135 research outputs found

    Evaluation Methodologies in Software Protection Research

    Full text link
    Man-at-the-end (MATE) attackers have full control over the system on which the attacked software runs, and try to break the confidentiality or integrity of assets embedded in the software. Both companies and malware authors want to prevent such attacks. This has driven an arms race between attackers and defenders, resulting in a plethora of different protection and analysis methods. However, it remains difficult to measure the strength of protections because MATE attackers can reach their goals in many different ways and a universally accepted evaluation methodology does not exist. This survey systematically reviews the evaluation methodologies of papers on obfuscation, a major class of protections against MATE attacks. For 572 papers, we collected 113 aspects of their evaluation methodologies, ranging from sample set types and sizes, over sample treatment, to performed measurements. We provide detailed insights into how the academic state of the art evaluates both the protections and analyses thereon. In summary, there is a clear need for better evaluation methodologies. We identify nine challenges for software protection evaluations, which represent threats to the validity, reproducibility, and interpretation of research results in the context of MATE attacks

    Cybersecurity: Past, Present and Future

    Full text link
    The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-

    Casting a Line to the Land: Narratologies of Embodied Rituals and Connectivity to Place

    Get PDF
    This research argues for a re-conceptualisation and extension of place within architectural praxis that is reflective of broader discussions of meaning and environmental experience. This study examines the alignment between place and ritual theory as a way to better understand phenomenon that inform a greater connectivity between embodied and meaningful experiences with the environment. This will be explored through the act of fly fishing. Fly-fishing is relevant as the focus of the study owing in part to the author’s own experience as a fly angler. The relationship between the act of fly fishing, being part of nature and being in the world is meaningful. By conceptualising fly fishing as a form of ritual and process of ritualization, this study looks at how ritual affords fly anglers a connective relationship with place. This ritualized connection extends beyond mere doing and evokes cultivation of a deeper sensibility of and towards place. Present here is recognition of the role the body and ritual plays in enabling the formation of this sensibility of place. This research is advanced through narratological methods of autoethnography, storytelling, cognitive mapping and film. This way of working builds on the power of narrative and image-making to expose individual meaning-making. Employing these methods forms a holistic representation of experience, and so overcome potential disconnects that can arise between meaning-making efforts and actual experience. This research recognises that we that are embodied beings, and our embodied experiences are central to our relationships with place. Through this study, the researcher aims to develop a greater understanding of what place means – notably in how we generate a connection to place through our bodies – and to draw upon this insight to expand architectural discourse with a better understanding of connective and meaningful phenomena

    Design, Implementation, and Automation of a Risk Management Approach for Man-at-the-End Software Protection

    Full text link
    The last years have seen an increase in Man-at-the-End (MATE) attacks against software applications, both in number and severity. However, software protection, which aims at mitigating MATE attacks, is dominated by fuzzy concepts and security-through-obscurity. This paper presents a rationale for adopting and standardizing the protection of software as a risk management process according to the NIST SP800-39 approach. We examine the relevant constructs, models, and methods needed for formalizing and automating the activities in this process in the context of MATE software protection. We highlight the open issues that the research community still has to address. We discuss the benefits that such an approach can bring to all stakeholders. In addition, we present a Proof of Concept (PoC) decision support system that instantiates many of the discussed construct, models, and methods and automates many activities in the risk analysis methodology for the protection of software. Despite being a prototype, the PoC's validation with industry experts indicated that several aspects of the proposed risk management process can already be formalized and automated with our existing toolbox and that it can actually assist decision-making in industrially relevant settings.Comment: Preprint submitted to Computers & Security. arXiv admin note: substantial text overlap with arXiv:2011.0726

    Minding the Gap: Computing Ethics and the Political Economy of Big Tech

    Get PDF
    In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology

    Dynamic Symbolic Execution for Enhanced Intermediate Representation of Data Flow Space Applications

    Get PDF
    Verifying the safety and security requirements of embedded software requires a code analysis. Many software systems are developed based on software development libraries; therefore, code specifications are known at compiling time. Hence, many source-code analyses will be excluded, and low-level intermediate representations (LLIRs) of the analyzed binaries are preferred. Improving the expressiveness of the LLIR and enhancing it with more information from the binaries will improve the tightness of the applied analyses. This work is interested in developing a lifterthat lifts binaries into an enhanced LLIR and can resolve indirect jumps. LLVM is used as the LLIR. Our proposed lifter, which we call DEL (Dynamic symbolic Execution Lifter), combines both static and dynamic symbolic execution and strives to fully recover the analyzed program’s control flow. DEL consists of an API to translate ARMv7-M assembly instructions into static single assignment LLVM instructions, an LLIR to Z3 expressions parser, a memory model, a register model, and a specialized condition flags handler. This work used a case study based on a software development library for onboard data-handling applications developed at the German Aerospace Center (DLR), which is called the Tasking Framework. DEL demonstrated high accuracy of around 93% in resolving indirect jumps in our case study

    It Was Handed to Them : The Origins of Targeted Delivery and the Spirit of Nanomedicine

    Full text link
    Nanotechnology is widely recognized as an important field. Since the 2000s, nano-based targeting has been a cutting-edge approach in cancer research. To specify what nanomedicine means and describe its significance at the cultural level, this study harnesses data from peer-reviewed articles published in leading scientific journals. Balancing precariously between sociological theory and science and technology studies, this project turns to nanomedicine’s origins to address broader questions regarding the relationship between science and society and the causes of scientific discovery and technological innovation. It tells the story of nanotechnology\u27s discursive formations taking on a life of their own and congealing into a zeitgeist or spirit, as is reminiscent of the one described by Max Weber in The Protestant Ethic. It concludes that nanotechnology-based targeted delivery was not merely a scientific idea or a technical solution to the problem of cancer, but a broad cultural logic based on the waning of thinking in terms of warfare and blunt force, and the rise of an ethos centered around designing, creating and managing relationships, affinity, and engineering compatibility between things normally understood as incompatible

    Law and Policy for the Quantum Age

    Get PDF
    Law and Policy for the Quantum Age is for readers interested in the political and business strategies underlying quantum sensing, computing, and communication. This work explains how these quantum technologies work, future national defense and legal landscapes for nations interested in strategic advantage, and paths to profit for companies

    Technical Debt is an Ethical Issue

    Get PDF
    We introduce the problem of technical debt, with particular focus on critical infrastructure, and put forward our view that this is a digital ethics issue. We propose that the software engineering process must adapt its current notion of technical debt – focusing on technical costs – to include the potential cost to society if the technical debt is not addressed, and the cost of analysing, modelling and understanding this ethical debt. Finally, we provide an overview of the development of educational material – based on a collection of technical debt case studies - in order to teach about technical debt and its ethical implication
    • …
    corecore