Web Security: Session management and CSRF
|
|
- Annabella Greer
- 6 years ago
- Views:
Transcription
1 Web Security: Sessio maagemet ad CSRF CS 161: Computer Security Prof. Raluca Ada Popa April 5, 2018 Credit: this deck is a combiatio of my slides ad slide adaptatios from previous offerigs of this course ad from CS 241 of Prof. Da Boeh
2 Cookie policy versus same-origi policy
3 Cookie policy: whe browser seds cookie GET //URL-domai/URL-path Cookie: NAME = VALUE Server A cookie with domai = example.com, ad path = /some/path/ will be icluded o a request to
4 Cookie policy versus same-origi policy Cosider Javascript o a page loaded from a URL U If a cookie is i scope for a URL U, it ca be accessed by Javascript loaded o the page with URL U, uless the cookie has the httpoly flag set.
5 Examples cookie 1 ame = userid value = u1 domai = logi.site.com path = / o-secure cookie 2 ame = userid value = u2 domai =.site.com path = / o-secure cookie: userid=u2 cookie: userid=u1, userid=u2 cookie: oe JS o each of these URLs ca access all cookies that would be set for that URL if the httpoly flag is ot set
6 Idirectly bypassig same-origi policy usig cookie policy Sice the cookie policy ad the same-origi policy are differet, there are corer cases whe oe ca use cookie policy to bypass same-origi policy Ideas how?
7 Example Victim user browser fiacial.example.com web server Cookie domais: fiacial.example.com blog.example.com cookie jar for *.example.com blog.example.com web server (assume attacker compromised this web server) Browsers maitai a separate cookie jar per domai group, such as oe jar for *.example.com to avoid oe domai fillig up the jar ad affectig aother domai. Each browser decides at what graularity to group domais.
8 Example Victim user browser fiacial.example.com web server GET example.com fiacial.example.com set-cookie: blog.example.com web server blog.example.com example.com cookie jar for *.example.com (assume attacker compromised this web server) Attacker sets may cookies with domai example.com which overflows the cookie jar for domai *.example.com ad overwrites cookies from fiacial.example.com
9 Example Victim user browser fiacial.example.com web server example.com example.com example.com example.com cookie jar for *.example.com blog.example.com web server (assume attacker compromised this web server) Attacker sets may cookies with domai example.com which overflows the cookie jar for domai *.example.com ad overwrites cookies from fiacial.example.com
10 Example Victim user browser GET fiacial.example.com web server example.com example.com example.com example.com cookie jar for *.example.com Whe Alice visits fiacial.example.com, the browser automatically attaches the attacker s cookies due to cookie policy (the scope of the cookies is a domai suffix of fiacial.example.com) Why is this a problem?
11 Idirectly bypassig same-origi policy usig cookie policy Victim thus ca logi ito attackers accout at fiacial.example.com This is a problem because the victim might thik its their accout ad might provide sesitive iformatio This bypassed same-origi policy (idirectly) because blog.example.com iflueced fiacial.example.com
12 RFC For further details o cookies, checkout the stadard RFC6265 HTTP State Maagemet Mechaism - Browsers are expected to implemet this referece, ad ay differeces are browser specific
13 Sessio maagemet
14 Sessios A sequece of requests ad resposes from oe browser to oe (or more) sites Sessio ca be log (Gmail - two weeks) or short without sessio mgmt: users would have to costatly re-autheticate Sessio mgmt: Authorize user oce; All subsequet requests are tied to user
15 Pre-history: HTTP auth Oe userame ad password for a group of users HTTP request: GET /idex.html HTTP respose cotais: WWW-Autheticate: Basic realm="password Required Browsers seds hashed password o all subsequet HTTP requests: Authorizatio: Basic ZGFddfibzsdfgkjheczI1NXRleHQ=
16 HTTP auth problems Hardly used i commercial sites User caot log out other tha by closig browser w What if user has multiple accouts? w What if multiple users o same computer? Site caot customize password dialog Cofusig dialog to users Easily spoofed
17 Sessio tokes Browser GET /idex.html GET /books.html aoymous sessio toke set aoymous sessio toke Web Site POST /do-logi Userame & password elevate to a logged-i sessio toke check credetials (later) POST /checkout logged-i sessio toke Validate toke
18 Storig sessio tokes: Lots of optios (but oe are perfect) Browser cookie: Set-Cookie: SessioToke=fduhye63sfdb Embedd i all URL liks: SessioToke=kh7y3b I a hidde form field: <iput type= hidde value= kh7y3b > ame= sessioid
19 Storig sessio tokes: problems Browser cookie: browser seds cookie with every request, eve whe it should ot (CSRF) Embed i all URL liks: toke leaks via HTTP Referer header users might share URLs I a hidde form field: short sessios oly Better aswer: a combiatio of all of the above (e.g., browser cookie with CSRF protectio usig form secret tokes)
20 Cross Site Request Forgery
