74 research outputs found
Evaluation Methodologies in Software Protection Research
Man-at-the-end (MATE) attackers have full control over the system on which
the attacked software runs, and try to break the confidentiality or integrity
of assets embedded in the software. Both companies and malware authors want to
prevent such attacks. This has driven an arms race between attackers and
defenders, resulting in a plethora of different protection and analysis
methods. However, it remains difficult to measure the strength of protections
because MATE attackers can reach their goals in many different ways and a
universally accepted evaluation methodology does not exist. This survey
systematically reviews the evaluation methodologies of papers on obfuscation, a
major class of protections against MATE attacks. For 572 papers, we collected
113 aspects of their evaluation methodologies, ranging from sample set types
and sizes, over sample treatment, to performed measurements. We provide
detailed insights into how the academic state of the art evaluates both the
protections and analyses thereon. In summary, there is a clear need for better
evaluation methodologies. We identify nine challenges for software protection
evaluations, which represent threats to the validity, reproducibility, and
interpretation of research results in the context of MATE attacks
Spectacular Pain:Violence and the White Gaze in American Commemorative Culture
Using case studies that range from the eighteenth to the twenty-first century in literature, photography, performance, and museums, this thesis examines how the white gaze has shaped commemorative representations of slavery and racial violence. Through mapping how visual representational tropes have rendered the Black body in pain a passive receptacle of violence to accommodate an audiencesâ emotional engagement, I argue that the foundation of commemorative practiceâs focus lies within white western notions of pain, power, and the body, which ultimately risks obfuscating African American lived and historical experience. Fundamentally, this study also considers how Black authors, artists, and activists have worked to respond to and challenge these representations. I begin with an explication of how anti-slavery authors and artists in the late eighteenth and nineteenth centuries perpetuated white modes of looking at Black pain, before proceeding to trace the thread of representations following slavery and abolition that focus primarily on Black pain to emotionally engage with audiences. I interrogate photographic representations of slavery and racial violence, including the famous image of âGordonâ and his scarred back, James Allen and John Littlefieldâs Without Sanctuary collection, and the work of African American photographer J.P. Ball. I also examine reenactment performances including Colonial Williamsburgâs 1994 reenacted slave auction, Conner Prairieâs âFollow the North Starâ programme, Dread Scottâs âSlave Rebellion Reenactmentâ, and the Mooreâs Ford lynching reenactment. This research draws from observational research conducted at key museum and memorial sites, including the Whitney Plantation (2014), the Smithsonianâs National Museum of African American History and Culture (2016), and the Equal Justice Initiativeâs National Memorial to Peace and Justice and Legacy Museum: From Enslavement to Mass Incarceration (2018). As the most recently established sites, these institutions provide an illuminating record of how far commemorative practice has come, and hint at new directions for its future. Ultimately, I advocate for commemorative sites to establish and prioritise explicit connections between slavery, the foundation of the US, and the impact of racial violence on present-day racial inequality. To do so, I highlight the importance of how commemorative sites in the present can draw inspiration from Black embodied acts of counter-narrative production to re-humanise their historical representations of Black enslaved and Black suffering bodies and free them from the constraints of the white gaze
#FOODHERSTORY: Food and American Women's Political Resistance from Suffrage to the Digital Age
Throughout the American experience, women have activated food as a feminist expression of resistance, inverting histories of oppression to empowerment as they campaigned for enfranchisement at the turn of the nineteenth century and used social media feeds as platforms in twenty-first century political protest movements. This dissertation investigates the role of food-related resistance in the long womenâs movement in the United States by critically analyzing how women used material culture and technologies to build networks of empowerment and community. Relying on a diverse set of evidence from food-informed material culture to archival research, ethnography, oral history, and social media analysis, this work is grounded in feminist scholarship, food studies, American studies, and the digital humanities. Thinking about American womenâs history not in waves, but as an additive national