65 research outputs found

    Evaluation Methodologies in Software Protection Research

    Full text link
    Man-at-the-end (MATE) attackers have full control over the system on which the attacked software runs, and try to break the confidentiality or integrity of assets embedded in the software. Both companies and malware authors want to prevent such attacks. This has driven an arms race between attackers and defenders, resulting in a plethora of different protection and analysis methods. However, it remains difficult to measure the strength of protections because MATE attackers can reach their goals in many different ways and a universally accepted evaluation methodology does not exist. This survey systematically reviews the evaluation methodologies of papers on obfuscation, a major class of protections against MATE attacks. For 572 papers, we collected 113 aspects of their evaluation methodologies, ranging from sample set types and sizes, over sample treatment, to performed measurements. We provide detailed insights into how the academic state of the art evaluates both the protections and analyses thereon. In summary, there is a clear need for better evaluation methodologies. We identify nine challenges for software protection evaluations, which represent threats to the validity, reproducibility, and interpretation of research results in the context of MATE attacks

    Caribbean cultural heritage and the nation:Aruba, Bonaire and Curaçao in a regional context

    Get PDF
    Centuries of intense migrations have deeply impacted expressions of cultural heritage on the ABC islands: Aruba, Bonaire, and Curaçao. This volume queries how cultural heritage on these Dutch Caribbean islands relates to the work of nation building and nation-branding. How does the imagining of a shared political “we” relates to images deliberately produced to market these islands to a world of capital? The contributing authors in this volume address this leading question in their essays that describe and analyze the expressions of the ABC islands. In doing so they compare and contrast nation building and branding on the ABC islands to those taking place in the wider Caribbean. The expressions of cultural heritage discussed range from the importance of sports, music, literature and visual arts to those related to the political economy of tourism, the work of museums, the activism surrounding the question of reparations, and the politics and policies affecting the Caribbean Diasporas in the North Atlantic. This volume adds to the understanding of the dynamics of nation, culture and economy in the Caribbean

    Representations and Reparations of Slavery in the Caribbean

    Get PDF

    Analyzing the Unanalyzable: an Application to Android Apps

    Get PDF
    In general, software is unreliable. Its behavior can deviate from users’ expectations because of bugs, vulnerabilities, or even malicious code. Manually vetting software is a challenging, tedious, and highly-costly task that does not scale. To alleviate excessive costs and analysts’ burdens, automated static analysis techniques have been proposed by both the research and practitioner communities making static analysis a central topic in software engineering. In the meantime, mobile apps have considerably grown in importance. Today, most humans carry software in their pockets, with the Android operating system leading the market. Millions of apps have been proposed to the public so far, targeting a wide range of activities such as games, health, banking, GPS, etc. Hence, Android apps collect and manipulate a considerable amount of sensitive information, which puts users’ security and privacy at risk. Consequently, it is paramount to ensure that apps distributed through public channels (e.g., the Google Play) are free from malicious code. Hence, the research and practitioner communities have put much effort into devising new automated techniques to vet Android apps against malicious activities over the last decade. Analyzing Android apps is, however, challenging. On the one hand, the Android framework proposes constructs that can be used to evade dynamic analysis by triggering the malicious code only under certain circumstances, e.g., if the device is not an emulator and is currently connected to power. Hence, dynamic analyses can -easily- be fooled by malicious developers by making some code fragments difficult to reach. On the other hand, static analyses are challenged by Android-specific constructs that limit the coverage of off-the-shell static analyzers. The research community has already addressed some of these constructs, including inter-component communication or lifecycle methods. However, other constructs, such as implicit calls (i.e., when the Android framework asynchronously triggers a method in the app code), make some app code fragments unreachable to the static analyzers, while these fragments are executed when the app is run. Altogether, many apps’ code parts are unanalyzable: they are either not reachable by dynamic analyses or not covered by static analyzers. In this manuscript, we describe our contributions to the research effort from two angles: ① statically detecting malicious code that is difficult to access to dynamic analyzers because they are triggered under specific circumstances; and ② statically analyzing code not accessible to existing static analyzers to improve the comprehensiveness of app analyses. More precisely, in Part I, we first present a replication study of a state-of-the-art static logic bomb detector to better show its limitations. We then introduce a novel hybrid approach for detecting suspicious hidden sensitive operations towards triaging logic bombs. We finally detail the construction of a dataset of Android apps automatically infected with logic bombs. In Part II, we present our work to improve the comprehensiveness of Android apps’ static analysis. More specifically, we first show how we contributed to account for atypical inter-component communication in Android apps. Then, we present a novel approach to unify both the bytecode and native in Android apps to account for the multi-language trend in app development. Finally, we present our work to resolve conditional implicit calls in Android apps to improve static and dynamic analyzers

    Gurus and Media: Sound, image, machine, text and the digital

    Get PDF
    Gurus and Media is the first book dedicated to media and mediation in domains of public guruship and devotion. Illuminating the mediatisation of guruship and the guru-isation of media, it bridges the gap between scholarship on gurus and the disciplines of media and visual culture studies. It investigates guru iconographies in and across various time periods and also the distinctive ways in which diverse gurus engage with and inhabit different forms of media: statuary, games, print publications, photographs, portraiture, films, machines, social media, bodies, words, graffiti, dolls, sound, verse, tombs and more. The book’s interdisciplinary chapters advance, both conceptually and ethnographically, our understanding of the function of media in the dramatic production of guruship, and reflect on the corporate branding of gurus and on mediated guruship as a series of aesthetic traps for the captivation of devotees and others. They show how different media can further enliven the complex plurality of guruship, for instance in instantiating notions of ‘absent-present’ guruship and demonstrating the mutual mediation of gurus, caste and Hindutva. Throughout, the book foregrounds contested visions of the guru in the development of devotional publics and pluriform guruship across time and space. Thinking through the guru’s many media entanglements in a single place, the book contributes new insights to the study of South Asian religions and to the study of mediation more broadly

    Representations and Reparations of Slavery in the Caribbean

    Get PDF
    How is slavery represented in museums all over the Caribbean and does this reflect local debates on Reparation

    Caribbean cultural heritage and the nation:Aruba, Bonaire and Curaçao in a regional context

    Get PDF

    Caribbean cultural heritage and the nation: Aruba, Bonaire and Curaçao in a regional context

    Get PDF
    Centuries of intense and involuntary migrations deeply impacted the development of the creolised cultures on the Dutch Caribbean islands of Aruba, Bonaire, and Curaçao. This volume describes various forms of cultural heritage produced on these islands over time and whether these heritages are part of their ‘national’ identifications. What forms of heritage express the idea of a shared “we” (nation-building) and what images are presented to the outside world (nation-branding)? What cultural heritage is shared between the islands and what are some real or perceived differences? In this book, examples of cultural heritage on these three islands ranging from sports to questions of reparations, from museums to digital humanities, from archaeology to music, from language and literature to tourism, and from visual art to diaspora policies are compared to developments elsewhere in the Caribbean.Funded by the Dutch Research Council (NWO
    • 

    corecore