21 This ew category was created by mergig 2010-A7 Isecure Cryptographic Storage & 2010-A9 - Isufficiet Trasport Thisew ewcategory categorywas was created mergig 2010-A7 Isecure Cryptographic Storage& & - -Isufficiet Trasport This byby mergig 2010-A7 Isecure Cryptographic Storage 2010-A9 - Isufficiet Trasport This ew category wascreated created by mergig 2010-A7 Isecure &2010-A A9 Isufficiet Layer Protectio, plus addig browser side sesitive data risks ascryptographic well. This ewstorage category covers sesitive data Trasport Layer Protectio, plus addig browser side sesitive data risks as well. This ew category covers sesitive data Layer plus browser side sesitive data risks as as well. This ew category covers sesitive datadata LayerProtectio, Protectio, plusaddig addig browser side sesitive data risks well. ew category sesitive protectio (other tha access cotrol which is covered by 2013-A A4 adthis 2013-A7) fromthe thecovers momet sesitive dataisis protectio (other tha access cotrol which is covered by ad 2013-A7) from momet sesitive data protectio (other tha access cotrol which is covered by 2013-A4 ad 2013-A7) from the momet sesitive data is is protectio (other tha access cotrol which is covered by 2013-A4 ad 2013-A7) from the momet sesitive data provided by the user, set to ad stored withi the applicatio, ad the the set set back backto tothe thebrowser browseragai. agai. provided by the user, set to ad stored withi the applicatio, ad provided ad stored withi thethe applicatio, ad the set back to the browser agai. providedbybythe theuser, user,set settoto ad stored withi applicatio, ad the set back to the browser agai. 5) We added: 2013-A9: Usig Kow Vulerable Compoets: 5) We Weadded: added:2013-a9: 2013-A9:Usig Usig Kow Vulerable Compoets: 5)5) Vulerable Compoets: We added: 2013-A9: UsigKow Kow Vulerable Compoets: This issue was metioed part 2010-A6 SecurityMiscofiguratio, Miscofiguratio, but ow has category ofits itsow ow asthe the Thisissue issuewas wasmetioed metioedasas as part of 2010-A6 but ow has aaacategory ++++ This part ofof 2010-A6 Security but ow has a category ofof its asas the This issue was metioed as part of 2010-A6 Security SecurityMiscofiguratio, Miscofiguratio, but ow has category of ow its ow as the growth ad depth compoet based developmet has sigificatly icreased the risk ofusig usig kow vulerable growthad addepth depthofof of compoet based developmet has sigificatly icreased the risk kow vulerable growth based developmet has sigificatly icreased the risk ofof usig kow vulerable growth ad depth ofcompoet compoet based developmet has sigificatly icreased the risk of usig kow vulerable compoets. compoets. compoets. compoets. Top web vulerabilities OWASP Top (Previous) OWASPTop Top (Previous) OWASP OWASP Top (Previous) (Previous) OWASP Top (New) OWASP Top 10 (New) OWASP (New) OWASPTop Top (New) A1 Ijectio Ijectio A1 Ijectio A1 Ijectio Ijectio A1A1 Ijectio Ijectio A1 Ijectio A3 Broke BrokeAutheticatio Autheticatioad ad Sessio Maagemet A3 Maagemet Broke Autheticatio ad Sessio Maagemet A3 Broke Autheticatio adsessio Sessio Maagemet Broke Autheticatio ad Sessio Maagemet A2A2 Broke Autheticatio ad Sessio Maagemet Broke Autheticatio ad Sessio Maagemet A2 Broke Autheticatio ad Sessio Maagemet A2 Cross-Site Cross-SiteScriptig Scriptig(XSS) (XSS) A2 A2 Cross-Site Scriptig (XSS) A2 Cross-Site Scriptig (XSS) Cross-Site Scriptig (XSS) A3A3 Cross-Site Scriptig (XSS) A3 Cross-Site Scriptig (XSS) A3 Cross-Site Scriptig (XSS) A4 Isecure IsecureDirect DirectObject ObjectRefereces Refereces A4 A4 Isecure Direct Object Refereces A4 Isecure Direct Object Refereces Isecure Direct Object Refereces A4A4 Isecure Direct Object Refereces A4 Isecure Direct Object Refereces A4 Isecure Direct Object Refereces A6 Security SecurityMiscofiguratio Miscofiguratio A6 A6 A6 Security SecurityMiscofiguratio Miscofiguratio Security Miscofiguratio A5A5 Security Miscofiguratio A5 A5 Security Security Miscofiguratio Miscofiguratio A7 A7 Isecure IsecureCryptographic CryptographicStorage Storage Merged Mergedwith witha9a9 A7 A7 Isecure IsecureCryptographic CryptographicStorage Storage Merged Mergedwith witha9 A9 A6A6 Sesitive Data Exposure Sesitive Data Exposure A6 A6 Sesitive Sesitive Data Data Exposure Exposure A8 A8 Failure FailuretotoRestrict RestrictURL URLAccess Access Broadeed Broadeedito ito A8 Failure Failureto torestrict RestrictURL URLAccess Access Broadeed Broadeedito ito A8 A7A7 Missig Fuctio Level Access Cotrol Missig Fuctio Level Access Cotrol A7 Missig Missig Fuctio Fuctio Level Level Access Access Cotrol Cotrol A7 A5 A5 Cross-Site Cross-SiteRequest RequestForgery Forgery(CSRF) (CSRF) A5 Cross-Site Cross-SiteRequest RequestForgery Forgery(CSRF) (CSRF) A5 A8A8 Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) A8 Cross-Site Cross-Site Request Request Forgery Forgery (CSRF) (CSRF) A8 <buried <buriediia6: A6:Security SecurityMiscofiguratio> Miscofiguratio> <buriediia6: A6:Security SecurityMiscofiguratio> Miscofiguratio> <buried A10 A10 Uvalidated UvalidatedRedirects Redirectsad adforwards Forwards A10 Uvalidated UvalidatedRedirects Redirectsad adforwards Forwards A10 A9 A9 Isufficiet IsufficietTrasport TrasportLayer LayerProtectio Protectio A9 Isufficiet IsufficietTrasport TrasportLayer LayerProtectio Protectio A9 A9A9 Usig Kow Vulerable Compoets Usig Kow Vulerable Compoets A9 Usig Usig Kow Kow Vulerable Vulerable Compoets Compoets A9 A10 Uvalidated Redirects ad Forwards A10 Uvalidated Redirects ad Forwards A10 Uvalidated Uvalidated Redirects Redirects ad ad Forwards Forwards A10 Merged with 2010-A7 ito ew 2013-A6 Merged with 2010-A7 ito ew 2013-A6 Merged with with 2010-A A7 ito ito ew ew 2013-A A6 Merged 21
22 HTML Forms Allow a user to provide some data which gets set with a HTTP POST request to a server <form actio="bak.com/actio.php"> First ame: <iput type="text" ame="firstame"> Last ame:<iput type="text" ame="lastame"> <iput type="submit" value="submit"></form> Whe fillig i Alice ad Smith, ad clickig submit, the browser issues HTTP POST request bak.com/actio.php?firstame=alice&lastame=smith As always, the browser attaches relevat cookies
