Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
2 Pages
SmartCookies-proposal
Course: ECE 1776, Fall 2009School: Toledo
Rating:
Word Count: 827
Document Preview
Cookies: Smart The Unstealable Authentication Cookie Andrew Miklas, Shvetank Jain October 1, 2006 The web has become a new, highly interactive medium. Many modern websites provide their users with the opportunity to alter their content in some way. This trend is especially evident in Wikis, where users are encouraged to collaboratively edit pages if they have something to add. Blogs and online forums are another...
Unformatted Document Excerpt
Coursehero >> Ohio >> Toledo >> ECE 1776Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Cookies: Smart The Unstealable Authentication Cookie
Andrew Miklas, Shvetank Jain October 1, 2006
The web has become a new, highly interactive medium. Many modern websites provide their users with the opportunity to alter their content in some way. This trend is especially evident in Wikis, where users are encouraged to collaboratively edit pages if they have something to add. Blogs and online forums are another example of sites which encourage their readers to contribute content. Finally, web-based e-mail providers such as GMail and Yahoo can be considered collaborative web-pages in some respects, as ordinary end-users are able to directly inuence the content that is rendered on the mailbox owners browser. <a href="#" onclick="window.location= http://example.com/stole.cgi? text=+escape(document.cookie); return false;">Click here!</a> Figure 1: Sample cross-site cooking attack code [3]
ming environments provide the necessary functions to escape scripts, there have been a number of highprole cases of cookie theft [1, 4]. Another approach explores the eect that each cookie has on the rendering of the page, and concludes that if there are The collaborative web has made a large number no eects, the cookie is unnecessary [2]. While the new applications possible. However, like many other authors dont describe their solution as a method of advances in Internet development, it has also cre- preventing cookie theft, it is possible that some of ated a number of security issues, including cross- their techniques could be adapted in order to detect site cooking. This attack, itself a special case of and prevent cookie theft. However, this system is cross-site scripting, allows a malicious user to re- relatively heavy-weight, and does not guarantee that trieve cookies from another users browser set by a cookies cannot be stolen. We propose a new type of cookie to be used for domain the he does not control. In order to capture authentication. These smart cookies use asymmetthe cookies, the attacker simply has to ensure that his script is rendered by the clients browser when he ric encryption as the basis for authentication, rather visits the domain for which the cookies are desired. than the shared-secret approach employed by tradiThe attack does not involve exploiting a bug in the tional cookies. The enrolment phase, corresponding users browser; in fact, the attack can be as simple to the set-cookie HTTP header with ordinary cookas the one shown in Figure 1. Since websites will ies, proceeds as follows: frequently accept a cookie containing a session as ID 1. Server: Request Smart Cookie proof that the user is authenticated, this attack allows a malicious user to gain unauthorized access to 2. Client: Generate public/private key pair, and a service. send the server the public half. An obvious x would be to require interactive websites to carefully escape all user-provided content so that client browsers do not execute untrusted scripts. However, even though many popular web program1 3. Server: Store the public half as the session ID The verication phase, corresponding to the cookie HTTP header, proceeds as follows:
1. Server: Generate a nonce
[3] Wikipedia. HTTP cookie, 2006. http://en. wikipedia.org/wiki/HTTP cookie.
2. Client: Encrypt the nonce with the private key, [4] S. B. Youssef. Hotmail/MSN cookie theft and send the result back to the server. advisory, 2006. http://lists.grok.org.uk/ 3. Server: Decrypt the signed nonce with the pubpipermail/full-disclosure/2006-February/ lic key on le, and verify that it matches the 042518.html. transmitted nonce. Smart cookies have the same domain-based access restrictions and expiration semantics as ordinary cookies. However, note that the private key component of a smart cookie never leaves the clients browser. Therefore, while the browser may wish to provide indirect access to the private key via a sign Javascript method, it should not provide scripts the ability to read the private key directly. In fact, no component of the browser that can be inuenced by downloaded code should be allowed to access the private key. Since the key canno...
