Roaming agents threaten a server with theft of assets, system resources and reputation. Generally ignored is the reciprocal threat of server against agent. Not only might a server steal the assets, resources, and reputation of an agent, but it might actually kill the agent. The central security concern for systems that allow agents to roam is how to establish trust, and how to limit risk for both the server and the agent. The travels of the agent are key to establishing trust, and trust determines the level of risk.
Web applications are interactive programs that are deployed on the world wide web. Their execution is usually controlled very heavily by user choices and user data. This makes them vulnerable to abnormal behavior from invalid inputs as well as security attacks. Thus, web applications invest heavily in validating user inputs according to defined constraints on the values. This work focuses on validation done on the client, which uses two types of technologies; restrictions in HTML form fields and scripts that check values. Unfortunately users have the ability to subvert or skip client-side validation. Bypass testing has been developed to test the behavior of web applications when client-side validation is skipped. This paper presents results from an industry case study of bypass testing applied to a project from Avaya Research Labs, NPP. The paper presents a process for designing, implementing, automating and developing bypass tests. The theory of bypass testing had to be adapted to the unique characteristics of NPP software, which represented a significant engineering challenge. The 184 tests that were generated resulted in 63 unique failures, providing significant experience and numerous lessons learned. The case study also revealed several difficult problems that need to be addressed in future research.
In urgent and emergency response situations, publishsubscribe services need to go beyond information dissemination to facilitate response collection, and even collaboration, among the recipients. We introduce flexible delivery, role-based subscription guidance, and historical event matching to address the requirements of urgent response applications. Flexible delivery allows publishers to choose the most appropriate communication technique for the urgent situation. Role-based guidance provides an interface for subscribing to events from the user's perspective. Historical event matching allows subscribers to join ongoing collaborations for events that occurred in the past. Together theses techniques allow the creation and support of ad hoc communities of interest to address urgent situations. We report our experience with these techniques during 3 years of production use for escalating product repair issues for our company. Forum provides the first production use cases that require historical matching of persistent events in publishsubscribe services.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.