recipe in which ingredients, flavors, and methodologies change throughout time reflects both the successes and failures of American womenâs political work overtime. Building on my concurrent work in the food media industry, I utilize first-person participant observation methods (autoethnography) to unpack the largely white-centered legacy of Americaâs womenâs movements, their complicated relationship with food and food production, the sexism, racism, and classism that remain in the fields of food and digital media, and incessant examples of food-related appropriation, exploitation, and profit. Through the analysis of analog food-related literature, including cookbooks, zines, and recipes, this research examines how publication technologies from printing to distribution, amplified womenâs voices across the nation. Investigation of the current food-related womenâs movements on social media underscores the importance of community building and âborn-digitalâ technologies. Focusing on several case studies of women food entrepreneurs and activists from suffrage to the second feminist movement and the post-Roe v. Wade protest of today, reveals a complex landscape of womenâs food-related resistance. The boundaries shaped by privilege and access between virtual/digital technologies and physical, tangible spaces of labor and protest lead to critical discussions regarding American womenâs food-related work particularly working class and working poor women of color in a post-pandemic, politically fractured, economically fraught America.Doctor of Philosoph
Tools and Algorithms for the Construction and Analysis of Systems
This open access book constitutes the proceedings of the 28th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2022, which was held during April 2-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 46 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 159 submissions. The proceedings also contain 16 tool papers of the affiliated competition SV-Comp and 1 paper consisting of the competition report. TACAS is a forum for researchers, developers, and users interested in rigorously based tools and algorithms for the construction and analysis of systems. The conference aims to bridge the gaps between different communities with this common interest and to support them in their quest to improve the utility, reliability, exibility, and efficiency of tools and algorithms for building computer-controlled systems
Viiteraamistik turvariskide haldamiseks plokiahela abil
Turvalise tarkvara loomiseks on olemas erinevad programmid (nt OWASP), ohumudelid (nt STRIDE), turvariskide juhtimise mudelid (nt ISSRM) ja eeskirjad (nt GDPR). Turvaohud aga arenevad pidevalt, sest traditsiooniline tehnoloogiline infrastruktuur ei rakenda turvameetmeid kavandatult. Blockchain nĂ€ib leevendavat traditsiooniliste rakenduste turvaohte. Kuigi plokiahelapĂ”hiseid rakendusi peetakse vĂ€hem haavatavateks, ei saanud need erinevate turvaohtude eest kaitsmise hĂ”bekuuliks. Lisaks areneb plokiahela domeen pidevalt, pakkudes uusi tehnikaid ja sageli vahetatavaid disainikontseptsioone, mille tulemuseks on kontseptuaalne ebaselgus ja segadus turvaohtude tĂ”husal kĂ€sitlemisel. Ăldiselt kĂ€sitleme traditsiooniliste rakenduste TJ-e probleemi, kasutades vastumeetmena plokiahelat ja plokiahelapĂ”histe rakenduste TJ-t. Alustuseks uurime, kuidas plokiahel leevendab traditsiooniliste rakenduste turvaohte, ja tulemuseks on plokiahelapĂ”hine vĂ”rdlusmudel (PV), mis jĂ€rgib TJ-e domeenimudelit. JĂ€rgmisena esitleme PV-it kontseptualiseerimisega alusontoloogiana kĂ”rgema taseme vĂ”rdlusontoloogiat (ULRO). Pakume ULRO kahte eksemplari. Esimene eksemplar sisaldab Cordat, kui lubatud plokiahelat ja finantsjuhtumit. Teine eksemplar sisaldab lubadeta plokiahelate komponente ja tervishoiu juhtumit. MĂ”lemad ontoloogiaesitlused aitavad traditsiooniliste ja plokiahelapĂ”histe rakenduste TJ-es. Lisaks koostasime veebipĂ”hise ontoloogia parsimise tööriista OwlParser. Kaastööde tulemusel loodi ontoloogiapĂ”hine turberaamistik turvariskide haldamiseks plokiahela abil. Raamistik on dĂŒnaamiline, toetab TJ-e iteratiivset protsessi ja potentsiaalselt vĂ€hendab traditsiooniliste ja plokiahelapĂ”histe rakenduste turbeohte.Various programs (e.g., OWASP), threat models (e.g., STRIDE), security risk management models (e.g., ISSRM), and regulations (e.g., GDPR) exist to communicate and reduce the security threats to build secure software. However, security threats continuously evolve because the traditional technology infrastructure does not implement security measures by design. Blockchain is appearing to mitigate traditional applicationsâ security threats. Although blockchain-based applications are considered less vulnerable, they did not become the silver bullet for securing against different security threats. Moreover, the blockchain domain is constantly evolving, providing new techniques and often interchangeable design concepts, resulting in conceptual ambiguity and confusion in treating security threats effectively. Overall, we address the