Efficient Dynamic Access Analysis Using JavaScript Proxies

JSConTest introduced the notions of effect monitoring and dynamic effect inference for JavaScript. It enables the description of effects with path specifications resembling regular expressions. It is implemented by an offline source code transformation. To overcome the limitations of the JSConTest implementation, we redesigned and reimplemented effect monitoring by taking advantange of JavaScript proxies. Our new design avoids all drawbacks of the prior implementation. It guarantees full interposition; it is not restricted to a subset of JavaScript; it is self-maintaining; and its scalability to large programs is significantly better than with JSConTest. The improved scalability has two sources. First, the reimplementation is significantly faster than the original, transformation-based implementation. Second, the reimplementation relies on the fly-weight pattern and on trace reduction to conserve memory. Only the combination of these techniques enables monitoring and inference for large programs.Comment: Technical Repor

Event Stream Processing with Multiple Threads

Current runtime verification tools seldom make use of multi-threading to speed up the evaluation of a property on a large event trace. In this paper, we present an extension to the BeepBeep 3 event stream engine that allows the use of multiple threads during the evaluation of a query. Various parallelization strategies are presented and described on simple examples. The implementation of these strategies is then evaluated empirically on a sample of problems. Compared to the previous, single-threaded version of the BeepBeep engine, the allocation of just a few threads to specific portions of a query provides dramatic improvement in terms of running time

Privacy self-regulation and the changing role of the state: from public law to social and technical mechanisms of governance

This paper provides a structured overview of different self-governance mechanisms for privacy and data protection in the corporate world, with a special focus on Internet privacy. It also looks at the role of the state, and how it has related to privacy self-governance over time. While early data protection started out as law-based regulation by nation-states, transnational self-governance mechanisms have become more important due to the rise of global telecommunications and the Internet. Reach, scope, precision and enforcement of these industry codes of conduct vary a lot. The more binding they are, the more limited is their reach, though they - like the state-based instruments for privacy protection - are becoming more harmonised and global in reach nowadays. These social codes of conduct are developed by the private sector with limited participation of official data protection commissioners, public interest groups, or international organisations. Software tools - technical codes - for online privacy protection can give back some control over their data to individual users and customers, but only have limited reach and applications. The privacy-enhancing design of network infrastructures and database architectures is still mainly developed autonomously by the computer and software industry. Here, we can recently find a stronger, but new role of the state. Instead of regulating data processors directly, governments and oversight agencies now focus more on the intermediaries - standards developers, large software companies, or industry associations. And instead of prescribing and penalising, they now rely more on incentive-structures like certifications or public funding for social and technical self-governance instruments of privacy protection. The use of technology as an instrument and object of regulation is thereby becoming more popular, but the success of this approach still depends on the social codes and the underlying norms which technology is supposed to embed. --

SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

Law and Policy in the Age of the Internet

Technological knowledge is of many different kinds, from experience-based know-how in the crafts to science-based knowledge in modern engineering. It is inherently oriented towards being useful in technological activities, such as manufacturing and engineering design. The purpose of this thesis is to highlight special characteristics of technological knowledge and how these affect how technology should be taught in school. It consists of an introduction, a summary in Swedish, and five papers: Paper I is about rules of thumb, which are simple instructions, used to guide actions toward a specific result, without need of advanced knowledge. One off the major advantages of rules of thumb is the ease with which they can be learnt. One of their major disadvantages is that they cannot easily be adjusted to new situations or conditions. Paper II describes how Gilbert Ryle's distinction between knowing how and knowing that is applicable in the technological domain. Knowing how and knowing that are commonly used together, but there are important differences between them which motivate why they should be regarded as different types: they are learnt in different ways, justified in different ways, and knowing that is susceptible to Gettier type problems which technological knowing how is not. Paper III is based on a survey about how Swedish technology teachers understand the concept of technological knowledge. Their opinions show an extensive variation, and they have no common terminology for describing the knowledge. Paper IV deals with non-scientific models that are commonly used by engineers, based on for example folk theories or obsolete science. These should be included in technology education if it is to resemble real technology. Different, and partly contradictory, epistemological frameworks must be used in different school subjects. This leads to major pedagogical challenges, but also to opportunities to clarify the differences between technology and the natural sciences and between models and reality. Paper V is about explanation, prediction, and the use of models in technology education. Explanations and models in technology differ from those in the natural sciences in that they have to include users' actions and intentions.QC 20140512</p