The Experts below are selected from a list of 2401098 Experts worldwide ranked by ideXlab platform
Tzicker Chiueh - One of the best experts on this subject based on the ideXlab platform.
-
Dynamic Multi-Process Information Flow Tracking for Web Application Security
2008Co-Authors: Susanta N, Lap-chung Lam, Tzicker ChiuehAbstract:Abstract. Although there is a large body of research on detection and prevention of such memory corruption attacks as buffer overflow, integer overflow, and format string attacks, the web application security problem receives relatively less attention from the research community by comparison. The majority of web application security problems originate from the fact that web applications fail to perform sanity checks on inputs from the network that are eventually used as operands of securitysensitive operations. Therefore, a promising approach to this problem is to apply proper checks on tainted portions of the operands used in security-sensitive operations, where a byte is tainted if it is data/control dependent on some network packet(s). This paper presents the design, implementation and evaluation of a dynamic checking compiler called WASC, which automatically adds checks into web applications used in three-tier internet services to protect them from the most common two types of web application attacks: SQL- and script-injection attack. In addition to including a taint analysis infrastructure for multi-Process and multi-language applications, WASC features the use of SQL and HTML parsers to defeat evasion techniques that exploit interpretation differences between attack detection engines and target applications. Experiments with a fully operational WASC prototype show that it can indeed stop all SQL/script injection attacks that we have tested. Moreover, the end-to-end latency penalty associated with the checks inserted by WASC is less than 30 % for the test web applications used in our performance study. Key words: web application security, dynamic checking compiler, SQL injection, Cross-site scripting, taint analysis, Information flow tracking
-
dynamic multi Process Information flow tracking for web application security
ACM IFIP USENIX international conference on Middleware, 2007Co-Authors: Susanta Nanda, Tzicker ChiuehAbstract:Although there is a large body of research on detection and prevention of such memory corruption attacks as buffer overflow, integer overflow, and format string attacks, the web application security problem receives relatively less attention from the research community by comparison. The majority of web application security problems originate from the fact that web applications fail to perform sanity checks on inputs from the network that are eventually used as operands of security-sensitive operations. Therefore, a promising approach to this problem is to apply proper checks on tainted portions of the operands used in security-sensitive operations, where a byte is tainted if it is data/control dependent on some network packet(s). This paper presents the design, implementation and evaluation of a dynamic checking compiler called WASC, which automatically adds checks into web applications used in three-tier internet services to protect them from the most common two types of web application attacks: SQL- and script-injection attack. In addition to including a taint analysis infrastructure for multi-Process and multi-language applications, WASC features the use of SQL and HTML parsers to defeat evasion techniques that exploit interpretation differences between attack detection engines and target applications. Experiments with a fully operational WASC prototype show that it can indeed stop all SQL/script injection attacks that we have tested. Moreover, the end-to-end latency penalty associated with the checks inserted by WASC is less than 30% for the test web applications used in our performance study.
Manfred Reichert - One of the best experts on this subject based on the ideXlab platform.
-
a framework for the intelligent delivery and user adequate visualization of Process Information
ACM Symposium on Applied Computing, 2013Co-Authors: Markus Hipp, Bela Mutschler, Bernd Michelberger, Manfred ReichertAbstract:A continuously increasing amount of data makes it difficult for knowledge-workers to identify the Information they need to perform their tasks in the best possible way. Particularly challenging in this context is the alignment of Process-related Information (e.g., working instructions, best practices) with business Processes. In fact, Process-related Information (Process Information for short) and business Processes are usually handled separately. On one hand, shared drives, databases, and Information systems are used to manage Process Information, on the other, Process management technology provides the basis for managing business Processes. In practice, enterprises often establish (Intranet) portals to connect both perspectives. However, such portals are not sufficient. Reasons are that Process Information is usually delivered without considering the current work context and business Processes are presented to Process participants in a rather static manner. Therefore, enterprises crave for new ways of making Process Information available. This paper picks up this challenge and presents the niPRO framework. niPRO is based on semantic technology and enables the intelligent delivery and user-adequate visualization of comprehensive Process Information.
-
a context framework for Process oriented Information logistics
Business Information Systems, 2012Co-Authors: Bernd Michelberger, Bela Mutschler, Manfred ReichertAbstract:A continuously increasing data overload makes it a challenging task for knowledge-workers and decision-makers to quickly identify relevant Information, i.e., Information they need when executing business Processes. To tackle this challenge, Process-oriented Information logistics is a promising approach. The basic idea is to provide the right Process Information, in the right format and quality, at the right place, at the right point in time, and to the right people. To achieve this, it becomes particularly important to take the work context of Process participants into account. In fact, knowing and utilizing context Information is a prerequisite to effectively provide relevant Process Information to Process participants. This paper provides a sophisticated context framework for enabling context-awareness in Process-oriented Information logistics.
Ted O'leary - One of the best experts on this subject based on the ideXlab platform.