problem of traditional applicationsâ SRM using blockchain as a countermeasure and the SRM of blockchain-based applications. We start by surveying how blockchain mitigates the security threats of traditional applications, and the outcome is a blockchain-based reference model (BbRM) that adheres to the SRM domain model. Next, we present an upper-level reference ontology (ULRO) as a foundation ontology and provide two instantiations of the ULRO. The first instantiation includes Corda as a permissioned blockchain and the financial case. The second instantiation includes the permissionless blockchain components and the healthcare case. Both ontology representations help in the SRM of traditional and blockchain-based applications. Furthermore, we built a web-based ontology parsing tool, OwlParser. Contributions resulted in an ontology-based security reference framework for managing security risks using blockchain. The framework is dynamic, supports the iterative process of SRM, and potentially lessens the security threats of traditional and blockchain-based applications.https://www.ester.ee/record=b551352
Life, Re-Scaled
This edited volume explores new engagements with the life sciences in contemporary fiction, poetry, comics and performance. The gathered case studies investigate how recent creative work reframes the human within microscopic or macroscopic scales, from cellular biology to systems ecology, and engages with the ethical, philosophical, and political issues raised by the twenty-first centuryâs shifting views of life. The collection thus examines literature and performance as spaces that shape our contemporary biological imagination.
Comprised of thirteen chapters by an international group of academics, Life, Re-Scaled: The Biological Imagination in Twenty-First-Century Literature and Performance engages with four main areas of biological study: âInvisible scales: cells, microbes and myceliumâ, âNeuro-medical imaging and diagnosisâ, âPandemic imaginariesâ, and âEcological scalesâ. The authors examine these concepts in emerging forms such as plant theatre, climate change art, ecofiction and pandemic fiction, including the work of Jeff Vandermeer, Jon McGregor, Jeff Lemire, and Extinction Rebellionâs Red Rebel Brigade performances.
This valuable resource moves beyond the biological paradigms that were central to the nineteenth and twentieth centuries, to outline the specificity of a contemporary imagination. Life, Re-Scaled is crucial reading for academics, scholars, and authors alike, as it proposes an unprecedented overview of the relationship between literature, performance and the life sciences in the twenty-first century
Diversification and obfuscation techniques for software security: A systematic literature review
Context: Diversification and obfuscation are promising techniques for securing software and protecting computers from harmful malware. The goal of these techniques is not removing the security holes, but making it difficult for the attacker to exploit security vulnerabilities and perform successful attacks.Objective: There is an increasing body of research on the use of diversification and obfuscation techniques for improving software security; however, the overall view is scattered and the terminology is unstructured. Therefore, a coherent review gives a clear statement of state-of-the-art, normalizes the ongoing discussion and provides baselines for future research.Method: In this paper, systematic literature review is used as the method of the study to select the studies that discuss diversification/obfuscation techniques for improving software security. We present the process of data collection, analysis of data, and report the results.Results: As the result of the systematic search, we collected 357 articles relevant to the topic of our interest, published between the years 1993 and 2017. We studied the collected articles, analyzed the extracted data from them, presented classification of the data, and enlightened the research gaps.Conclusion: The two techniques have been extensively used for various security purposes and impeding various types of security attacks. There exist many different techniques to obfuscate/diversify programs, each of which targets different parts of the programs and is applied at different phases of software development life-cycle. Moreover, we pinpoint the research gaps in this field, for instance that there are still various execution environments that could benefit from these two techniques, including cloud computing, Internet of Things (IoT), and trusted computing. We also present some potential ideas on applying the techniques on the discussed environments.</p
Program Similarity Analysis for Malware Classification and its Pitfalls
