21,424 research outputs found
Central Bank and Price Stability: Is a Single Objetive Enough?
Current developments in monetary theory, coupled with the recent practical experience of many and diverse central banks, suggest a number of basic tenets that could be regarded as effective guideposts in the search for successful practices that could contribute to attain and to sustain macroeconomic stabilization. While common sense, the myriad of accompanying circumstances within which policies and institutions develop, tend to confound their significance and to blur their basic meaning and implications. The purpose of this paper is to review and revisit, in the light of prevailing experience, the state of the art regarding monetary and central banking policies and analyze, by outlining these experiences in the form of seven basic principles, their significance for the achievement and the maintenance of macroeconomic stabilization. While each of these principles can be reviewed independently, they are, of course closely linked. The paper first scrutinizes the manner in which the literature has dealt with these issues and, in light of recent experiences, attempts to integrate them into an unified framework and to draw a number of policy lessons and theoretical implications.
Differentially Testing Soundness and Precision of Program Analyzers
In the last decades, numerous program analyzers have been developed both by
academia and industry. Despite their abundance however, there is currently no
systematic way of comparing the effectiveness of different analyzers on
arbitrary code. In this paper, we present the first automated technique for
differentially testing soundness and precision of program analyzers. We used
our technique to compare six mature, state-of-the art analyzers on tens of
thousands of automatically generated benchmarks. Our technique detected
soundness and precision issues in most analyzers, and we evaluated the
implications of these issues to both designers and users of program analyzers
Biometric presentation attack detection: beyond the visible spectrum
The increased need for unattended authentication in
multiple scenarios has motivated a wide deployment of biometric
systems in the last few years. This has in turn led to the
disclosure of security concerns specifically related to biometric
systems. Among them, presentation attacks (PAs, i.e., attempts
to log into the system with a fake biometric characteristic or
presentation attack instrument) pose a severe threat to the
security of the system: any person could eventually fabricate
or order a gummy finger or face mask to impersonate someone
else. In this context, we present a novel fingerprint presentation
attack detection (PAD) scheme based on i) a new capture device
able to acquire images within the short wave infrared (SWIR)
spectrum, and i i) an in-depth analysis of several state-of-theart
techniques based on both handcrafted and deep learning
features. The approach is evaluated on a database comprising
over 4700 samples, stemming from 562 different subjects and
35 different presentation attack instrument (PAI) species. The
results show the soundness of the proposed approach with a
detection equal error rate (D-EER) as low as 1.35% even in a
realistic scenario where five different PAI species are considered
only for testing purposes (i.e., unknown attacks
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications
Android apps cooperate through message passing via intents. However, when
apps do not have identical sets of privileges inter-app communication (IAC) can
accidentally or maliciously be misused, e.g., to leak sensitive information
contrary to users expectations. Recent research considered static program
analysis to detect dangerous data leaks due to inter-component communication
(ICC) or IAC, but suffers from shortcomings with respect to precision,
soundness, and scalability. To solve these issues we propose a novel approach
for static ICC/IAC analysis. We perform a fixed-point iteration of ICC/IAC
summary information to precisely resolve intent communication with more than
two apps involved. We integrate these results with information flows generated
by a baseline (i.e. not considering intents) information flow analysis, and
resolve if sensitive data is flowing (transitively) through components/apps in
order to be ultimately leaked. Our main contribution is the first fully
automatic sound and precise ICC/IAC information flow analysis that is scalable
for realistic apps due to modularity, avoiding combinatorial explosion: Our
approach determines communicating apps using short summaries rather than
inlining intent calls, which often requires simultaneously analyzing all tuples
of apps. We evaluated our tool IIFA in terms of scalability, precision, and
recall. Using benchmarks we establish that precision and recall of our
algorithm are considerably better than prominent state-of-the-art analyses for
IAC. But foremost, applied to the 90 most popular applications from the Google
Playstore, IIFA demonstrated its scalability to a large corpus of real-world
apps. IIFA reports 62 problematic ICC-/IAC-related information flows via two or
more apps/components
- …