-
How analysts Process Information: technical and financial disclosures in the microProcessor industry
LSE Research Online Documents on Economics, 2015Co-Authors: Elena Beccalli, Peter Miller, Ted O'learyAbstract:Following Bradshaw (‘Analyst Information Processing, financial regulation, and academic research’ [2009], and Analysts' forecasts: What do we know after decades of work? [2011]), this paper examines how analysts Process Information, particularly in an Information environment characterised by multiple and potentially complementary Information sources. The setting is the microProcessor industry, one in which technical Information is particularly significant and complex to digest. Based on 3837 analyst earnings-forecast revisions, issued by 134 analysts, we examine quantitatively the speed, magnitude, and Information content of the reactions of individual analysts and subgroups of analysts to both periodic and timely technical disclosures, and as a complement to periodic financial disclosure. We find that analysts are much slower to react to timely technical disclosures than they are to periodic financial disclosures. We find also that technical and financial disclosures complement each other. Furthermore, we find that there is a ‘hierarchy’ of analysts in this particular industry, as evidenced through the strength of reaction to timely technical disclosures. Finally, we find that lower speed in reacting to timely technical disclosures and a higher intensity in the use of timely technical disclosure (in conjunction with periodic financial disclosure) result in greater accuracy, and that more experienced analysts tend to be less accurate. We suggest that the findings may have implications for other industries such as Bio-Tech Pharma.
-
How Analysts Process Information: Technical and Financial Disclosures in the MicroProcessor Industry
European Accounting Review, 2014Co-Authors: Elena Beccalli, Peter Miller, Ted O'learyAbstract:AbstractFollowing Bradshaw (‘Analyst Information Processing, financial regulation, and academic research’ [2009], and Analysts' forecasts: What do we know after decades of work? [2011]), this paper examines how analysts Process Information, particularly in an Information environment characterised by multiple and potentially complementary Information sources. The setting is the microProcessor industry, one in which technical Information is particularly significant and complex to digest. Based on 3837 analyst earnings-forecast revisions, issued by 134 analysts, we examine quantitatively the speed, magnitude, and Information content of the reactions of individual analysts and subgroups of analysts to both periodic and timely technical disclosures, and as a complement to periodic financial disclosure. We find that analysts are much slower to react to timely technical disclosures than they are to periodic financial disclosures. We find also that technical and financial disclosures complement each other. Furthe...
-
How Analysts Process Information: Technical and Financial Disclosures in the MicroProcessor Industry
2014Co-Authors: Elena Beccalli, Peter Miller, Ted O'learyAbstract:Following Bradshaw (2009, 2011), this paper examines how analysts Process Information, particularly in an Information environment characterised by multiple and potentially complementary Information sources. The setting is the microProcessor industry, one in which technical Information is particularly significant and complex to digest. Based on 3,837 analyst earnings-forecast revisions, issued by 134 analysts, we examine quantitatively the speed, magnitude, and Information content of the reactions of individual analysts and sub-groups of analysts to both periodic and timely technical disclosures, and as a complement to periodic financial disclosure. We find that analysts are much slower to react to timely technical disclosures than they are to periodic financial disclosures. We find also that technical and financial disclosures complement each other. Further, we find that there is a ‘hierarchy’ of analysts in this particular industry, as evidenced through the strength of reaction to timely technical disclosures. Finally, we find that lower speed in reacting to timely technical disclosures and a higher intensity in the use of timely technical disclosure (in conjunction with periodic financial disclosure) result in greater accuracy, and that more experienced analysts tend to be less accurate. We suggest that the findings may have implications for other industries such as Bio-Tech Pharma.
Carol Collier Kuhlthau - One of the best experts on this subject based on the ideXlab platform.
-
inside the search Process Information seeking from the user s perspective
Journal of the Association for Information Science and Technology, 1991Co-Authors: Carol Collier KuhlthauAbstract:The article discusses the users’ perspective of Information seeking. A model of the Information search Process is presented derived from a series of five studies investigating common experiences of users in Information seeking situations. The cognitive and affective aspects of the Process of Information seeking suggest a gap between the users’ natural Process of Information use and the Information system and intermediaries’ traditional patterns of Information provision.
Susanta Nanda - One of the best experts on this subject based on the ideXlab platform.
-
dynamic multi Process Information flow tracking for web application security
ACM IFIP USENIX international conference on Middleware, 2007Co-Authors: Susanta Nanda, Tzicker ChiuehAbstract:Although there is a large body of research on detection and prevention of such memory corruption attacks as buffer overflow, integer overflow, and format string attacks, the web application security problem receives relatively less attention from the research community by comparison. The majority of web application security problems originate from the fact that web applications fail to perform sanity checks on inputs from the network that are eventually used as operands of security-sensitive operations. Therefore, a promising approach to this problem is to apply proper checks on tainted portions of the operands used in security-sensitive operations, where a byte is tainted if it is data/control dependent on some network packet(s). This paper presents the design, implementation and evaluation of a dynamic checking compiler called WASC, which automatically adds checks into web applications used in three-tier internet services to protect them from the most common two types of web application attacks: SQL- and script-injection attack. In addition to including a taint analysis infrastructure for multi-Process and multi-language applications, WASC features the use of SQL and HTML parsers to defeat evasion techniques that exploit interpretation differences between attack detection engines and target applications. Experiments with a fully operational WASC prototype show that it can indeed stop all SQL/script injection attacks that we have tested. Moreover, the end-to-end latency penalty associated with the checks inserted by WASC is less than 30% for the test web applications used in our performance study.