23 Cosider cookie storig sessio toke Server assigs a sessio toke to each user after they logged i, places it i the cookie The server keeps a table of userame to curret sessio toke, so whe it sees the sessio toke it kows which user
24 Sessio usig cookies Browser Server
25 Basic picture Server Victim bak.com User Victim cookie for bak.com with sessio toke What ca go bad? Attack Server URL cotais trasactio actio
26 Cross Site Request Forgery (CSRF) Example: User logs i to bak.com w Sessio cookie remais i browser state User visits malicious site cotaiig: <form ame=f actio= <iput ame=recipiet value=badguy> <script> documet.f.submit(); </script> Browser seds user auth cookie with request w Trasactio will be fulfilled Problem: cookie auth is isufficiet whe side effects occur
27 Form post with cookie Cookie: SessioID=523FA4cd2E User credetials
28 Form post with cookie Cookie: SessioID=523FA4cd2E User credetials
29 Squigler demo
30 2008 CSRF attack A attacker could add videos to a user s "Favorites," add himself to a user s "Fried" or "Family" list, sed arbitrary messages o the user s behalf, flagged videos as iappropriate, automatically shared a video with a user s cotacts, subscribed a user to a "chael" (a set of videos published by oe perso or group), ad added videos to a user s "QuickList" (a list of videos a user iteds to watch at a later poit).
31
32 Defeses ideas?
33 CSRF Defeses CSRF toke <iput type=hidde value=23a3af01b> Referer Validatio Referer: Others (e.g., custom HTTP Header) we wo t go ito
34 CSRF toke 1. goodsite.com server wats to protect itself, so it icludes a secret toke ito the webpage (e.g., i forms as a hidde field) 2. Requests to goodsite.com iclude the secret 3. goodsite.com server checks that the toke embedded i the webpage is the expected oe; reject request if ot Ca the toke be? Dateofbirth CSRF toke must be hard to guess by the attacker
35 How toke is used! The server stores state that bids the user's CSRF toke to the user's sessio id! Embeds CSRF toke i every form! O every request the server validates that the supplied CSRF toke is associated with the user's sessio id! Disadvatage is that the server eeds to maitai a large state table to validate the tokes.
36 Other CRSF protectio: Referer Validatio Whe the browser issues a HTTP request, it icludes a referer header that idicates which URL iitiated the request This iformatio i the Referer header could be used to distiguish betwee same site request ad cross site request
37 Referer Validatio
38 Referer Validatio Defese HTTP Referer header Referer: Referer: Referer: w Strict policy disallows (secure, less usable) w Leiet policy allows (less secure, more usable) ü û?
39 Privacy Issues with Referer header! The referer cotais sesitive iformatio that impiges o the privacy! The referer header reveals cotets of the search query that lead to visit a website.! Some orgaizatios are cocered that cofidetial iformatio about their corporate itraet might leak to exteral websites via Referer header
40 Referer Privacy Problems Referer may leak privacy-sesitive iformatio projects/iphoe/competitors.html Commo sources of blockig: Network strippig by the orgaizatio Network strippig by local machie Stripped by browser for HTTPS -> HTTP trasitios User preferece i browser
41 Summary: sessios ad CSRF Cookies add state to HTTP Cookies are used for sessio maagemet They are attached by the browser automatically to HTTP requests CSRF attacks execute request o beig site because cookie is set automatically Defeses for CSRF: embed upredicatable toke ad check it later check referer header
XSS and CSRF Nov 6, 2018
XSS CSRF Nov 6, 2018 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh Exam Mean: 156 (82%): GREAT! Stddev 22, max 187-98%. Scribe: Wen Zhang Presenter:
More informationCS 142 Winter Session Management. Dan Boneh
CS 142 Winter 2009 Session Management Dan Boneh Sessions A sequence of requests and responses from one browser to one (or more) sites Session can be long (Gmail - two weeks) or short without session mgmt:
More informationCustomer Portal Quick Reference User Guide
Customer Portal Quick Referece User Guide Overview This user guide is iteded for FM Approvals customers usig the Approval Iformatio Maagemet (AIM) customer portal to track their active projects. AIM is
More informationArchitectural styles for software systems The client-server style
Architectural styles for software systems The cliet-server style Prof. Paolo Ciacarii Software Architecture CdL M Iformatica Uiversità di Bologa Ageda Cliet server style CS two tiers CS three tiers CS
More informationWeston Anniversary Fund
Westo Olie Applicatio Guide 2018 1 This guide is desiged to help charities applyig to the Westo to use our olie applicatio form. The Westo is ope to applicatios from 5th Jauary 2018 ad closes o 30th Jue
More informationBaan Tools User Management
Baa Tools User Maagemet Module Procedure UP008A US Documetiformatio Documet Documet code : UP008A US Documet group : User Documetatio Documet title : User Maagemet Applicatio/Package : Baa Tools Editio
More informationCSC 220: Computer Organization Unit 11 Basic Computer Organization and Design
College of Computer ad Iformatio Scieces Departmet of Computer Sciece CSC 220: Computer Orgaizatio Uit 11 Basic Computer Orgaizatio ad Desig 1 For the rest of the semester, we ll focus o computer architecture:
More informationBike MS: 2013 Participant Center guide
Bike MS: 2013 Participat Ceter guide bikems.org 1 Why use Olie Fudraisig Tools? Usig olie tools makes fudraisig easier Table of Cotets Participats who use persoal pages raise more moey! Bike MS $883 v.