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Toledo - ECE - 452
ECE452Computer Architecture Assignment 2: Dynamic Branch PredictionOctober 27, 20051. ObjectiveThe objective of this assignment is to investigate the performance of the dynamic branch prediction schemes. All work on this assignment is to be do
East Los Angeles College - GEOG - 5061
GEOG5061M: GIS and GeocomputationPRACTICAL PROJECT ASSIGNMENT DETAILS Using individual-based models to simulate complex geographical systemsTO COMPLETE THIS ASSIGNMENT YOU WILL NEED TO HAVE COMPLETED THE STARLOGO PRACTICAL.Agent- or individual-b
Toledo - ECE - 241
Last Name_Student Number_University of Toronto Faculty of Applied Science and Engineering Department of Electrical and Computer Engineering Midterm ExaminationECE 241F - Digital Systems Tuesday October 11, 2005, 6:00 7:30 pm Duration: 90 minutes
Toledo - ECE - 241
Chapter 2Examples of Solved ProblemsThis section presents some typical problems that the student may encounter, and shows how such problems can be solved. In addition to the identities given in Section 2.5, these examples also use an identity know
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 1 NotesArtificial Intelligence and GeocomputationThe aims of this unit are to: explain why AI is important to geography and GIS look at the history of AI and its main components define geocomputation and introd
Toledo - ECE - 241
ECE241F - Digital SystemsUniversity of TorontoLab 3: Logic Optimization, 7-Segment Displays and Incremental Design1. IntroductionThe purpose of this laboratory is to gain experience in manual logic optimization, and to use this to design a circu
Toledo - ECE - 241
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 2 PracticalNeural Networks 1 IntroductionIn this practical you will learn to train a neural network on two different types of datasets and then use the trained model to make predictions. We will use NPREDICT as
Toledo - ECE - 241
ECE241 - Digital SystemsUniversity of TorontoLab 2: Introduction Computer-Aided Design Software, the DE2 Board and Simple Logic 1. IntroductionThe purpose of this exercise is to introduce the software tools and hardware that are used in the labs f
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 3 PracticalFuzzy Logic 1 IntroductionIn this practical you will examine some output from a fuzzy clustering algorithm. With all crisp or hard classifications, complete membership is allowed in only one cluster.
Toledo - ECE - 241
Recommended Design Techniques for ECE241 Project Franjo Plavec Department of Electrical and Computer Engineering University of Toronto DISCLAIMER: The information contained in this document does NOT contain official grading policy. The information pr
East Los Angeles College - GEOG - 5061
Geog5061M GIS and GeocomputationGenetic ProgrammingThe aims of this unit are to: provide an introduction to genetic programming show you what geographical applications exist help you to contrast genetic programming and genetic algorithmsOn com
Toledo - ECE - 241
Chapter 4Examples of Solved ProblemsThis section presents some typical problems that the student may encounter, and shows how such problems can be solved. Example 4.1 Problem: Determine the minimum-cost SOP and POS expressions for the function f (
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 2 NotesCellular AutomataThe aims of this unit are to cover the following: the development of cellular automata how cellular automata are constructed the Game of Life applications of cellular automata in geograp
Toledo - ECE - 241
ECE241 - Digital SystemsUniversity of TorontoLab 7: Complex State Machines and Video Graphics Array (VGA) Display1. IntroductionThe purpose of this laboratory is to further expand your understanding of nite state machines (FSMs) and to learn how
Toledo - ECE - 241
Digital Logic Scope Tutorial for the BA31XX Labs.November 12, 2006 Andrew Ling aling@eecg.toronto.eduNote to readersThis provides a brief tutorial of the logic scope found in the BA31XX digital logic labs. The intended audience are students who
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 4 NotesMicrosimulationThe aims of this unit are to: investigate the data generation process of microsimulation consider the background and reasons for the evolution of microsimulation techniques review case stu
Toledo - ECE - 241
Chapter 3Examples of Solved Problems for Chapter 3, 5, 6, 7, and 8This document presents some typical problems that the student may encounter, and shows how such problems can be solved. Note that the numbering of examples below is taken from the 2
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 2 NotesNeural NetworksThe aims of this unit are to: present the historical background in the development of neural networks outline the structure and functioning of supervised and unsupervised neural networks d
