Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction

Trademark Vigilance in the Twenty-First Century: An Update

The trademark laws impose a duty upon brand owners to be vigilant in policing their marks, lest they be subject to the defense of laches, a reduced scope of protection, or even death by genericide. Before the millennium, it was relatively manageable for brand owners to police the retail marketplace for infringements and counterfeits. The Internet changed everything. In ways unforeseen, the Internet has unleashed a tremendously damaging cataclysm upon brands—online counterfeiting. It has created a virtual pipeline directly from factories in China to the American consumer shopping from home or work. The very online platforms that make Internet shopping so convenient, and that have enabled brands to expand their sales, have exposed buyers to unwittingly purchasing fake goods which can jeopardize their health and safety as well as brand reputation. This Article updates a 1999 panel discussion titled Trademark Vigilance in the Twenty-First Century, held at Fordham Law School, and explains all the ways in which vigilance has changed since the Internet has become an inescapable feature of everyday life. It provides trademark owners with a road map for monitoring brand abuse online and solutions for taking action against infringers, counterfeiters and others who threaten to undermine brand value

Reducing the Threat of State-to-State Cyber Attack against Critical Infrastructure through International Norms and Agreements

The global proliferation of networked computer systems within the public and private sectors presents an increased opportunity for malicious cyber attacks to disrupt the daily functions of governments, national emergency systems, the global economy, and our modern way of life. The potentially pandemic nature of network failures presents opportunities for states to work together to identify key infrastructure sectors of shared interest and formulate international norms and strategies to protect them from cyber attacks and prevent cascading failures within modern society. Nation-states that share information infrastructure critical to modern social functions will have a vested interest in protecting these systems from cyber attacks while mitigating their own inclination to attack these same networks. This paper outlines the state-to-state cyber threat to critical-system infrastructures and the role international agreements can play in limiting this threat. The paper has been structured as follows. It begins by defining a critical system and discussing the actors who pose threats to these systems and the motivations behind their decisions. This is followed by a detailed description of a hypothetical scenario that depicts the methods by which one state could attack another state’s critical infrastructure, to include the motivations behind the attack. In conclusion, it makes recommendations regarding the development of an international agreement designed to limit this specific type of attack

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Ponowne rozważanie nad błędami w tłumaczeniu terminologii prawnej i prawniczej.

This study aims to explore different causes for the mistranslation of legal terminology in international agreements that are enforced through domestic legislation, and attempt to provide some solutions. It is said that legal training will help legal translators to render terminology correctly. This should be held true because many legal terms from different legal systems are ‘false friends’, in that even a well-trained lawyer may need to undertake extensive legal and linguistic research to render them in another language or legal system. This study, by use of a comparison of several translated legal terms from People’s Republic of China (PRC) and Taiwan, shows that besides the cause of ‘legal knowledge’, the disparities between international law and national law and different legal traditions can also lead to an improper transfer of legal terminology. Examples of these terms are “Copyright piracy” (Daoban 盗版 vs. qinhai zhuzuoquan 侵害著作权), “Good Faith” (Chengshi shouxin 诚实守信 vs. shanyi 善意), and “Inventive Step” (Famingxing de buzhou 发明性的步骤 vs. jinbuxing 进步性). In order to enhance translators’ legal knowledge, it is proposed that they be presented with some substantive laws together with simple illustrations of their structures. Translators should crosscheck their translations against a wide range of sources at work. Streszczenie: Niniejsze badanie ma na celu (1) zbadanie różnych przyczyn błędnego tłumaczenia terminologii prawnej w umowach międzynarodowych, które są egzekwowane na mocy przepisów krajowych i (2) próbę dostarczenia pewnych rozwiązań. Powszechnie uważa się, że szkolenie prawne pomaga tłumaczom prawniczym poprawnie tłumaczyć terminologię. Należy to potwierdzić, ponieważ wiele terminów prawnych z różnych systemów prawnych to fałszywi przyjaciele, ponieważ nawet dobrze wyszkolony prawnik może być zmuszony do przeprowadzenia szeroko zakrojonych badań prawnych i językowych, aby uczynić je w innym języku lub systemie prawnym. Badanie to, w oparciu o porównanie kilku przetłumaczonych pojęć prawnych z system prawnego Chińskiej Republiki Ludowej (ChRL) i Tajwanu, pokazuje, że oprócz wiedzy prawnej, różnice między prawem międzynarodowym a prawem krajowym i różnymi tradycjami prawnymi mogą również prowadzić do niewłaściwego przeniesienia terminologii prawnej na inny języki. 

NAVIES, COAST GUARDS, THE MARITIME COMMUNITY AND INTERNATIONAL STABILITY

The maritime security environment in East Asia is a policy priority for both private and state actors. The strategic and economic importance of the sea ensures that its stability is of primary concern. Yet competing visions of how stability should be achieved and what a new ‘status-quo’ looks like has created uncertainty and competition. Naval forces in the region are growing as littoral states seek to ensure their interests at sea are met. Concurrently, many of the same states have looked to maritime law enforcement agencies to supplement their maritime security capabilities. Through cases studies of littoral states in Asia and beyond this policy brief examines how states in the region have integrated maritime law enforcement agencies into their existing maritime security architecture and how successful these efforts have been. This Policy Brief also determines how maritime stability is impacted by these developments and how it can be maintained in this hybrid maritime operating environmen

From Orbit to Ocean—Fixing Southeast Asia’s Remote-Sensing Blind Spots

Improving maritime domain awareness (MDA) in Southeast Asia is critical not only for regional states but for the national-security interests of the United States. MDA in the coming decades will be dominated by cheaper, more-efficient remote-sensing tools, and the United States and other outside parties should shift toward introducing partners to the booming private-sector offerings in remote sensing