More informationBike MS: 2014 Participant Center guide
Bike MS: 2014 Participat Ceter guide bikems.org 1 Table of Cotets Why Use Olie Fudraisig Tools... 2 Participat Ceter... 3 Guide to Olie Fudraisig... 3 Edit Persoal Page... 5 Address Book... 7 Email Messages...
More informationGuide to Applying Online
Guide to Applyig Olie Itroductio Respodig to requests for additioal iformatio Reportig: submittig your moitorig or ed of grat Pledges: submittig your Itroductio This guide is to help charities submit their
More informationWeb Application Security
CS 155 Sprig 2017 Web Applicatio Security Joh Mitchell Lecture outlie Itroductio Commad ijectio Three mai vulerabilities ad defeses SQL ijectio (SQLi) Cross-site request forgery (CSRF) Cross-site scriptig
More informationBasic allocator mechanisms The course that gives CMU its Zip! Memory Management II: Dynamic Storage Allocation Mar 6, 2000.
5-23 The course that gives CM its Zip Memory Maagemet II: Dyamic Storage Allocatio Mar 6, 2000 Topics Segregated lists Buddy system Garbage collectio Mark ad Sweep Copyig eferece coutig Basic allocator
More informationWeb Application Security
CS 155 Sprig 2016 Web Applicatio Security Joh Mitchell WordPress Vulerabilities Versio Added Title 4.4.1 2016-02-02 WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF) 4.4.1 2016-02-02
More informationWeb Application Security. * Original slides were prepared by John Mitchell
Web Applicatio Security * Origial slides were prepared by Joh Mitchell Goals of web security Safely browse the web Users should be able to visit a variety of web sites, without icurrig harm: w No stole
More informationn Explore virtualization concepts n Become familiar with cloud concepts
Chapter Objectives Explore virtualizatio cocepts Become familiar with cloud cocepts Chapter #15: Architecture ad Desig 2 Hypervisor Virtualizatio ad cloud services are becomig commo eterprise tools to
More informationBIKE MS: 2015 PARTICIPANT CENTER GUIDE
BIKE MS: 2015 PARTICIPANT CENTER GUIDE bikems.org 1 Table of Cotets Why Use Olie Fudraisig Tools... 2 Participat Ceter... 3 Guide to Olie Fudraisig... 3 Edit Persoal Page... 5 Address Book... 7 Email Messages...
More informationMessage Integrity and Hash Functions. TELE3119: Week4
Message Itegrity ad Hash Fuctios TELE3119: Week4 Outlie Message Itegrity Hash fuctios ad applicatios Hash Structure Popular Hash fuctios 4-2 Message Itegrity Goal: itegrity (ot secrecy) Allows commuicatig
More informationMOTIF XF Extension Owner s Manual
MOTIF XF Extesio Ower s Maual Table of Cotets About MOTIF XF Extesio...2 What Extesio ca do...2 Auto settig of Audio Driver... 2 Auto settigs of Remote Device... 2 Project templates with Iput/ Output Bus
More informationPython Programming: An Introduction to Computer Science
Pytho Programmig: A Itroductio to Computer Sciece Chapter 6 Defiig Fuctios Pytho Programmig, 2/e 1 Objectives To uderstad why programmers divide programs up ito sets of cooperatig fuctios. To be able to
More informationWorkflow model GM AR. Gumpy. Dynagump. At a very high level, this is what gump does. We ll be looking at each of the items described here seperately.
