CODE DEFENDERS: A Mutation Testing Game

Mutation testing is endorsed by software testing researchers for its unique capability of providing pragmatic estimates of a test suite's fault detection capability, and for guiding testers in improving their test suites. In practice, however, wide-spread adoption of mutation testing is hampered because any non-trivial program results in huge numbers of mutants, many of which are either trivial or equivalent, and thus useless. Trivial mutants reduce the motivation of developers in trusting and using the technique, while equivalent mutants are frustratingly difficult to handle. These problems are exacerbated by insufficient education on testing, which often means that mutation testing is not well understood in practice. These are examples of the types of problems that gamification aims to overcome by making such tedious activities competitive and entertaining. In this paper, we introduce the first steps towards building Code Defenders, a mutation testing game where players take the role of an attacker, who aims to create the most subtle non-equivalent mutants, or a defender, who aims to create strong tests to kill these mutants. The benefits of such an approach are manifold: The game can serve an educational role by engaging learners in mutation testing activities in a fun way. Experienced players will produce strong test suites, capable of detecting even the most subtle bugs that other players can conceive. Equivalent mutants are handled by making them a special part of the gameplay, where points are at stake in duels between attackers and defenders

Looking for Criminal Intents in JavaScript Obfuscated Code

The majority of websites incorporate JavaScript for client-side execution in a supposedly protected environment. Unfortunately, JavaScript has also proven to be a critical attack vector for both independent and state-sponsored groups of hackers. On the one hand, defenders need to analyze scripts to ensure that no threat is delivered and to respond to potential security incidents. On the other, attackers aim to obfuscate the source code in order to disorient the defenders or even to make code analysis practically impossible. Since code obfuscation may also be adopted by companies for legitimate intellectual-property protection, a dilemma remains on whether a script is harmless or malignant, if not criminal. To help analysts deal with such a dilemma, a methodology is proposed, called JACOB, which is based on five steps, namely: (1) source code parsing, (2) control flow graph recovery, (3) region identification, (4) code structuring, and (5) partial evaluation. These steps implement a sort of decompilation for control flow flattened code, which is progressively transformed into something that is close to the original JavaScript source, thereby making eventual code analysis possible. Most relevantly, JACOB has been successfully applied to uncover unwanted user tracking and fingerprinting in e-commerce websites operated by a well-known Chinese company

Falsification testing for usability inspection method assessment

We need more reliable usability inspection methods (UIMs), but assessment of UIMs has been unreliable [5]. We can only reliably improve UIMs if we have more reliable assessment. When assessing UIMs, we need to code analysts’ predictions as true or false positives or negatives, or as genuinely missed problems. Defenders of UIMs often claim that false positives cannot be accurately coded, i.e., that a prediction is true but has never shown up through user testing or other validation approaches. We show this and similar claims to be mistaken by briefly reviewing methods for reliable coding of each of five types of prediction outcome. We focus on falsification testing, which allows confident coding of false positives

The Anti-Human Rights Machine: Digital Authoritarianism and The Global Assault on Human Rights

Across the world, governments and state-aligned actors increasingly target human rights defenders online using techniques such as surveillance, censorship, harassment, and incitement, which together have been termed “digital authoritarianism.” We currently know little about the concrete effects on human rights defenders of digital authoritarianism as researchers have focused primarily on hate speech targeting religious, national, and ethnic minority groups. This article analyzes the effects of digital authoritarianism in two countries with among the highest rates of killings of human rights defenders in the world; Colombia and Guatemala. Anti-human rights speech in these countries portrays defenders as Marxist terrorists who are anti-patriotic and corrupt criminals. Evidence for a direct causal link to offline violence and killing is limited, however, and this empirical study documents the non-lethal and conditioning effects of speech. Human rights defenders who are targeted online report negative psychological and health outcomes and identify a nexus between online harassment and the criminalization of human rights work. Many take protective measures, engage in self-censorship, abandon human rights work, and leave the country. To prevent these harms, social media companies must implement stronger human rights-protective measures in at-risk countries, including expediting urgent requests for physical protection, adopting context-specific content moderation policies, and publicly documenting state abuses. The article concludes by advocating for a new United Nations-sponsored Digital Code of Conduct that would require states to adopt transparent digital policies, refrain from inciting attacks, and cease illegally surveilling human rights defenders