Malware classification, specifically the task of grouping malware samples into families according to their behaviour, is vital in order to understand the threat they pose and how to protect against them. Recognizing whether one program shares behaviors with another is a task that requires semantic reasoning, meaning that it needs to consider what a program actually does. This is a famously uncomputable problem, due to Rice\u2019s theorem. As there is no one-size-fits-all solution, determining program similarity in the context of malware classification requires different tools and methods depending on what is available to the malware defender. When the malware source code is readily available (or at least, easy to retrieve), most approaches employ semantic \u201cabstractions\u201d, which are computable approximations of the semantics of the program. We consider this the first scenario for this thesis: malware classification using semantic abstractions extracted from the source code in an open system. Structural features, such as the control flow graphs of programs, can be used to classify malware reasonably well. To demonstrate this, we build a tool for malware analysis, R.E.H.A. which targets the Android system and leverages its openness to extract a structural feature from the source code of malware samples. This tool is first successfully evaluated against a state of the art malware dataset and then on a newly collected dataset. We show that R.E.H.A. is able to classify the new samples into their respective families, often outperforming commercial antivirus software. However, abstractions have limitations by virtue of being approximations. We show that by increasing the granularity of the abstractions used to produce more fine-grained features, we can improve the accuracy of the results as in our second tool, StranDroid, which generates fewer false positives on the same datasets. The source code of malware samples is not often available or easily retrievable. For this reason, we introduce a second scenario in which the classification must be carried out with only the compiled binaries of malware samples on hand. Program similarity in this context cannot be done using semantic abstractions as before, since it is difficult to create meaningful abstractions from zeros and ones. Instead, by treating the compiled programs as raw data, we transform them into images and build upon common image classification algorithms using machine learning. This led us to develop novel deep learning models, a convolutional neural network and a long short-term memory, to classify the samples into their respective families. To overcome the usual obstacle of deep learning of lacking sufficiently large and balanced datasets, we utilize obfuscations as a data augmentation tool to generate semantically equivalent variants of existing samples and expand the dataset as needed. Finally, to lower the computational cost of the training process, we use transfer learning and show that a model trained on one dataset can be used to successfully classify samples in different malware datasets. The third scenario explored in this thesis assumes that even the binary itself cannot be accessed for analysis, but it can be executed, and the execution traces can then be used to extract semantic properties. However, dynamic analysis lacks the formal tools and frameworks that exist in static analysis to allow proving the effectiveness of obfuscations. For this reason, the focus shifts to building a novel formal framework that is able to assess the potency of obfuscations against dynamic analysis. We validate the new framework by using it to encode known analyses and obfuscations, and show how these obfuscations actually hinder the dynamic analysis process
Dis/appearing Acts: Camp, Photographic Self-representation and Ambiguous Queer in/visibility
This practice-led research project examines the aesthetic and critical potentials of
Camp in relation to artistic practices of photographic self-representation. With a focus
on its use in contemporary art, including a large body of my own photographic works,
this project defines Camp as a series of aesthetic and performative intensifications that
can be applied in the production and manipulation of the photographic image. In this
context, Camp produces a range of material, performative, visual and referential
excesses, it amplifies surfaces both in and of the image, and encloses queer
incongruities into the image and image making process. Combined, these strategies
signal a queer perversion of normative photographic practice that troubles the
cameraâs assumed capacity to reveal its subject. This project argues that the queer
artists discussed use Camp to immerse themselves inside highly constructed and
affected photographic images, triggering their own dis/appearance and imaging
themselves in queer states of ambiguous in/visibility. The project results in a body of
work and thesis that together position Camp as no longer simply a mode of gay
performativity, but instead as a creative and critical tool for intervening into and
disrupting dominant representational systems. By embracing surfaces, incongruities
and excesses, Camp photographic practices can produce new queer forms of
in/visibility that refuse normative categories of identification and complicate the
binary of seen/unseen
- âŠ