Workflow model GM AR Gumpy RM Dyagump At a very high level, this is what gump does. We ll be lookig at each of the items described here seperately. User edits project descriptor ad commits s maitai their
More informationReliable Transmission. Spring 2018 CS 438 Staff - University of Illinois 1
Reliable Trasmissio Sprig 2018 CS 438 Staff - Uiversity of Illiois 1 Reliable Trasmissio Hello! My computer s ame is Alice. Alice Bob Hello! Alice. Sprig 2018 CS 438 Staff - Uiversity of Illiois 2 Reliable
More informationLecture 28: Data Link Layer
Automatic Repeat Request (ARQ) 2. Go ack N ARQ Although the Stop ad Wait ARQ is very simple, you ca easily show that it has very the low efficiecy. The low efficiecy comes from the fact that the trasmittig
More informationElementary Educational Computer
Chapter 5 Elemetary Educatioal Computer. Geeral structure of the Elemetary Educatioal Computer (EEC) The EEC coforms to the 5 uits structure defied by vo Neuma's model (.) All uits are preseted i a simplified
More informationBEA WebLogic Commerce Server. Registration and User Processing Package
BEA WebLogic Commerce Server Registratio ad User Processig Package BEA WebLogic Commerce Server 3.2 Documet Editio 3.2 December 2000 Copyright Copyright 2000 BEA Systems, Ic. All Rights Reserved. Restricted
More informationSecurity of Bluetooth: An overview of Bluetooth Security
Versio 2 Security of Bluetooth: A overview of Bluetooth Security Marjaaa Träskbäck Departmet of Electrical ad Commuicatios Egieerig mtraskba@cc.hut.fi 52655H ABSTRACT The purpose of this paper is to give
More informationComputers and Scientific Thinking
Computers ad Scietific Thikig David Reed, Creighto Uiversity Chapter 15 JavaScript Strigs 1 Strigs as Objects so far, your iteractive Web pages have maipulated strigs i simple ways use text box to iput
More informationWeb Application Security. * Original slides were prepared by John Mitchell
Web Applicatio Security * Origial slides were prepared by Joh Mitchell Goals of web security Safely browse the web Users should be able to visit a variety of web sites, without icurrig harm: w No stole
More informationOracle Server. What s New in this Release? Release Notes
Oracle email Server Release Notes Release 5.2 for Widows NT May 2001 Part No. A90426-01 These release otes accompay Oracle email Server Release 5.2 for Widows NT. They cotai the followig topics: What s
More informationChapter 9. Pointers and Dynamic Arrays. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 9 Poiters ad Dyamic Arrays Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 9.1 Poiters 9.2 Dyamic Arrays Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Slide 9-3
More informationSystem and Software Architecture Description (SSAD)
System ad Software Architecture Descriptio (SSAD) Diabetes Health Platform Team #6 Jasmie Berry (Cliet) Veerav Naidu (Project Maager) Mukai Nog (Architect) Steve South (IV&V) Vijaya Prabhakara (Quality
More information. Written in factored form it is easy to see that the roots are 2, 2, i,
CMPS A Itroductio to Programmig Programmig Assigmet 4 I this assigmet you will write a java program that determies the real roots of a polyomial that lie withi a specified rage. Recall that the roots (or
More informationBAAN IVc/BaanERP. Conversion Guide Oracle7 to Oracle8
BAAN IVc/BaaERP A publicatio of: Baa Developmet B.V. P.O.Box 143 3770 AC Bareveld The Netherlads Prited i the Netherlads Baa Developmet B.V. 1999. All rights reserved. The iformatio i this documet is subject
More informationThe isoperimetric problem on the hypercube
The isoperimetric problem o the hypercube Prepared by: Steve Butler November 2, 2005 1 The isoperimetric problem We will cosider the -dimesioal hypercube Q Recall that the hypercube Q is a graph whose
More informationUsing the Keyboard. Using the Wireless Keyboard. > Using the Keyboard
1 A wireless keyboard is supplied with your computer. The wireless keyboard uses a stadard key arragemet with additioal keys that perform specific fuctios. Usig the Wireless Keyboard Two AA alkalie batteries
More informationRandom Graphs and Complex Networks T
Radom Graphs ad Complex Networks T-79.7003 Charalampos E. Tsourakakis Aalto Uiversity Lecture 3 7 September 013 Aoucemet Homework 1 is out, due i two weeks from ow. Exercises: Probabilistic iequalities
More informationGlobal Support Guide. Verizon WIreless. For the BlackBerry 8830 World Edition Smartphone and the Motorola Z6c
Verizo WIreless Global Support Guide For the BlackBerry 8830 World Editio Smartphoe ad the Motorola Z6c For complete iformatio o global services, please refer to verizowireless.com/vzglobal. Whether i
More informationOne advantage that SONAR has over any other music-sequencing product I ve worked
*gajedra* D:/Thomso_Learig_Projects/Garrigus_163132/z_productio/z_3B2_3D_files/Garrigus_163132_ch17.3d, 14/11/08/16:26:39, 16:26, page: 647 17 CAL 101 Oe advatage that SONAR has over ay other music-sequecig
More informationSession Initiated Protocol (SIP) and Message-based Load Balancing (MBLB)
F5 White Paper Sessio Iitiated Protocol (SIP) ad Message-based Load Balacig (MBLB) The ability to provide ew ad creative methods of commuicatios has esured a SIP presece i almost every orgaizatio. The
More informationn Learn how resiliency strategies reduce risk n Discover automation strategies to reduce risk
Chapter Objectives Lear how resiliecy strategies reduce risk Discover automatio strategies to reduce risk Chapter #16: Architecture ad Desig Resiliecy ad Automatio Strategies 2 Automatio/Scriptig Resiliet
