Software reverse engineering education

Software Reverse Engineering (SRE) is the practice of analyzing a software system, either in whole or in part, to extract design and implementation information. A typical SRE scenario would involve a software module that has worked for years and carries several rules of a business in its lines of code. Unfortunately the source code of the application has been lost; what remains is “native ” or “binary ” code. Reverse engineering skills are also used to detect and neutralize viruses and malware as well as to protect intellectual property. It became frighteningly apparent during the Y2K crisis that reverse engineering skills were not commonly held amongst programmers. Since that time, much research has been undertaken to formalize the types of activities that fall into the category of reverse engineering so that these skills can be taught to computer programmers and testers. To help address the lack of software reverse engineering education, several peer-reviewed articles on software reverse engineering, re-engineering, reuse, maintenance, evolution, and security were gathered with the objective of developing relevant, practical exercises for instructional purposes. The research revealed that SRE is fairly well described and most of the related activities fall into one of tw

On the Feasibility of an Energy Reporting System in London - City Knowledge, the Merton Rule, and Building Birth Certificates

The Borough of Merton has decided to look into City Knowledge as a tool for better monitoring of the Merton Rule. To obtain the initial information for this rule the Merton Council requires developers to submit Building Birth Certificates indicating what carbon reduction methods they will implement. These forms, however, are cumbersome for the developers to complete and time consuming for the Merton Council to evaluate. The goals of this project are to use the principles of City Knowledge to lay the groundwork for the prototype of the monitoring system as well as to create an intuitive online entry form to replace the current Building Birth Certificates

Euler characteristics of Hilbert schemes of points on simple surface singularities

We study the geometry and topology of Hilbert schemes of points on the orbifold surface [C^2/G], respectively the singular quotient surface C^2/G, where G is a finite subgroup of SL(2,C) of type A or D. We give a decomposition of the (equivariant) Hilbert scheme of the orbifold into affine space strata indexed by a certain combinatorial set, the set of Young walls. The generating series of Euler characteristics of Hilbert schemes of points of the singular surface of type A or D is computed in terms of an explicit formula involving a specialized character of the basic representation of the corresponding affine Lie algebra; we conjecture that the same result holds also in type E. Our results are consistent with known results in type A, and are new for type D.Comment: 57 pages, final version. To appear in European Journal of Mathematic

Numerical Relativity: A review

Computer simulations are enabling researchers to investigate systems which are extremely difficult to handle analytically. In the particular case of General Relativity, numerical models have proved extremely valuable for investigations of strong field scenarios and been crucial to reveal unexpected phenomena. Considerable efforts are being spent to simulate astrophysically relevant simulations, understand different aspects of the theory and even provide insights in the search for a quantum theory of gravity. In the present article I review the present status of the field of Numerical Relativity, describe the techniques most commonly used and discuss open problems and (some) future prospects.Comment: 2 References added; 1 corrected. 67 pages. To appear in Classical and Quantum Gravity. (uses iopart.cls

When the stars align’: decision-making in the NSW juvenile justice system 1990-2005

This thesis examines decision-making in the New South Wales juvenile justice system. It investigates what factors and which people influenced the setting of policy agendas and the choice of policy options during the period 1990 – 2005. Using data from in-depth interviews with key policy actors and from documentary analysis, it aims to identify the dynamic interplay of historical, institutional, legal, professional, pragmatic and political factors within wider economic, social and public policy contexts to explore how and why juvenile justice policy developed in the way that it did during this period. The time frame for the study begins with the publication of the report Kids In Justice: A Blueprint for the Nineties by the NSW Youth Justice Coalition, and continues to 2005, a year marked by the publication of the NSW Law Reform Commission’s Report on Young Offenders, public street disturbances in suburbs of Sydney and the resignation of the Labor Premier the Hon. Bob Carr on August 6th. This time frame is significant as it epitomizes what appears to be a gradual, although not complete shift in approaches to juvenile justice policy: from the promise of potentially progressive diversionary strategies envisaged in the Kids in Justice Report to an approach which increasingly appeared to be concerned with control and punishment and with appeasing media demands. The thesis is a trans disciplinary study. It draws on insights from law, policy studies, media studies and criminology, and pulls them together to develop a unique analytical approach to juvenile justice. It adopts a blended theoretical perspective by combining key elements of critical social sciences with complexity theory together, in an approach, which has been termed by Byrne (1998, 2011) as ‘complex realism’ and by Carroll (2009) as ‘critical complexity’. The thesis concludes that decision takes place within an historically contingent context of what can be termed ‘negotiated order’. There are elements of certainty in the decision-making process but it is also characterised by serendipity and change. Policy processes are dynamic and change can be at times minimal and incremental and at other times monumental. It is argued that people and their ambitions, emotions, skills and experiences are absolutely fundamental to any understanding of policy and this thesis emphasises their role in decision-making. It is anticipated that the insights gathered from looking at this moment in the history of juvenile justice and the influences on decision-making will not only contribute to a more detailed understanding of the policy process in criminology and related disciplines, but might also provide those engaged in advocacy and reform with some tools for even more effective action

