typed
on said typewriters [16]. Recently, external hard drives
sold by Seagate in Taiwan were shipped with a trojan in-
stalled that sent personal data to a remote attacker [1].
Although none of these attacks use malicious circuits,
they clearly show the feasibility of...
8/30/2018 2:40:28 AM +00:00
Hidden malicious circuits provide an attacker with a
stealthy attack vector. As they occupy a layer below the
entire software stack, malicious circuits can bypass tra-
ditional defensive techniques. Yet current work on trojan
circuits considers only simple attacks against the hard-
ware itself, and straightforward defenses. More complex
designs that attack the software are unexplored, as are
the countermeasures an attacker may take to bypass pro-
posed defenses.
We present the design and implementation of Illinois
Malicious Processors (IMPs). There is a substantial de-
sign space in malicious circuitry; we show that an at-
tacker, rather than designing one specific attack, can in-
stead design hardware to support attacks. Such flexi-
ble hardware...
8/30/2018 2:40:28 AM +00:00
In this section we define the problem we address, state
our assumptions, and describe our threat model.
We address the problem of designing and implement-
ing malicious processors that carry out high-level at-
tacks. In this paper we focus on an attacker that adds
additional circuits to carry out the attack. We consider
analog circuit perturbations (both timing and power), as
well as discrete perturbations. We do not consider at-
tacks where the gate-level design is unmodified and the
attacker uses physical phenomena (e.g., excessive heat)
to perturb execution or degrade performance of the cir-
cuit.
There are multitude of opportunities to insert
hardware-based attacks, including the design, fabrica-
tion, packaging, testing, and integration...
8/30/2018 2:40:28 AM +00:00
Our memory access mechanism provides hardware sup-
port for unprivileged malicious software by allowing ac-
cess to privileged memory regions. Malicious software
triggers the attack by forcing a sequence of bytes on the
data bus to enable the memory access circuits. This se-
quence can be arbitrarily long to avoid false positives
and the particular sequence must be agreed upon be-
fore deployment. Once the sequence is observed, the
MMU in the data cache ignores CPU privilege levels
for memory accesses, thus granting unprivileged soft-
ware access to all memory, including privileged mem-
ory regions like the operating system’s internal mem-
ory. In other words, loading a magic value on the data
bus...
8/30/2018 2:40:28 AM +00:00
Applications running on a UNIX platform need to be no-
tified when some activity occurs on a socket or other de-
scriptor, and this is traditionally done with the select() or
poll() system calls. However, it has been shown that the
performance of these calls does not scale well with an in-
creasing number of descriptors. These interfaces are also
limited in the respect that they are unable to handle other
potentially interesting activities that an application might
be interested in, these might include signals, file system
changes, and AIO completions. This paper presents a
generic event delivery mechanism, which allows an ap-
plication to select from a wide range of...
8/30/2018 2:40:28 AM +00:00
The entire format, name, route and length of your event depends solely on what you want to achieve.
You’re in charge of how complex or simple you want to make it. There are masses of different types of
walking event, ranging from fun walks and sponsored charity walks, to courses with measured
distances and long distance challenges.
A promoted walking event can be very attractive to people who are unused to walking or to exploring
the countryside, since they know they can’t get lost, they can go at their own pace, they may meet new
friends, learn more...
8/30/2018 2:40:28 AM +00:00
Once you’ve narrowed down the time of year you’ll need to find out what other events are planned
around the same time. As well as walking events you should consider other things that may compete
for the same audience. In an ideal world you should pick a date that doesn’t clash with any significant
competitor. Look for other organisations’ actual or likely dates on the internet, in forward planning
publications and back issues of listings magazines (large public reference libraries are a good source of
back issues of publications and of forward planning directories like The Year Ahead). Always check...
8/30/2018 2:40:28 AM +00:00