More informationOur Learning Problem, Again
Noparametric Desity Estimatio Matthew Stoe CS 520, Sprig 2000 Lecture 6 Our Learig Problem, Agai Use traiig data to estimate ukow probabilities ad probability desity fuctios So far, we have depeded o describig
More informationAppendix D. Controller Implementation
COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Appedix D Cotroller Implemetatio Cotroller Implemetatios Combiatioal logic (sigle-cycle); Fiite state machie (multi-cycle, pipelied);
More informationData diverse software fault tolerance techniques
Data diverse software fault tolerace techiques Complemets desig diversity by compesatig for desig diversity s s limitatios Ivolves obtaiig a related set of poits i the program data space, executig the
More informationChapter 10. Defining Classes. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 10 Defiig Classes Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 10.1 Structures 10.2 Classes 10.3 Abstract Data Types 10.4 Itroductio to Iheritace Copyright 2015 Pearso Educatio,
More informationWeb Security: XSS; Sessions
Web Security: XSS; Sessions CS 161: Computer Security Prof. Raluca Ada Popa Mar 22, 2018 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh SQL Injection
More informationSharing Collections. Share a Collection via . Share a Collection via Google Classroom. Quick Reference Guide
Quick Referece Guide Share a Collectio via Email Sharig your collectio with others is a great way to collaborate. You ca easily sed a lik to your colleagues, studets, classmates ad frieds. Recipiets do
More informationCMSC Computer Architecture Lecture 12: Virtual Memory. Prof. Yanjing Li University of Chicago
CMSC 22200 Computer Architecture Lecture 12: Virtual Memory Prof. Yajig Li Uiversity of Chicago A System with Physical Memory Oly Examples: most Cray machies early PCs Memory early all embedded systems
More informationUsing VTR Emulation on Avid Systems
Usig VTR Emulatio o Avid Systems VTR emulatio allows you to cotrol a sequece loaded i the Record moitor from a edit cotroller for playback i the edit room alog with other sources. I this sceario the edit
More informationCopyright 2016 Ramez Elmasri and Shamkant B. Navathe
Copyright 2016 Ramez Elmasri ad Shamkat B. Navathe CHAPTER 20 Itroductio to Trasactio Processig Cocepts ad Theory Copyright 2016 Ramez Elmasri ad Shamkat B. Navathe Itroductio Trasactio Describes local
More informationAnnouncements. Reading. Project #4 is on the web. Homework #1. Midterm #2. Chapter 4 ( ) Note policy about project #3 missing components
Aoucemets Readig Chapter 4 (4.1-4.2) Project #4 is o the web ote policy about project #3 missig compoets Homework #1 Due 11/6/01 Chapter 6: 4, 12, 24, 37 Midterm #2 11/8/01 i class 1 Project #4 otes IPv6Iit,
More informationMath Section 2.2 Polynomial Functions
Math 1330 - Sectio. Polyomial Fuctios Our objectives i workig with polyomial fuctios will be, first, to gather iformatio about the graph of the fuctio ad, secod, to use that iformatio to geerate a reasoably
More informationChapter 1. Introduction to Computers and C++ Programming. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 1 Itroductio to Computers ad C++ Programmig Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 1.1 Computer Systems 1.2 Programmig ad Problem Solvig 1.3 Itroductio to C++ 1.4 Testig
More information15-859E: Advanced Algorithms CMU, Spring 2015 Lecture #2: Randomized MST and MST Verification January 14, 2015
15-859E: Advaced Algorithms CMU, Sprig 2015 Lecture #2: Radomized MST ad MST Verificatio Jauary 14, 2015 Lecturer: Aupam Gupta Scribe: Yu Zhao 1 Prelimiaries I this lecture we are talkig about two cotets:
More informationSchema for the DCE Security Registry Server
Schema for the Security egistry Server Versio Date: 0/20/00 For questios or commets cocerig this documet, sed a email ote to dce-ldap@opegroup.org or call Doa Skibbie at 52 838-3896. . Itroductio...3 2.
More informationBasic Design Principles
+ Basic Desig Priciples + Assigmet 2: Your studet web site 1. Baer 2. Your ame 3. Your accout umber 4. A lik to aother web page, preferably oe useful to you i this class 5. A photo, preferably of you 6.
More informationReview: The ACID properties
Recovery Review: The ACID properties A tomicity: All actios i the Xactio happe, or oe happe. C osistecy: If each Xactio is cosistet, ad the DB starts cosistet, it eds up cosistet. I solatio: Executio of
More informationInternet Security: How the Internet works and some basic vulnerabilities. *Slides borrowed from Dan Boneh
Iteret Security: How the Iteret works ad some basic vulerabilities *Slides borrowed from Da Boeh Iteret Ifrastructure ISP Backboe ISP Local ad iterdomai routig TCP/IP for routig ad messagig BGP for routig
More informationCopyright 2016 Ramez Elmasri and Shamkant B. Navathe
Copyright 2016 Ramez Elmasri ad Shamkat B. Navathe CHAPTER 22 Database Recovery Techiques Copyright 2016 Ramez Elmasri ad Shamkat B. Navathe Itroductio Recovery algorithms Recovery cocepts Write-ahead
More informationWeb OS Switch Software
Web OS Switch Software BBI Quick Guide Nortel Networks Part Number: 213164, Revisio A, July 2000 50 Great Oaks Boulevard Sa Jose, Califoria 95119 408-360-5500 Mai 408-360-5501 Fax www.orteletworks.com
More informationIMP: Superposer Integrated Morphometrics Package Superposition Tool
IMP: Superposer Itegrated Morphometrics Package Superpositio Tool Programmig by: David Lieber ( 03) Caisius College 200 Mai St. Buffalo, NY 4208 Cocept by: H. David Sheets, Dept. of Physics, Caisius College
