8,476 research outputs found
The merger boom: an overview
Consolidation and merger of corporations ; Corporations ; Public policy
Lockdown: Dynamic Control-Flow Integrity
Applications written in low-level languages without type or memory safety are
especially prone to memory corruption. Attackers gain code execution
capabilities through such applications despite all currently deployed defenses
by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI)
is a promising defense mechanism that restricts open control-flow transfers to
a static set of well-known locations. We present Lockdown, an approach to
dynamic CFI that protects legacy, binary-only executables and libraries.
Lockdown adaptively learns the control-flow graph of a running process using
information from a trusted dynamic loader. The sandbox component of Lockdown
restricts interactions between different shared objects to imported and
exported functions by enforcing fine-grained CFI checks. Our prototype
implementation shows that dynamic CFI results in low performance overhead.Comment: ETH Technical Repor
HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement
Widespread use of memory unsafe programming languages (e.g., C and C++)
leaves many systems vulnerable to memory corruption attacks. A variety of
defenses have been proposed to mitigate attacks that exploit memory errors to
hijack the control flow of the code at run-time, e.g., (fine-grained)
randomization or Control Flow Integrity. However, recent work on data-oriented
programming (DOP) demonstrated highly expressive (Turing-complete) attacks,
even in the presence of these state-of-the-art defenses. Although multiple
real-world DOP attacks have been demonstrated, no efficient defenses are yet
available. We propose run-time scope enforcement (RSE), a novel approach
designed to efficiently mitigate all currently known DOP attacks by enforcing
compile-time memory safety constraints (e.g., variable visibility rules) at
run-time. We present HardScope, a proof-of-concept implementation of
hardware-assisted RSE for the new RISC-V open instruction set architecture. We
discuss our systematic empirical evaluation of HardScope which demonstrates
that it can mitigate all currently known DOP attacks, and has a real-world
performance overhead of 3.2% in embedded benchmarks
State and Local Anti-Predatory Lending Laws: The Effect of Legal Enforcement Mechanisms
Subprime mortgage lending has grown rapidly in recent years and with it, so have concerns about predatory lending. In response to evidence of predatory lending, most states have enacted new laws or expanded existing laws to address abuses in the subprime home loan market. The effect of these statutes is a matter of debate. This paper seeks to improve the understanding of this increasingly important issue and pays particular attention to the role that legal enforcement mechanisms play in this context. The results of the analysis are consistent with the view that anti-predatory lending laws influence subprime lending markets and that disaggregating the details of the overall legal framework into its component parts is essential for understanding subprime market dynamics. The restrictions, coverage, and enforcement components all have significant relationships with subprime market outcomes, with the coverage relationship found to be broadly consistent with the reverse lemons hypothesis put forward by Ho and Pennington-Cross (2007). The results also suggest that the newer mini-HOEPA laws have had an impact on the subprime market above and beyond the older preexisting laws, particularly for subprime originations. Broader coverage through these new laws is associated with higher origination likelihoods, while increased restrictions through the mini-HOEPA laws are associated with lower origination propensities
Data and Democracy
Herman B Wells Distinguished Lecture of the Institute and Society for Advanced Study given on September 21, 2001
Will the Net Turn Car Dealers into Dinosaurs? State Limits on Auto Sales Online
Many states have automobile franchise laws that impede or prohibit newcomers from entering the business of selling cars within certain local markets. The laws protect licensed local automobile dealers from certain types of competition; moreover, in many states those laws have the effect of prohibiting anyone except a licensed dealer from selling cars over the Internet. Defenders of the laws assert that they are necessary to protect consumers and dealers themselves. However, those laws harm consumers by impeding competition among sellers of cars. Several economic studies, including a study by the Federal Trade Commission, support that conclusion. In addition, state regulation of Internet commerce threatens to impede interstate commerce. The Constitution's commerce clause was intended to prevent states from erecting trade barriers that protect local businesses at the expense of national trade. The courts, therefore, will frown on states' trying to protect local dealers at the expense of consumers nationwide. The Internet is changing the traditional relationship among manufacturers, middlemen, and consumers. The middleman will not become extinct, but consumers will interact more with manufacturers, as often manufacturers are the best source of information about a product. Protectionist laws that make it harder to compete with traditional dealers harm consumers and will simply lead to stagnation. States should repeal laws that restrict online automobile sales before the Internet economy leaves their citizens behind
- …