Content Security Policy (CSP) is a recent W3C standard introduced to prevent and mitigate the impact of content injection vulnerabilities on websites. In this paper we introduce a formal semantics for the latest stable version of the standard, CSP Level 2. We then perform a systematic, large-scale analysis of the effectiveness of the current CSP deployment, using the formal semantics to substantiate our methodology and to assess the impact of the detected issues. We focus on four key aspects that affect the effectiveness of CSP: browser support, website adoption, correct configuration and constant maintenance. Our analysis shows that browser support for CSP is largely satisfactory, with the exception of few notable issues, but unfortunately there are several shortcomings relative to the other three aspects. CSP appears to have a rather limited deployment as yet and, more crucially, existing policies exhibit a number of weaknesses and misconfiguration errors. Moreover, content security policies are not regularly updated to ban insecure practices and remove unintended security violations. We argue that many of these problems can be fixed by better exploiting the monitoring facilities of CSP, while other issues deserve additional research, being more rooted into the CSP design.
The exponential growth in smartphone adoption is contributing to the availability of vast amounts of human behavioral data. This data enables the development of increasingly accurate data-driven user models that enable the delivery of personalized services which are often free in exchange for the use of its customers' data. Although such usage conventions have raised many privacy concerns, the increasing value of personal data is motivating diverse entities to aggressively collect and exploit the data. In this paper, we propose the concept of constrained user modeling, focusing on the possibility of non-explicit uses of personal data. The concept is demonstrated with mobile online activity data, collected in-the-wild from 61 mobile phone users for a minimum of 30 days. We speculate on realistic scenarios of constrained user modeling and evaluate the feasibility of them. Our scenarios attempt to model heterogeneous user traits and interests, including personality, boredom proneness, demographics, and shopping interests. Based on our modeling results, we discuss various implications to personalization, privacy, and personal data rights.
Internet and Web technologies have changed our lives in ways we are not even fully aware. In the near future, Internet will interconnect more than 50 billion of things of the real world, nodes will sense billions of features of interest and properties, and things will be represented with Web-based bi-directional services with high-dynamic content and real-time data. This is the new era of the Internet and the Web of Things. The emergence of such paradigms implies the evolution and integration of the systems which they interact with. Thereby, it is essential to develop abstract models for representing, and simulating the Web of Things in order to establish new approaches. A model of the Web of Things based on a structured XML representation is described in this paper. We also present a simulator whose ultimate goal is to encapsulate the expected dynamics of the Web of Things, for the future development of Information Retrieval (IR) systems. The sim- ulator generates a real-time collection of XML documents, which contain spatio-temporal contexts, textual and sensed information with highly dynamic dimensions. The simulator is characterized among others for its flexibility and versatility to represent real-world scenarios and a unique perspective from information retrieval, we tested the simulator in terms of fundamentals variables.
A Knowledge graph is a graph with entities of different types as nodes and various relations among them as edges. The constructions of knowledge graphs in the past decades facilitate many applications, such as link prediction, web search analysis, question answering, etc. Knowledge graph embedding aims to represent entities and relations in a large-scale knowledge graph as elements in a continuous vector space. Existing methods, e.g., TransE, TransH and TransR, learn the embedding representation by defining a global margin-based loss function over the data. However, the optimal loss function is determined during experiments whose parameters are examined among a closed set of candidates. Moreover, embeddings over two knowledge graphs with different entities and relations share the same set of candidate loss functions, ignoring the locality of both graphs. This leads to the limited performance of embedding related applications. In this paper, a locally adaptive translation method for knowledge graph embedding, called TransA, is proposed to find the optimal loss function by adaptively determining its margin over different knowledge graphs. Then the convergence of TransA is verified from the aspect of its uniform stability. To make the embedding methods up-to-date when new vertices and edges are added into the knowledge graph, the incremental algorithm for TransA, called iTransA, is proposed by adaptively adjusting the optimal margin over time. Experiments on two benchmark data sets demonstrate the superiority of the proposed method, as compared to the-state-of-the-art ones.