More informationGetting Started. Getting Started - 1
Gettig Started Gettig Started - 1 Issue 1 Overview of Gettig Started Overview of Gettig Started This sectio explais the basic operatios of the AUDIX system. It describes how to: Log i ad log out of the
More informationK-NET bus. When several turrets are connected to the K-Bus, the structure of the system is as showns
K-NET bus The K-Net bus is based o the SPI bus but it allows to addressig may differet turrets like the I 2 C bus. The K-Net is 6 a wires bus (4 for SPI wires ad 2 additioal wires for request ad ackowledge
More informationTRANSACTION MANAGEMENT [CH 16]
Sprig 2017 TRANSACTION MANAGEMENT [CH 16] 4/25/17 CS 564: Database Maagemet Systems; (c) Jigesh M. Patel, 2013 1 Trasactio Maagemet Read (A); Check (A > $25); Pay ($25); A = A 25; Write (A); Yes You Read
More informationArithmetic Sequences
. Arithmetic Sequeces COMMON CORE Learig Stadards HSF-IF.A. HSF-BF.A.1a HSF-BF.A. HSF-LE.A. Essetial Questio How ca you use a arithmetic sequece to describe a patter? A arithmetic sequece is a ordered
More informationParabolic Path to a Best Best-Fit Line:
Studet Activity : Fidig the Least Squares Regressio Lie By Explorig the Relatioship betwee Slope ad Residuals Objective: How does oe determie a best best-fit lie for a set of data? Eyeballig it may be
More informationOptimizing Out-of-band Management
> Techical White Paper Optimizig Out-of-bad Maagemet For Solaris Servers ABOUT UPLOGIX // Uplogix provides eterprise edge maagemet solutios for orgaizatios seekig to reduce the cost ad complexity of maagig
More informationBaan Finance Financial Statements
Baa Fiace Fiacial Statemets Module Procedure UP041A US Documetiformatio Documet Documet code : UP041A US Documet group : User Documetatio Documet title : Fiacial Statemets Applicatio/Package : Baa Fiace
More informationDescriptive Statistics Summary Lists
Chapter 209 Descriptive Statistics Summary Lists Itroductio This procedure is used to summarize cotiuous data. Large volumes of such data may be easily summarized i statistical lists of meas, couts, stadard
More informationPolitecnico di Milano Advanced Network Technologies Laboratory. Internet of Things. Projects
Politecico di Milao Advaced Network Techologies Laboratory Iteret of Thigs Projects 2016-2017 Politecico di Milao Advaced Network Techologies Laboratory Geeral Rules Geeral Rules o Gradig 26/30 are assiged
More informationBGP Attributes and Path Selection. ISP Training Workshops
BGP Attributes ad Path Selectio ISP Traiig Workshops 1 BGP Attributes The tools available for the job 2 What Is a Attribute?... Next Hop AS Path MED...... p Part of a BGP Update p Describes the characteristics
More informationThreads and Concurrency in Java: Part 1
Cocurrecy Threads ad Cocurrecy i Java: Part 1 What every computer egieer eeds to kow about cocurrecy: Cocurrecy is to utraied programmers as matches are to small childre. It is all too easy to get bured.
More informationIn this chapter, you learn the concepts and terminology of databases and
A Itroductio to Database Developmet I this chapter, you lear the cocepts ad termiology of databases ad how to desig the tables that your forms ad reports will use. Fially, you build the actual tables used
More informationModule 8-7: Pascal s Triangle and the Binomial Theorem
Module 8-7: Pascal s Triagle ad the Biomial Theorem Gregory V. Bard April 5, 017 A Note about Notatio Just to recall, all of the followig mea the same thig: ( 7 7C 4 C4 7 7C4 5 4 ad they are (all proouced
More informationThe VSS CCD photometry spreadsheet
The VSS CCD photometry spreadsheet Itroductio This Excel spreadsheet has bee developed ad tested by the BAA VSS for aalysig results files produced by the multi-image CCD photometry procedure i AIP4Wi v2.
More informationWeb Security: Cross-Site Attacks
Web Security: Cross-Site Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin,
More informationThreads and Concurrency in Java: Part 1
Threads ad Cocurrecy i Java: Part 1 1 Cocurrecy What every computer egieer eeds to kow about cocurrecy: Cocurrecy is to utraied programmers as matches are to small childre. It is all too easy to get bured.
More informationWeb Security: Web Application Security [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security [continued] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationPython Programming: An Introduction to Computer Science
Pytho Programmig: A Itroductio to Computer Sciece Chapter 1 Computers ad Programs 1 Objectives To uderstad the respective roles of hardware ad software i a computig system. To lear what computer scietists
More informationUser Guide. Using Caliber Datamart
User Guide Usig Caliber Datamart 11.1.0 Copyright 2013 Micro Focus. All Rights Reserved. Portios Copyright 1998-2009 Borlad Software Corporatio (a Micro Focus compay). All other marks are the property
More informationInternet Security: How the Internet works and some basic vulnerabilities
CS 155 Iteret Security: How the Iteret works ad some basic vulerabilities Da Boeh Iteret Ifrastructure ISP Backboe ISP Local ad iterdomai routig TCP/IP for routig ad messagig BGP for routig aoucemets Domai
More informationCMPT 125 Assignment 2 Solutions
CMPT 25 Assigmet 2 Solutios Questio (20 marks total) a) Let s cosider a iteger array of size 0. (0 marks, each part is 2 marks) it a[0]; I. How would you assig a poiter, called pa, to store the address
More informationAvid Interplay Bundle
Avid Iterplay Budle Versio 2.5 Cofigurator ReadMe Overview This documet provides a overview of Iterplay Budle v2.5 ad describes how to ru the Iterplay Budle cofiguratio tool. Iterplay Budle v2.5 refers
