Retail sweep programs and bank reserves, 1994--1999

Since January 1994, the Federal Reserve Board has permitted depository institutions in the United States to implement so-called retail sweep programs. The essence of these programs is computer software that dynamically reclassifies customer deposits between transaction accounts, which are subject to statutory reserve requirement ratios as high as 10 percent, and money market deposit accounts, which have a zero ratio. Through the use of such software, hundreds of banks have sharply reduced the amount of their required reserves. In some cases, this new level of required reserves is less than the amount that the bank requires for its ordinary, day-to-day business. In the terminology introduced by Anderson and Rasche (1996b), such deposit-sweeping activity has allowed these banks to become "economically nonbound," and has reduced to zero the economic burden ("tax") due to statutory reserve requirements. In this analysis, we examine a large panel of U.S. banks and develop quantitative estimates of the impact of sweep software programs on the demand for bank reserves.Money supply ; Bank reserves ; Monetary policy - United States

Retail sweep programs and bank reserves, 1994-1999

Since January 1994, the Federal Reserve Board has permitted depository institutions in the United States to implement so-called “retail sweep programs.” The essence of these programs is computer software that dynamically reclassifies customer deposits from transaction accounts, which are subject to statutory reserve-requirement ratios as high as 10 percent, to money market deposit accounts, which have a zero ratio. Through the use of such software, hundreds of banks have sharply reduced the amount of their required reserves. In many cases, this new lower requirement places no constraint on the bank because it is less than the amount of reserves (vault cash and deposits at the Federal Reserve) that the bank requires for its ordinary day-to-day business. In the terminology introduced by Anderson and Rasche (1996b), such deposit-sweeping activity has allowed these banks to become “economically nonbound” and has reduced to zero the economic burden (“tax”) due to statutory reserve requirements. In this analysis, we examine a large panel of U.S. banks and develop quantitative estimates of the impact of sweep software programs on the demand for bank reserves.Money supply ; Bank reserves

Information Assurance through Binary Vulnerability Auditing

The goal of this research is to develop improved methods of discovering vulnerabilities in software. A large volume of software, from the most frequently used programs on a desktop computer, such as web browsers, e-mail programs, and word processing applications, to mission-critical services for the space shuttle, is unintentionally vulnerable to attacks and thus insecure. By seeking to improve the identification of vulnerabilities in software, the security community can save the time and money necessary to restore compromised computer systems. In addition, this research is imperative to activities of national security such as counterterrorism. The current approach involves a systematic and complete analysis of the low-level organization of software systems in stark contrast to existing approaches which are either ad-hoc or unable to identify all buffer overflow vulnerabilities. The scope of this project is to develop techniques for identifying buffer overflows in closed-source software where only the software’s executable code is available. These techniques use a comprehensive analysis of the software system’s flow of execution called binary vulnerability auditing. Techniques for binary vulnerability auditing are grounded in science and, while unproven, are more complete than traditional ad-hoc approaches. Since there are several attack vectors in software, this research will focus on buffer overflows, the most common class of vulnerability

Role of ICT and usability of Honeypots in Kenet member institutions in Western Kenya as proactive detection tools for monitoring cyber related incidences

With the advent of the ever changing technology and the intense sophistication in methods and means of committing illegal activities, crime is no longer narrowly defined vies-a-vie the law but there is need to be able to handle technologically oriented crimes commonly referred to as Cybercrimes. Cybercrimes are crimes that involve the use of computers to undertake illegal. Collection of statistics associated with cybercrimes can be quite tricky and daunting, since their collection and tabulation can only be done when aggrieved parties report them. Some of these illegal activities that constitute cybercrimes include, but not limited to, creation of counterfeit currency or official documents using computer scanners and graphics programs, embezzlement of funds using computers to skim very small sums of money from a large number of accounts, distribution of child pornography on the Internet, and theft of digital property. Other crimes that can also be committed include fraud, hate crimes, stalking, gambling, hacking; spread of malware, phishing, spamming, Botnet attacks, DDoS attacks, espionage and money laundering. In this paper we present results on usability of HoneyPots in KENET member institutions in western Kenya as proactive detection tools for monitoring cyber related incidences.Â