Toledo - ECE - 241
ECE241 - Digital SystemsUniversity of TorontoLab 4: Latches, Flip-ops and Registers1. IntroductionThe purpose of this laboratory exercise is to investigate latches, ip-ops and registers. In addition, you will be introduced to a new debugging too
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 5 NotesNeural NetworksThe aims of this unit are to: present the historical background in the development of neural networks outline the structure and functioning of supervised and unsupervised neural networks d
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 4 NotesExpert SystemsThe aims of this unit are to cover the following: the main components of an expert system and how knowledge is acquired early examples of expert systems expert system applications on the we
Toledo - ECE - 241
University of Toronto Department of Electrical and Computer Engineering Faculty of Applied Science and Engineering Final Examination - December 8, 1998 Second Year - Programs 7 and 9 ECE241 - Digital Systems Examiners: S.D. Brown and J.S. Rose EXAM T
Toledo - ECE - 241
Last Name_Student Number_University of Toronto Faculty of Applied Science and Engineering Department of Electrical and Computer Engineering Midterm ExaminationECE 241F - Digital Systems Wednesday October 13, 2004, 6:00pm Duration: 90 minutes Exami
Toledo - ECE - 241
University of Toronto Department of Electrical and Computer EngineeringECE241- Digital SystemsMidterm Examination October 1999Last Name: First Name: Student Number:Signature:Duration: 1.5 Hours No aids permitted. Answer ALL questions on thi
Toledo - ECE - 241
University of Toronto Faculty of Applied Science and Engineering Final ExaminationECE 241S - Digital Systems 2003 Examiner: Belinda Wang, Jianwen Zhu Duration: 2.5 HoursANSWER QUESTIONS ON THESE SHEETS, USING THE BACKS IF NECESSARY. 1. No calculat
Toledo - ECE - 241
Last Name_Student Number_Last Name_Student Number_ [5] Q1. For the below circuit, write the minimal sum of products form of the logic function of f1 and f2 in terms of x1, x2, and x3.University of Toronto Faculty of Applied Science and Engineerin
Toledo - ECE - 241
ECE 298/241 Digital Systems Project 2006Jonathan Rose Course Coordinator, ECE 241Project #2 in ECE 298In previous years, this was a 3 week project in ECE 241 We decided to move the 241 project into ECE 298 To reduce your workload (rather than h
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 2 NotesNeural NetworksThe aims of this unit are to: present the historical background in the development of neural networks outline the structure and functioning of supervised and unsupervised neural netwo
Toledo - ECE - 241
University of Toronto Faculty of Applied Science and Engineering Final ExaminationECE 241S - Digital Systems Examiner: Belinda Wang, Jianwen Zhu 2:00 - 4:30pm, April 26th, 2004 Duration: 150 minutes (2.5 hours)ANSWER QUESTIONS ON THESE SHEETS, USIN
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 5 PracticalStarLogoStarLogo is a program that can be used to build and experiment with complex systems. You will be using this for the practical project assessment should you choose to do this one. This practic
Toledo - ECE - 241
Last Name_Student Number_Last Name_Student Number_ [5] Q1. Is the following Boolean equality correct? Answer yes or no, and then use Boolean algebra to prove or disprove it.x y + y z + y z = xz + y z + y zUniversity of Toronto Faculty of Applied
Toledo - ECE - 241
Labs Student L1 L2 L3 L4 L5 L6 L7 Lab Total Project Midterm Number P S P S P S P S P S P S P S /42 /30 /50 971347030
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 4 NotesMicrosimulationThe aims of this unit are to: investigate the data generation process of microsimulation consider the background and reasons for the evolution of microsimulation techniques review case
Neumont - EN - 1983
Supreme Court of Canada Roberge v. The Queen, [1983] 1 S.C.R. 312 Date: 1983-03-24 Jean Roberge Appellant; and Her Majesty The Queen Respondent.File No.: 16711. 1982: May 10; 1983: March 24. Present: Ritchie, Beetz, Estey, McIntyre, Chouinard, Lamer
Neumont - CSC - 1983
Supreme Court of Canada Roberge v. The Queen, [1983] 1 S.C.R. 312 Date: 1983-03-24 Jean Roberge Appellant; and Her Majesty The Queen Respondent.File No.: 16711. 1982: May 10; 1983: March 24. Present: Ritchie, Beetz, Estey, McIntyre, Chouinard, Lamer
Toledo - ECE - 241
University of TorontoDepartment of Electrical and Computer EngineeringECE241- Digital SystemsMidterm Examination October 9, 1997Last Name:First Name:Student Number:Signature:Duration: 1 Hour 1 2 3 4 5 /23 TOTAL: /55 /10 /9 /6 /7EXAM
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 3 PracticalFuzzy Logic 1 IntroductionIn this practical you will examine some output from a fuzzy clustering algorithm. With all crisp or hard classifications, complete membership is allowed in only one cluster.
