Empirical assessment of the effort needed to attack programs protected with client/server code splitting

Context. Code hardening is meant to fight malicious tampering with sensitive code executed on client hosts. Code splitting is a hardening technique that moves selected chunks of code from client to server. Although widely adopted, the effective benefits of code splitting are not fully understood and thoroughly assessed. Objective. The objective of this work is to compare non protected code vs. code splitting protected code, considering two levels of the chunk size parameter, in order to assess the effectiveness of the protection - in terms of both attack time and success rate - and to understand the attack strategy and process used to overcome the protection. Method. We conducted an experiment with master students performing attack tasks on a small application hardened with different levels of protection. Students carried out their task working at the source code level. Results. We observed a statistically significant effect of code splitting on the attack success rate that, on the average, was reduced from 89% with unprotected clear code to 52% with the most effective protection. The protection variant that moved some small-sized code chunks turned out to be more effective than the alternative moving fewer but larger chunks. Different strategies were identified yielding different success rates. Moreover, we discovered that successful attacks exhibited different process w.r.t. failed ones.Conclusions We found empirical evidence of the effect of code splitting, assessed the relative magnitude, and evaluated the influence of the chunk size parameter. Moreover, we extracted the process used to overcome such obfuscation technique

Management: A continuing bibliography with indexes

This bibliography lists 551 reports, articles, and other documents introduced into NASA scientific and technical information system in 1980

Review of the occupational health and safety of Britain’s ethnic minorities

This report sets out an evidence-based review on work-related health and safety issues relating to black and minority ethnic groups. Data included available statistical materials and a systematic review of published research and practice-based reports. UK South Asians are generally under-represented within the most hazardous occupational groups. They have lower accident rates overall, while Black Caribbean workers rates are similar to the general population; Bangladeshi and Chinese workers report lowest workplace injury rates UK South Asian people exhibit higher levels of limiting long-term illness (LLI) and self reported poor health than the general population while Black Africans and Chinese report lower levels. Ethnic minority workers with LLI are more likely than whites to withdraw from the workforce, or to experience lower wage rates. Some of these findings conflict with evidence of differentials from USA, Europe and Australasia, but there is a dearth of effective primary research or reliable monitoring data from UK sources. There remains a need to improve monitoring and data collection relating to black and ethnic minority populations and migrant workers. Suggestions are made relating to workshops on occupational health promotion programmes for ethnic minorities, and ethnic minority health and safety 'Beacon' sites

Networks, uncertainty reduction and strategic decision-making in social movement fields

Organisational efforts to bring about social change are riddled with choices. What is the appropriate course of action? Who best to collaborate with? How should finite resources, economic or otherwise, be spent? In this respect, the existence of Social Movement Organisations (SMO) — those entities with goals aimed at changing the state of society or protecting the status quo — is one characterised by great uncertainty. Thus a question of critical import to understanding SMOs’ capacity to bring about change is how do they go about bridging information gaps when faced with strategic decisions? In this thesis I argue that network structure affords SMOs a route to accessing information that may be used to manage uncertainty. My argument is built upon two simple observations: (a) populations of SMOs are constitutive of Social Movement Fields wherein these diverse organisations cooperate, compete and learn from one another through surveillance, comparison and mimicry; and (b) SMOs are embedded in rich webs of relations with peers, both online and offline, that enable and constrain their behaviour by governing access to informational resources that may be used for goal attainment. The core novelty of this thesis arises from my recasting of SMOs’ strategic actions as types of relationship formation in inter-organisational network scenarios that are comparatively overlooked — namely, multiplex and bipartite networks. This approach has the appealing property of making clear the effect of SMOs on each other — a key aspect of the institutional perspective on which this work is built — whilst also allowing me to more squarely address how network structure might guide action. Analytically, this leads me to focus on those micro-level network locales, i.e., the “local neighbourhoods”, within which SMOs are embedded (e.g., triads) as they relate to tie formation vis-á-vis uncertainty reduction. Methodologically, this thesis is also designed to demonstrates the sociological power of statistical models of networks in investigating the dynamics of social movement fields. The core strength of these models is their realistic handling of the constraints/benefits of social actors’ structural positions with respect to their behaviour. This is in stark contrast to the variable-centred (i.e. atomistic) statistical frameworks typical of sociological studies of SMOs (e.g., OLS or logistic regression) which fail to account for these organisations’ interdependence and thus provide poor representations of their agency as strategic actors. Empirically, this work consists of three contained case studies of strategic action: (a) a longitudinal study of tactical implementation in the Palestinian National Movement; (b) a longitudinal study of financial patronage in the US Climate Change Countermovement; and (c) a cross-sectional study of online alliance formation amongst organisational members of the Hardest Hit Coalition, a UKbased anti-austerity issue campaign. Results overwhelmingly support my assertions that information useful in managing uncertainty with respect to strategic action is encoded into oft overlooked network structure. Extant sociological work has simply missed a number of interesting, sometimes counterintuitive, dynamics of Social Movement Fields