Authors: Bugliesi, Michele | Calzavara, Stefano | Focardi, Riccardo | Khan, Wilayat
Article Type: Research Article
Abstract: Session cookies constitute one of the main attack targets against client authentication on the Web. To counter these attacks, modern web browsers implement native cookie protection mechanisms based on the HttpOnly and Secure flags. While there is a general understanding about the effectiveness of these defenses, no formal result has so far been proved about the security guarantees they convey. With the present paper we provide the first such result, by presenting a mechanized proof of noninterference assessing the robustness of the HttpOnly and Secure cookie flags against both web and network attackers with the ability to perform arbitrary XSS …code injection. We then develop CookiExt , a browser extension that provides client-side protection against session hijacking, based on appropriate flagging of session cookies and automatic redirection over HTTPS for HTTP requests carrying these cookies. Our solution improves over existing client-side defenses by combining protection against both web and network attacks, while at the same time being designed so as to minimise its effects on the user’s browsing experience. Finally, we report on the experiments we carried out to practically evaluate the effectiveness of our approach. Show more
Keywords: Browser security, session cookies, formal methods, noninterference
DOI: 10.3233/JCS-150529
Citation: Journal of Computer Security, vol. 23, no. 4, pp. 509-537, 2015
Authors: Naz, Farah | Kamran, Muhammad | Mehmood, Waqar | Khan, Wilayat | Alkatheiri, Mohammed Saeed | Alghamdi, Ahmed S. | Alshdadi, Abdulrahman A.
Article Type: Research Article
Abstract: The figurative language involving sarcasm on social networks is evolving the way how the humans use computers to communicate. Consequently, artificial intelligence techniques are applied in various scenarios to make the social networking more intelligent - for instance, identification of figurative language. Identifying both literal and non-literal meaning is not easy for a machine and it is hard even for people. Therefore, novel and exact frameworks ready to identify figurative languages are important. In sarcasm detection, this is even more challenging because sarcasm changes the polarity of an evidently positive or negative expression into its inverse. To maintain a distance …for a sarcastic message being comprehended in its unintended actual meaning, in micro-blogging sites, for example messages on Twitter, sarcasm is frequently set apart with a hashtag for example, ’#sarcastic’, '#sarcasm', ’#not’ etc. Moreover, the customer reviews may also contain some element of sarcasm. To contribute to this area, we gathered the data of tweets and reviews from Twitter, thesarcasmdetector.com, and Kaggle and proposed a mechanism for detecting sarcasm automatically using a classifier. A detailed experimental study was also conducted to evaluate the proposed mechanism. The results of this study were quite promising and proved the effectiveness of our approach. Show more
Keywords: Computational semantics, sarcasm detection, intelligent social networking, understanding uncertainty
DOI: 10.3233/JIFS-190596
Citation: Journal of Intelligent & Fuzzy Systems, vol. 37, no. 5, pp. 6815-6828, 2019