Designing the Extended Zero Trust Maturity Model A Holistic Approach to Assessing and Improving an Organization’s Maturity Within the Technology, Processes and People Domains of Information Security

Zero Trust is an approach to security where implicit trust is removed, forcing applications, workloads, servers and users to verify themselves every time a request is made. Furthermore, Zero Trust means assuming anything can be compromised, and designing networks, identities and systems with this in mind and following the principle of least privilege. This approach to information security has been coined as the solution to the weaknesses of traditional perimeter-based information security models, and adoption is starting to increase. However, the principles of Zero Trust are only applied within the technical domain to aspects such as networks, data and identities in past research. This indicates a knowledge gap, as the principles of Zero Trust could be applied to organizational domains such as people and processes to further strengthen information security, resulting in a holistic approach. To fill this gap, we employed design science research to develop a holistic maturity model for Zero Trust maturity based on these principles: The EZTMM. We performed two systematic literature reviews on Zero Trust and Maturity Model theory respectively and collaborated closely with experts and practitioners on the operational, tactical and strategic levels of six different organizations. The resulting maturity model was anchored in prior Zero Trust and maturity model literature, as well as practitioner and expert experiences and knowledge. The EZTMM was evaluated by our respondent organizations through two rounds of interviews before being used by one respondent organization to perform a maturity assessment of their own organization as a part of our case study evaluation. Each interview round resulted in ample feedback and learning, while the case study allowed us to evaluate and improve on the model in a real-world setting. Our contribution is twofold: A fully functional, holistic Zero Trust maturity model with an accompanying maturity assessment spreadsheet (the artifact), and our reflections and suggestions regarding further development of the EZTMM and research on the holistic application of Zero Trust principles for improved information security

Designing the Extended Zero Trust Maturity Model A Holistic Approach to Assessing and Improving an Organization’s Maturity Within the Technology, Processes and People Domains of Information Security

Zero Trust is an approach to security where implicit trust is removed, forcing applications, workloads, servers and users to verify themselves every time a request is made. Furthermore, Zero Trust means assuming anything can be compromised, and designing networks, identities and systems with this in mind and following the principle of least privilege. This approach to information security has been coined as the solution to the weaknesses of traditional perimeter-based information security models, and adoption is starting to increase. However, the principles of Zero Trust are only applied within the technical domain to aspects such as networks, data and identities in past research. This indicates a knowledge gap, as the principles of Zero Trust could be applied to organizational domains such as people and processes to further strengthen information security, resulting in a holistic approach. To fill this gap, we employed design science research to develop a holistic maturity model for Zero Trust maturity based on these principles: The EZTMM. We performed two systematic literature reviews on Zero Trust and Maturity Model theory respectively and collaborated closely with experts and practitioners on the operational, tactical and strategic levels of six different organizations. The resulting maturity model was anchored in prior Zero Trust and maturity model literature, as well as practitioner and expert experiences and knowledge. The EZTMM was evaluated by our respondent organizations through two rounds of interviews before being used by one respondent organization to perform a maturity assessment of their own organization as a part of our case study evaluation. Each interview round resulted in ample feedback and learning, while the case study allowed us to evaluate and improve on the model in a real-world setting. Our contribution is twofold: A fully functional, holistic Zero Trust maturity model with an accompanying maturity assessment spreadsheet (the artifact), and our reflections and suggestions regarding further development of the EZTMM and research on the holistic application of Zero Trust principles for improved information security