Attack Presented by: Vinuthna Nalluri and Brett Parker.

Slides:



Advertisements
Similar presentations
Minnesota Registration and Certification (MR & C) History of Electronic systems January 1, 2010.
Advertisements

It will blow you away..... Click to proceed......
Content 15.1 Basic features Types of database Data structures 15.2 Creating a database Screen layout Entering data Editing data 15.3 Displaying data Searching.
The Historical Investigation The York School
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Page 1 Auto RDD Usability Test Results | February 2015 Auto-RDD Usability Test Results Conducted by Jayne Schurick Usability Consultant
Access Lesson 2 Creating a Database
Engineering Village ™ ® Basic Searching On Compendex ®
Getting Started Position Papers. Getting Started w Goal: Create a persuasive position paper that makes clear claims supported by good reasons and credible.
1 Case Study: Starting the Student Registration System Chapter 3.
NJIT Inception is not the Requirements Phase Chapter 4 Applying UML and Patterns Craig Larman.
Assignment 2 Case Study. Criteria Weightage - 60 % Due Date – 11 th October 2012 Length of Analysis – 2500 words Leverage % including appendices,
CIAO Columbia International Affairs Online A Wealth of Information in International Affairs.
PDS4 Phoenix Beta Review Lynn D. V. Neakrase Atmospheres Node.
Our Focus is YOU! Getting Started with Resume Generator Plus If you are a first time Resume Generator Plus user: you will begin by going to the Employment.
Regal Web Booking Engine Group Booking User Guide.
English GCSE Revision. Section A - Reading There are essentially 5 reading questions as Q1 has two parts. You are being tested on your reading, not your.
CHAPTER 3: DEVELOPING LITERATURE REVIEW SKILLS
No, Thanks, I’ll Use a Spreadsheet
Using Internet Information Effectively in Marketing Floyd Memorial Library Greenport, NY Nov. 7, 2011.
Consider the types of sources valued in your discipline: Primary sources? Books (how vetted?) Journals – peer review?
©2009 Excel Experts. All rights reservedJune Johannesburg, South Africa Introduction An.
Moodle (Course Management Systems). Assignments 1 Assignments are a refreshingly simple method for collecting student work. They are a simple and flexible.
Using Common Sense Reasoning to Create Intelligent Mobile Applications Software Agents Group MIT Media Lab.
Usability Issues Documentation J. Apostolakis for Geant4 16 January 2009.
Focus on Informational Text (shared responsibility) GradeLiteraryInformational 450% 845%55% 1230%70% Source: National Assessment Governing Board. (2008).
Research on the Interaction Between Human and Machines University of Houston-Clear Lake Tasha Y. David.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Writing a Negotiation Proposal Objectives: Objectives:  To learn to write effectively as a group  To learn to write an effective solution proposal 
Equipment User Manual Technical Writing Yasir Jan College of EME.
Access 2013 Microsoft Access 2013 is a database application that is ideal for gathering and understanding data that’s been collected on just about anything.
Wiki Training: Introduction to Instructor: Zach Silveira (415)
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 3 1 Searching the Web Using Search Engines and Directories Effectively Tutorial.
Styles of Writing Each genre has a specific purpose or goal.
44222: Information Systems Development Documenting a Solution Ian Perry Room:C41C Extension:7287
Attack Tool Repository and Player for ISEAGE May06-11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As.
Access Forms and Queries. Entering Data in Your Table  You can add data to your table in Datasheet view, by typing in the columns and rows.  This.
10-1 Messages: The Good, The Bad, and The Persuasive.
Princess Royal Trust for Carers National Conference at Birmingham 25 th November 2010 Alan Worthington Carer, NMHDP Acute Programme. ‘Do your local MH.
August 2005 TMCOps TMC Operator Requirements and Position Descriptions Phase 2 Interactive Tool Project Presentation.
Topic 5: Basic Security.
Reports & Presentations Go to page 111 of the text.
Prototyping. REVIEW : Why a prototype? Helps with: –Screen layouts and information display –Work flow, task design –Technical issues –Difficult, controversial,
1 Lesson 18 Managing and Reporting Database Information Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
How to Create an Address How to Create a Free Account, Read and Answer your s. Yahoo! provides FREE . To create a free .
Web Information Retrieval Prof. Alessandro Agostini 1 Context in Web Search Steve Lawrence Speaker: Antonella Delmestri IEEE Data Engineering Bulletin.
1 Lesson 8 Editing and Formatting Documents Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Principals of Research Writing. What is Research Writing? Process of communicating your research  Before the fact  Research proposal  After the fact.
Strategies for Effective Argument Problem/Solution.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
2 Software CASE tools state-of-the-art UML modeling Partially automatic code generation Refactoring browsers (occasionally) Context-sensitive search and.
Presentation by Jason Schlemmer. Making the website clear – explain who you are and what you do.
WRITING AN ABSTRACT Science Fair. WHAT SHOULD IT INCLUDE An abstract is an abbreviated version of your science fair project final report. For most science.
CS162 - Topic #10 Lecture: Recursion –The Nature of Recursion –Tracing a Recursive Function –Work through Examples of Recursion Programming Project –Discuss.
Sitecore. Compelling Web Experiences Page 1www.sitecore.net Patrick Schweizer Director of Sales Enablement 2013.
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
Sales logiq Web Design 2.0 The Power of Design Patterns Mike Baxter
 Misreading or miswriting our destination?  Incorrect destination in mind=hopelessly lost  For example, some towns love trees.  You had better carefully.
Making it happen. Executive Summary A brief overview of the entire marketing plan. Address the other topics in the plan along with costs involved in implementing.
SEMINAR ON INTERNET SEARCHING PRESENTED BY:- AVIPSA PUROHIT REGD NO GUIDED BY:- Lect. ANANYA MISHRA.
Start promoting in Manage the marketing process
ECONOMETRICS ii – spring 2018
Web Systems Development (CSC-215)
Access Lesson 2 Creating a Database
CSCI N317 Computation for Scientific Applications Unit 1 – 1 MATLAB
to book studios and more… Quick.
ECU Foundation Xtender Application
Your Project Title (It is YOUR project, not the team's project, not CAM2) Your Name Date.
Presentation transcript:

