Predicting violence within genocides: meso-level evidence from Rwanda

Can we predict when and where violence will break out within cases of genocide? Given often weak political will to respond, knowing where to strategically prioritize limited resources is valuable information for international decision makers contemplating intervention. I develop a theoretical model to help identify areas vulnerable to violence during genocide. I argue vulnerability is a function of the state’s coercive power and the ruling elite’s control of this power from above, mediated by the strength of society’s cohesion below. Violence will be delayed in areas where political and military resistance to the center is high as it takes time for extremists to exert control at the periphery. Violence will also be delayed in well-integrated communities as it takes time to break existing social bonds and destroy social capital. I draw on the case of Rwanda’s 1994 genocide and examine sub-national variation in the onset of violence across the country’s 145 administrative communes using survival analysis and within-case analyses comparing early and late onset in two communes. The findings have implications for international policy makers responding to ongoing genocides

ret2spec: Speculative Execution Using Return Stack Buffers

Speculative execution is an optimization technique that has been part of CPUs for over a decade. It predicts the outcome and target of branch instructions to avoid stalling the execution pipeline. However, until recently, the security implications of speculative code execution have not been studied. In this paper, we investigate a special type of branch predictor that is responsible for predicting return addresses. To the best of our knowledge, we are the first to study return address predictors and their consequences for the security of modern software. In our work, we show how return stack buffers (RSBs), the core unit of return address predictors, can be used to trigger misspeculations. Based on this knowledge, we propose two new attack variants using RSBs that give attackers similar capabilities as the documented Spectre attacks. We show how local attackers can gain arbitrary speculative code execution across processes, e.g., to leak passwords another user enters on a shared system. Our evaluation showed that the recent Spectre countermeasures deployed in operating systems can also cover such RSB-based cross-process attacks. Yet we then demonstrate that attackers can trigger misspeculation in JIT environments in order to leak arbitrary memory content of browser processes. Reading outside the sandboxed memory region with JIT-compiled code is still possible with 80\% accuracy on average.Comment: Updating to the cam-ready version and adding reference to the original pape

Ozone: Efficient Execution with Zero Timing Leakage for Modern Microarchitectures

Time variation during program execution can leak sensitive information. Time variations due to program control flow and hardware resource contention have been used to steal encryption keys in cipher implementations such as AES and RSA. A number of approaches to mitigate timing-based side-channel attacks have been proposed including cache partitioning, control-flow obfuscation and injecting timing noise into the outputs of code. While these techniques make timing-based side-channel attacks more difficult, they do not eliminate the risks. Prior techniques are either too specific or too expensive, and all leave remnants of the original timing side channel for later attackers to attempt to exploit. In this work, we show that the state-of-the-art techniques in timing side-channel protection, which limit timing leakage but do not eliminate it, still have significant vulnerabilities to timing-based side-channel attacks. To provide a means for total protection from timing-based side-channel attacks, we develop Ozone, the first zero timing leakage execution resource for a modern microarchitecture. Code in Ozone execute under a special hardware thread that gains exclusive access to a single core's resources for a fixed (and limited) number of cycles during which it cannot be interrupted. Memory access under Ozone thread execution is limited to a fixed size uncached scratchpad memory, and all Ozone threads begin execution with a known fixed microarchitectural state. We evaluate Ozone using a number of security sensitive kernels that have previously been targets of timing side-channel attacks, and show that Ozone eliminates timing leakage with minimal performance overhead

Tax burden and competition in the European Union – Does it change?

Enlargement of the European Union and the globalization process significantly affect tax systems and fiscal policies of individual countries. The level and structure of tax burden is often discussed in the European Union, as well as what is more profitable – keeping tax competition or tax harmonization. Tax environment and tax burden are significant factors when deciding about investment allocation. For international comparison, the easiest way is to use statutory tax rates but the result may be rather inaccurate. More convenient way of comparison is comparing implicit rates where we may express impact of taxes on economic activities according to their functions. The paper first summarizes basic theoretic approaches to tax competition. Then it is followed by an analysis of level and structure of tax burden in the European Union in the period of 1995 to 2006. There is emphasis on the dissimilarity of results depending on the type of tax rates used, namely statutory and implicit. The aim is to verify the hypothesis that value of tax burden (measured by tax quota) falls in time and that indirect taxes outweigh direct taxes in the tax burden of the European Union.tax competition, tax burden, tax quota, implicit tax rate