A comparative study of women environmental defenders' antiviolent success strategies

Altres ajuts: Acord transformatiu CRUE-CSICUnidad de excelencia María de Maeztu CEX2019-000940-MAltres ajuts: "La Caixa" Foundation (ID 100010434). The fellowship code is LCF/BQ/DI19/11730049This research advances knowledge on the understudied topics of violence against women and their contributions to ecological movements through a multiple case study analysis of 25 women defenders listed in the EJAtlas, an environmental conflict database. Women's mobilization is often constrained within cultural contexts limiting them to gendered spaces and roles and punishing them with multiple violences. Women defenders' distinctly gendered violent experiences thus inform their perspectives, narratives, and advocacy. Women defenders assert authority and achieve movement success by emphasizing aspects of identity within and despite unevenly faced barriers, brutality, and burdens. These multi-faceted tactics contribute to emancipation beyond just women and their communities by dismantling violent hegemonies while promoting alternative, inclusive, and antiviolent visions of environmental justice

Having Fun in Learning Formal Specifications

There are many benefits in providing formal specifications for our software. However, teaching students to do this is not always easy as courses on formal methods are often experienced as dry by students. This paper presents a game called FormalZ that teachers can use to introduce some variation in their class. Students can have some fun in playing the game and, while doing so, also learn the basics of writing formal specifications in the form of pre- and post-conditions. Unlike existing software engineering themed education games such as Pex and Code Defenders, FormalZ takes the deep gamification approach where playing gets a more central role in order to generate more engagement. This short paper presents our work in progress: the first implementation of FormalZ along with the result of a preliminary users' evaluation. This implementation is functionally complete and tested, but the polishing of its user interface is still future work

Between the legal technique and the social question: the plural commitments of public defenders in Argentina

The criminal process in the Province of Buenos Aires has been affected by radical reforms in the last decades. Beginning with the complete replacement of the criminal procedure code in 1998 to the introduction of pre-trial hearings and simplified procedures for cases declared in flagrante delicto in 2004 the reforms have impacted more than legal procedures; they have changed the way judicial actors perceive themselves and their relations with the institution. Based on interviews with ten public defenders of the PBA this article offers an exploratory analysis on how public defenders’ perceptions have been impacted by those reforms and to what extent those internal changes have affected the internal dynamics of the PD. Drawing from the sociology of Bernard Lahire and Laurent Thenevot we identify in the public defenders’ responses how these changes affected their personal commitments. Mapping those commitments allow us to describe the subjective folds of the PD through which it is possible to better understand the decisions of public defenders by considering the internalization they make of the judicial world and its relationship with the institutional context.Fil: Ciocchini, Pablo Leandro. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - La Plata; Argentina. University of Liverpool; Reino UnidoFil: Kostenwein, Ezequiel Roberto. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - La Plata; Argentina. Universidad Nacional de La Plata; Argentin

When is Cyber Defense a Crime? Evaluating ActiveCyber Defense Measures Under theBudapest Convention

As cyberattacks increase in frequency and intensity around the globe, private actors have turned to more innovative cyber defense strategies. For many, this involves considering the use of cutting-edge active cyber defense measures—that is, tactics beyond merely erecting firewalls and installing antivirus software that permit cyber defenders to detect and respond to threats in real time. The legality of such measures under international law is a subject of intense debate because of definitional uncertainty surrounding what qualifies as an “active” cyber defense measure. This Comment argues that active defense measures that do not rise to the level of a cybercrime are permissible under international law. Accordingly, it analyzes the Budapest Convention, the only binding international instrument related to cybercrime, and uses its definition of illegal conduct under international law to construct a “stoplight framework” to guide cyber defenders in their actions. Ultimately, this Comment concludes that cyber defenders have a “green light” to use purely passive measures, such as monitoring one’s own network traffic, because these measures are highly unlikely to involve conduct the Budapest Convention criminalizes. Active-passive measures, such as attaching code to intruders that tracks them back to their home base, can in some cases be justified under exceptions to the Convention; accordingly, cyber defenders should proceed with caution. Finally, outright active defense measures nearly always rise to the level of offense conduct under the Budapest Convention, and should not be used. This analysis provides needed clarity as to the legality of conduct in cyberspace, and provides cyber defenders with the guideposts they need to confidently innovate in today’s complex cyber landscap