Preventing SQL Injection through Automatic Query Sanitization with ASSIST

Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL injection vulnerabilities in code. In our technique, a combination of static analysis and program transformation are used to automatically instrument web applications with sanitization code. We have implemented this technique in a tool named ASSIST (Automatic and Static SQL Injection Sanitization Tool) for protecting Java-based web applications. Our experimental evaluation showed that our technique is effective against SQL injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

Regulating Complexity in Financial Markets

As the financial crisis has tragically illustrated, the complexities of modern financial markets and investment securities can trigger systemic market failures. Addressing these complexities, this Article maintains, is perhaps the greatest financial-market challenge of the future. The Article first examines and explains the nature of these complexities. It then analyzes the regulatory and other steps that should be considered to reduce the potential for failure. Because complex financial markets resemble complex engineering systems, and failures in those markets have characteristics of failures in those systems, the Article‟s analysis draws on chaos theory and other approaches used to analyze complex engineering systems

Regulating Ex Post: How Law Can Address the Inevitability of Financial Failure

Unlike many other areas of regulation, financial regulation operates in the context of a complex interdependent system. The interconnections among firms, markets, and legal rules have implications for financial regulatory policy, especially the choice between ex ante regulation aimed at preventing financial failure and ex post regulation aimed at responding to that failure. Regulatory theory has paid relatively little attention to this distinction. Were regulation to consist solely of duty-imposing norms, such neglect might be defensible. In the context of a system, however, regulation can also take the form of interventions aimed at mitigating the potentially systemic consequences of a financial failure. We show that this dual role of financial regulation implies that ex ante regulation and ex post regulation should be balanced in setting financial regulatory policy, and we offer guidelines for achieving that balance

Towards Data Protection Compliance

Privacy and data protection are fundamental issues nowadays for every organization. This paper calls for the development of methods, techniques and infrastructure to allow the deployment of privacy-aware IT systems, in which humans are integral part of the organizational processes and accountable for their possible misconduct. In particular, we discuss the challenges to be addressed in order to improve organizations privacy practices, as well as the approach to ensure compliance with legal requirements and increasing efficiency

Women\u2019s human rights when experiencing humanitarian crises and conflicts: the impact of United Nations Security Council Resolutions on women, peace, security, and the CEDAW General Recommendation no. 30.

Violence and insecurity are strictly linked to unequal political, social, and economic power. However, the continuity of violence is obscured by masculinist and patriarchal rules of security within gendered structures, especially inside the division of public/private dimensions and spaces, of production-reproduction activities, and of conflicts of war/peace. Nowadays, there is a general perception of the gendered dimensions of humanitarian emergencies in public policy outcomes and more in general in institutional contexts where the central role of women in security and maintaining peace, at all levels of decision making, both prior to, during, and after the conflict stage, hostilities, and peace-keeping and peace-building stages, as well as in trying to pursue a condition of reconciliation and reconstruction, has been formally recognized at international level. Nevertheless, it is necessary to focus on some problems related to the conceptualization of and legal provision for \u2018gender based security\u2019 and its subsequent effects upon accountability, with particular reference to transitional justice and post-conflict societies. It is important to assess a range of contemporary issues implicated for women and security, such as violence and other forms of harassment in times of post-conflict