More informationFirewall and IDS. TELE3119: Week8
Firewall ad IDS TELE3119: Week8 Outlie Firewalls Itrusio Detectio Systems (IDSs) Itrusio Prevetio Systems (IPSs) 8-2 Example Attacks Disclosure, modificatio, ad destructio of data Compromise a host ad
More informationNeolane Social Marketing. Neolane v6.1
Neolae Social Marketig Neolae v6.1 This documet, ad the software it describes, are provided subject to a Licese Agreemet ad may ot be used or copied outside of the provisios of the Licese Agreemet. No
More informationFloristic Quality Assessment (FQA) Calculator for Colorado User s Guide
Floristic Quality Assessmet (FQA) Calculator for Colorado User s Guide Created by the Colorado atural Heritage Program Last Updated April 2012 The FQA Calculator was created by Michelle Fik ad Joaa Lemly
More informationIS-IS in Detail. ISP Workshops
IS-IS i Detail ISP Workshops These materials are licesed uder the Creative Commos Attributio-NoCommercial 4.0 Iteratioal licese (http://creativecommos.org/liceses/by-c/4.0/) Last updated 27 th November
More information3D Model Retrieval Method Based on Sample Prediction
20 Iteratioal Coferece o Computer Commuicatio ad Maagemet Proc.of CSIT vol.5 (20) (20) IACSIT Press, Sigapore 3D Model Retrieval Method Based o Sample Predictio Qigche Zhag, Ya Tag* School of Computer
More informationBEA WebLogic Process Integrator
BEA WebLogic Process Itegrator A Compoet of BEA WebLogic Itegratio BEA WebLogic Process Itegrator Studio Olie Help BEA WebLogic Process Itegrator Release 2.0 Documet Editio 2.0 July 2001 Copyright Copyright
More informationLecturers: Sanjam Garg and Prasad Raghavendra Feb 21, Midterm 1 Solutions
U.C. Berkeley CS170 : Algorithms Midterm 1 Solutios Lecturers: Sajam Garg ad Prasad Raghavedra Feb 1, 017 Midterm 1 Solutios 1. (4 poits) For the directed graph below, fid all the strogly coected compoets
More informationChapter 4. Procedural Abstraction and Functions That Return a Value. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 4 Procedural Abstractio ad Fuctios That Retur a Value Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 4.1 Top-Dow Desig 4.2 Predefied Fuctios 4.3 Programmer-Defied Fuctios 4.4
More informationMorgan Kaufmann Publishers 26 February, COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface. Chapter 5
Morga Kaufma Publishers 26 February, 28 COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Chapter 5 Set-Associative Cache Architecture Performace Summary Whe CPU performace icreases:
More informationCS 111: Program Design I Lecture 19: Networks, the Web, and getting text from the Web in Python
CS 111: Program Desig I Lecture 19: Networks, the Web, ad gettig text from the Web i Pytho Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago April 3, 2018 Goals Lear about Iteret Lear about
More informationQuality of Service. Spring 2018 CS 438 Staff - University of Illinois 1
Quality of Service Sprig 2018 CS 438 Staff - Uiversity of Illiois 1 Quality of Service How good are late data ad lowthroughput chaels? It depeds o the applicatio. Do you care if... Your e-mail takes 1/2
More informationSoftware development of components for complex signal analysis on the example of adaptive recursive estimation methods.
Software developmet of compoets for complex sigal aalysis o the example of adaptive recursive estimatio methods. SIMON BOYMANN, RALPH MASCHOTTA, SILKE LEHMANN, DUNJA STEUER Istitute of Biomedical Egieerig
More informationIS-IS for IPv6. ISP Workshops
IS-IS for IPv6 ISP Workshops These materials are licesed uder the Creative Commos Attributio-NoCommercial 4.0 Iteratioal licese (http://creativecommos.org/liceses/by-c/4.0/) Last updated 8 th April 2018
More informationBEA WebLogic Enterprise. Using the WebLogic EJB Deployer
BEA WebLogic Eterprise Usig the WebLogic EJB Deployer WebLogic Eterprise 5.0 Documet Editio 5.0 December 1999 Copyright Copyright 1999 BEA Systems, Ic. All Rights Reserved. Restricted Rights Leged This
More informationCS : Programming for Non-Majors, Summer 2007 Programming Project #3: Two Little Calculations Due by 12:00pm (noon) Wednesday June
CS 1313 010: Programmig for No-Majors, Summer 2007 Programmig Project #3: Two Little Calculatios Due by 12:00pm (oo) Wedesday Jue 27 2007 This third assigmet will give you experiece writig programs that
More informationChapter 4 The Datapath
The Ageda Chapter 4 The Datapath Based o slides McGraw-Hill Additioal material 24/25/26 Lewis/Marti Additioal material 28 Roth Additioal material 2 Taylor Additioal material 2 Farmer Tae the elemets that
More information% Sun Logo for. X3T10/95-229, Revision 0. April 18, 1998
Su Microsystems, Ic. 2550 Garcia Aveue Moutai View, CA 94045 415 960-1300 X3T10/95-229, Revisio 0 April 18, 1998 % Su Logo for Joh Lohmeyer Chairperso, X3T10 Symbios Logic Ic. 1635 Aeroplaza Drive Colorado
More informationSolution printed. Do not start the test until instructed to do so! CS 2604 Data Structures Midterm Spring, Instructions:
CS 604 Data Structures Midterm Sprig, 00 VIRG INIA POLYTECHNIC INSTITUTE AND STATE U T PROSI M UNI VERSI TY Istructios: Prit your ame i the space provided below. This examiatio is closed book ad closed
More informationGAAFR. Supplement. Now Available. Covering: pronouncements: Statement Nos. 67, 68, 69, and 70
Govermet Fiace Officers Associatio Now Available i both E-BOOK ad PRINT form GAAFR Govermetal Accoutig, Auditig ad Fiacial Reportig Supplemet Coverig: GASB s four ew prooucemets: Statemet Nos. 67, 68,
More information