Attack Presented by: Vinuthna Nalluri and Brett Parker

Typos “For example, a letter entered in a text box affect all the follow-up auto-suggestion contents…”

Purpose Paper is too focused on the existence of the problem of side-channel leaks, but does not contribute enough to solving the problem Problem has been around a long time, and paper has done nothing but explain it Does not offer any significant methods for prevention

Attack cases Give many examples of what an attacker might due, given certain vulnerabilities But, don’t consider many important situations Perhaps attacking these vulnerabilities is not as simple as your paper makes it out to be

Query Word Leaks Discussion is too narrow – not enough examples Show what happens when user types single letters at a time very slowly But what if the user types quickly? Reduces number of AJAX requests, so guessing an entire word or query is not that easy Should have included details about how an attacker might proceed in this type of situation

Query Word Leaks What about personalized suggestions? Previously-searched terms are stored in web history and are automatically suggested at each new search How can an attacker obtain these when there are no AJAX requests for them? Not that easy

OnlineHealth Say that it is easy for an attacker to obtain the auto- suggested search terms for illnesses based on the fact that each character returned is different byte size But, what if all the bytes are made to be the same size? It would make the attack much more difficult

Your argument “We found that mitigation of such side-channel threats is much more difficult than it appears to be, as such an effort often needs to be application-specific” We agree. Also, you say… “…[universal] mitigations are unlikely to be applied in reality due to the uncertainty of their effectiveness…” 

Packet-padding So, why spend the entire second half of the paper discussing universal methods that don’t work (too much overhead)? Also, why dedicate an entire section (appendix) to describing your implementation of a packet-padding prototype? You already argued that it is proven not to work well! If that was your focus, it should have been more in- depth!

Automatic Tools You say that manually finding vulnerabilities in code and implementing mitigation policies is too costly and that automatic tools should be developed for this process Fine. Then why didn’t you include any insight on how this could be done?

Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.