Anomaly of Existing Intellectual Property Protection for Software

The digital sphere, “cyberspace,” is growing by leaps and bounds. Computers and programs are making a profound impact on every aspect of human life: education, work, warfare, entertainment and social life, health, law enforcement, etc. For instance, software plays an enormous role in the health sector by assisting in monitoring patients, refilling prescriptions and billing and keeping medical records. In finance, transactions involving calculations such as interest and account balances are operated by software. Air traffic control, flight schedules, booking and related tasks in the airline industry; and calculations of all sorts of incomes, benefits, expenses and interests in insurance and tax administration institutions have been undertaken with the use of software. This is just at the macro/highest level. At the individual level, the more we use digital devices, the more we need to use software to access services and products. So, the fact that people now need access to digital technologies to sustain modern social, economic and political life is not in dispute. Most digital devices such as computers are useless without programs. Simply stated, access to digital technologies depends highly on software. More precisely, it is practically impossible these days to find a life without the involvement of software and software-based devices. Software used to be, in the 1970s and early 1980s, applied to huge mainframe computers that took up the space of, maybe, an entire room. These days, we have software applied everywhere, in many aspects of our lives. It is not just in laptops but also on our mobile devices and is increasingly integrated into all sorts of objects. We hear about the coming “internet of things,” a phrase summing up the radically increasing connectivity of all sorts of items around us that, expectedly, will be communicating with each other. They will be doing so on the basis of software-based algorithms. Our computers, smartphones, etc. are dependent for their functions on these logical instructions. Before the 1960s, vendors distributed and sold software bundled with computer hardware. Professor Pamela Samuelson quoted the work of Justice Stephen Breyer and has stated the following: “Systems software was, ‘and should continue to be, created by hardware manufacturers and sold along with their hardware at a single price”. During that time there was no clearly recognized protection for computer programs. As time went on, vendors began to unbundle software from hardware and started to provide programs to the public separately packaged. With a view to responding to the needs of industry, on one hand, and to advancing innovation, and encouraging the dissemination of useful arts for the general public on the other, different jurisdictions began to afford separate legal protections to computer software. Many jurisdictions opted for copyright protection as the best option. Recent international copyright treaties such as the World Intellectual Property Organization Copy Rights Treaty (WCT) and the World Trade Organization Trade related aspects of Intellectual Property Right (TRIPS) have a clause on the copyrightability of computer programs. Obviously, it is reasonable to raise questions as to why it is not included in early copyright instruments such as the Berne Convention for the Protection of Literary and Artistic Works. There were early concerns as to the inclusion of computer software in international copyright instruments. This was, partly, justified by the non-inclusion of computer software in Berne Convention. At the regional level, too, certain jurisdictions have adopted separate copyright instruments for the protections of computer software. Nation states such as the U.S. , Canada , Ethiopia , etc. also have recognized the copyrightability of computer programs. A closer look at the history of the tendency to regard software as a copyrightable subject matter tells us that the choice was not the result of research and in-depth study. We also see widespread protection of software products by patent law. In spite of the absence of legislation which directly allows for the patentability of computer software, we witness frequent disputes and litigation as regards the scope and extent of software protection. In addition to intellectual property protections, computing companies are using technological means to exclude others from using their digital works. This approach is called self-regulation. They do so by using technology: encryption, coding, etc. It is also illegal to reverse engineer and decompile computer programs. A trade secret can be used to protect computer software, especially the inner working of software. Software developers also use the law of industrial design as another form of protection for the ‘look and feel’ aspect of their software. On the other extreme, we see some movements which advocate for free and open-source software. It is based on a unique model of innovation. Free software can have two formats: free or open-source software. They are sometimes called FLOSS (Free/Libre/Open Source Software). When we say software is free, we mean that users can use it as they wish, modify it or fix some of its bugs, redistribute it, and access its source code. The problem with existing software protection is that it overlooks its special nature. Software is unique. It involves the writing of millions of lines of codes in the form of source code. There is no dispute as to why software is protected. Writing those millions of lines of code requires an investment of time, intellect and money. Hence, protection is required. The issue is as to the choice of the form of protection. So, this thesis argues the blanket copyright and patent protections of software raise a fairness issue, particularly from the perspective of the consumer’s interest. It also argues the existing laws governing computer software lack clarity and certainty. . Overall, the thesis discusses the existing legal framework for computer programs. It concludes that the system needs reform as it mainly considers the interest of software industry. In other words, consumers and new entrants’ interests have not been given much regard. More importantly, the thesis reflects on the general purpose of intellectual property rights and their applicability to computer programs. The most important reason for the reform is the unique nature of software. By doing so, the thesis suggests for the adoption of special law for computer programs