Toledo - ECE - 1387
University of Toronto, Faculty of Applied Science and Engineering Department of Electrical and Computer Engineering ECE 1387S - CAD for Digital Circuit Synthesis and Layout Handout #12Exercise #2 Using SIS - The Berkeley Sequential/Combinational Lo
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 1 NotesArtificial Intelligence and GeocomputationThe aims of this unit are to: explain why AI is important to geography and GIS look at the history of AI and its main components define geocomputation and in
Toledo - ECE - 1387
University of Toronto, Faculty of Applied Science and Engineering Department of Electrical and Computer Engineering ECE 1387F - CAD for Digital Circuit Synthesis and Layout September 1999 Handout #5 J. RoseGraphics Package for X11 and PostScript Di
East Los Angeles College - GEOG - 5061
Geog5061M GIS and GeocomputationExpert SystemsThe aims of this unit are to: understand the composition and inputs to an Expert System review potential applications and case studies consider the relationships between Expert Systems and Artificia
Toledo - ECE - 241
University of Toronto, Department of Electrical and Computer EngineeringECE241F - Digital Systems - Course OutlineFall 1999 Goals understand basic digital logic circuit design and concepts become comfortable with CAD tools in design hands-on ex
Neumont - EN - 1921
Neumont - CSC - 1921
Toledo - ECE - 241
University of Toronto, Department of Electrical and Computer EngineeringECE241F - Digital Systems - Lab 4 Sequential Logic and Hierarchical DesignFall 1999 1.0 Purpose The purpose of this lab is to learn about the basic operation of sequential log
Neumont - EN - 1970
R.C.SSILLERYCANADIAN PETROFINAetal533City of Sifiery and Canadian ited LesDefendantAppellantPetrofina Ptroles ShellLimitedImperial LawrenceOilLimIncStTankersLimitedLimited andLimited andTheCanada Limited Texac
Neumont - CSC - 1970
R.C.SSILLERYCANADIAN PETROFINAetal533City of Sifiery and Canadian ited LesDefendantAppellantPetrofina Ptroles ShellLimitedImperial LawrenceOilLimIncStTankersLimitedLimited andLimited andTheCanada Limited Texac
East Los Angeles College - GEOG - 5061
IntroductoryStarLogoTutorialAdaptedfromthematerialsby: StarLogoDevelopmentTeam,MITMediaLab,AlanEpsteinandRebekahWahba StarLogo is a program that can be used to build and experiment with complex systems.Youwillbeusingthisfortheindividual
Toledo - ECE - 241
University of Toronto, Department of Electrical and Computer EngineeringECE241F - Digital Systems - Lab 5 Adders and RegistersFall 1999 1.0 Purpose The purpose of this lab is to introduce the logic needed to create an adder, and use it in combinat
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 5 NotesNeural NetworksThe aims of this unit are to: present the historical background in the development of neural networks outline the structure and functioning of supervised and unsupervised neural networ
Toledo - ECE - 241
University of Toronto, Department of Electrical and Computer EngineeringECE241F - Digital Systems - Lab 1 Introduction to Lab Equipment and Combinational Logic with TTLFall 1999 ATTACHMENT: Pin-out Diagrams for TTL Chips 1.0 Introduction to the Di
East Los Angeles College - GEOG - 5061
Geog5061M GIS and Geocomputation Unit 2 NotesCellular AutomataThe aims of this unit are to cover the following: the development of cellular automata how cellular automata are constructed the Game of Life applications of cellular automata in ge
Toledo - ECE - 1387
VPR and VPACK Users Manual (Version 3.99a)nds all the relevant libraries on your machine.number generator should be called by VPR, as not all machines have the same random number libraries. Finally, you may want to change the line FLAGS = -O2 to s
East Los Angeles College - GEOG - 5061
A table from my thesis:Table 7.2: Residual standard deviations and null model results for different spatial interaction models Model type Spatial interaction model Power Exponential Tanner function Weibull function March function Neural network (Ope
Neumont - EN - 1958
Neumont - CSC - 1958
Toledo - ECE - 241
University of Toronto, Department of Electrical and Computer EngineeringECE241F - Digital Systems - Lab 7 Complex Finite State Machine, Modules and HandshakingFall 1999 1.0 Purpose The purpose of this lab is to gain experience with state machines
Neumont - EN - 1964
Supreme Court of Canada Canadian Admiral Corp. Ltd. v. L.F. Dommerich & Co. Inc., [1964] S.C.R. 238 Date: 1964-01-28 Canadian Admiral Corporation Ltd. (Defendant) Appellant; and L.F. Dommerich & Company Incorporated (Plaintiff) Respondent.1963: Octo
Neumont - CSC - 1964
Supreme Court of Canada Canadian Admiral Corp. Ltd. v. L.F. Dommerich & Co. Inc., [1964] S.C.R. 238 Date: 1964-01-28 Canadian Admiral Corporation Ltd. (Defendant) Appellant; and L.F. Dommerich & Company Incorporated (Plaintiff) Respondent.1963: Octo
Toledo - ECE - 241
University of Toronto, Department of Electrical and Computer EngineeringECE241F - Digital Systems - Basic Course InformationFall 1999 Instructor and Lecture Information Section Instructor: Ofce: Phone: Email: Home Page: Ofce Hours Tues 9-10 Lectur