The Creation of typographic specifications for desktop publishing software

As computers become more abundant in the home and office, more people are performing tasks that once would have been done by a skilled professional. Computers and software programs have become easier to use, including desktop publishing programs. Programs are now available that allow anyone to become a designer. Through this, however, most typographers agree, the typographic quality of documents has suffered. Many companies are now designing their own media, in an effort to save money. The documents they create are adequate, but there is something missing. Though they may not be able to explain why, most people can appreciate the appearance of the professionally typeset page. The goal of this thesis project is to make it easier for a non-professional to make typo graphically pleasing text pages. The basic rules of typography, without regard to fluxuating design trends, have essentially stayed the same for hundreds of years. Background research for this project was completed by studying historically significant typographic manuals of the last 300 years. Research began with Joseph Moxon\u27s Mechanick Exercises (1694) and ended with the most recent edition of The Chicago Manual of Style (1993), one of today\u27s most highly regarded manuals. From this background research, minimum and preferred software requirements for desktop publishing software applications were created. The purpose of these requirements is to encourage software manufacturers to incorporate more automation in regard to typography, as well as to encourage improved default settings in their software applications. The goal was to make the minimum requirements realistically achievable. Many of the minimum requirements are currently available in software programs; however, no one program contains all of the requirements. Each software program has strengths and weaknesses. From these lists of requirements, the specifications for the ideal software application were created. Through this ideal application, all of the best features of current software programs were brought together, in addition to a few innovative ideas. These specifications only relate to the typographic capabilities of the software, and do not include other areas such as color or image manipulation. Though these specifications could vastly improve on the quality of typography produced electronically, automated tasks completed by a computer will never produce the same results as a job done manually by a skilled professional. Computer programming is limited and many typographic rules cannot be adequately defined in a computer algorithm. Though perfection may not be attainable, improvement is possible

The Chameleon Team

Project Leaders: Barbara Buffaloe, Katie Grantham Lough, Luke Wesselschmidt, Jacqueline McDermott-Kelty, Rashad Abdul-Majid, Bryan Glass, Heather BensonProposal for the 2008 project: "The Chameleon Team." The University of Missouri?Columbia (MU) and Missouri University of Science and Technology (S&T) have teamed to develop an exciting energy conservation product. The Chameleon project will produce an artificially intelligent residential energy management system designed to blend into its environment. Upon successful completion of this project, the Chameleon home automation system will enable the average homeowner to conserve energy and save money by simply having the system installed in their home and not changing any of their daily activities. This total budget of the design, development, and implementation of Chameleon�s prototypes is well over the budget for this funding opportunity, this proposal will focus on the educational partnerships required to develop the user interface for the system. This multi?university undergraduate student project incorporates engineering, architectural studies, and interior design students to develop a seamlessly integrated and highly functioning home automation system that requires no technical skills to operate. The underlying technology that enables the project is the IT capabilities of both universities which will enable weekly video?conference design meetings as well as internet accessible energy monitoring data available in real �time. In addition, students on both campuses utilize computer programs specific to their disciplines and learn program associated with other disciplines due to the multidisciplinary efforts required. For example, S&T students use the computer program, Maui Solar, to estimate the size and placement of solar panels for home energy production. MU students often suggest solar energy production on their concept designs but do not know the details of how and where to place the modules. Working together with the computer program, students from both campuses are learning the importance of each disciplines� core software programs. The Chameleon team�s proposal for the Interdisciplinary Innovation Fund meets the requirement from the MU Information Technology Committee. The student led team is working to make the UM system a leader in energy conservation through the use of cutting edge technology and multidisciplinary design efforts that make the technology available to the average homeowner.MU Interdisciplinary Innovations Fun

Software Obfuscation with Symmetric Cryptography

Software protection is of great interest to commercial industry. Millions of dollars and years of research are invested in the development of proprietary algorithms used in software programs. A reverse engineer that successfully reverses another company‘s proprietary algorithms can develop a competing product to market in less time and with less money. The threat is even greater in military applications where adversarial reversers can use reverse engineering on unprotected military software to compromise capabilities on the field or develop their own capabilities with significantly less resources. Thus, it is vital to protect software, especially the software’s sensitive internal algorithms, from adversarial analysis. Software protection through obfuscation is a relatively new research initiative. The mathematical and security community have yet to agree upon a model to describe the problem let alone the metrics used to evaluate the practical solutions proposed by computer scientists. We propose evaluating solutions to obfuscation under the intent protection model, a combination of white-box and black-box protection to reflect how reverse engineers analyze programs using a combination white-box and black-box attacks. In addition, we explore use of experimental methods and metrics in analogous and more mature fields of study such as hardware circuits and cryptography. Finally, we implement a solution under the intent protection model that demonstrates application of the methods and evaluation using the metrics adapted from the aforementioned fields of study to reflect the unique challenges in a software-only software protection technique

Social Security Administration: Workloads, Resources, and Service Delivery

Some Members of Congress have expressed concern about whether the Social Security Administration (SSA) has adequate resources to manage its workloads. The agency has struggled to provide quality service to the public. Backlogs in the disability programs have caused widespread concern. SSA’s efforts to ensure the accuracy of benefit payments have declined. Many applicants and beneficiaries have experienced long waits at field offices and on the phone. SSA’s workloads are growing as the population increases, the baby boomers retire, the economic situation worsens, and the agency takes on new and more complex responsibilities. SSA’s primary workload is administering the Social Security and Supplemental Security Income (SSI) programs. In addition, SSA provides substantial administrative support to Medicare and other programs, and partners with the Department of Homeland Security in verifying employment eligibility. The resources SSA has to meet its growing workloads include funding, staff, infrastructure, and management. In recent years, SSA’s administrative funding has increased, but has generally fallen short of requests by the SSA Commissioner and the Bush Administration. SSA’s FY2008 appropriation was the first time that Congress appropriated at or above the President’s budget request in over ten years. SSA’s staffing levels have decreased overall and fluctuated among the specialized staff who manage key workloads; at the same time, SSA’s productivity has increased, according to agency measures. The agency has gradually modernized its technological infrastructure and made efforts to streamline its processes, but independent analysts have argued that these initiatives fall short of what is needed to meet SSA’s growing workloads. Congress could facilitate changes at SSA through the appropriations and oversight processes. Options for congressional action include changing the amount of SSA’s administrative expenses and how they are financed. For example, the Social Security Advisory Board (SSAB) has recommended that Congress increase funding for SSA’s administrative expenses, arguing that the agency does not have adequate resources. The board has also suggested excluding SSA’s administrative costs from discretionary spending caps. The Government Accountability Office (GAO) has recommended dedicating funds for program integrity. Congress could also use its oversight powers to encourage more effective management at SSA in areas such as implementing technological improvements, streamlining processes, and recruiting and retaining key staff. Congress could decide not to take any action. However, inaction would likely have consequences. As SSA’s workloads increase, it is unlikely that the agency would be able to reduce the backlogs in the disability programs, and possible that the backlogs would grow further, resulting in longer waits for potential beneficiaries. Managing growing workloads could also preclude efforts to maintain or increase the program integrity activities that are projected to save the Social Security and SSI programs money in the long run. Customer service problems could be difficult to address in the absence of additional staff or resources. Finally, SSA’s outdated computer systems pose security risks and are vulnerable to collapse, according to outside experts. This report provides an overview of SSA’s workloads, resources, and service delivery, as well as issues for Congress. It does not cover H.R. 1 and S.Amdt. 98, which are intended to provide a stimulus to the economy. For more information on that legislation, please see CRS Report R40188, Comparison of Social Security Provisions in the Stimulus Packages Proposed by the House of Representatives and Senate. This report will not be updated

ANEX: Automated Network Exploitation through Penetration Testing

Cyber attacks are a growing concern in our modern world, making security evaluation a critical venture. Penetration testing, the process of attempting to compromise a computer network with controlled tests, is a proven method of evaluating a system\u27s security measures. However, penetration tests, and preventive security analysis in general, require considerable investments in money, time, and labor, which can cause them to be overlooked. Alternatively, automated penetration testing programs are used to conduct a security evaluation with less user effort, lower cost, and in a shorter period of time than manual penetration tests. The trade-off is that automated penetration testing tools are not as effective as manual tests. They are not as flexible as manual testing, cannot discover every vulnerability, and can lead to a false sense of security. The development of better automated tools can help organizations quickly and frequently know the state of their security measures and can help improve the manual penetration testing process by accelerating repetitive tasks without sacrificing results. This thesis presents Automated Network Exploitation through Penetration Testing (ANEX), an automated penetration testing system designed to infiltrate a computer network and map paths from a compromised network machine to a specified target machine. Our goal is to provide an effective security evaluation solution with minimal user involvement that is easily deployable in an existing system. ANEX demonstrates that important security information can be gathered through automated tools based solely on free-to-use programs. ANEX can also enhance the manual penetration testing process by quickly accumulating information about each machine to develop more focused testing procedures. Our results show that we are able to successfully infiltrate multiple network levels and exploit machines not directly accessible to our testing machine with mixed success. Overall, our design shows the efficacy of utilizing automated and open-source tools for penetration testing