Towards the Automated Detection of Unknown Malware on Live Systems

Abstract—In this paper, we propose a new system monitoring framework that can serve as an enabler for automated malware detection on live systems. Our approach takes advantage of the increased availability of hardware assisted virtualization capabilities of modern CPUs, and its basic novelty consists in launching a hypervisor layer on the live system without stopping and restarting it. This hypervisor runs at a higher privilege level than the OS itself, thus, it can be used to observe the behavior of the analyzed system in a transparent manner. For this purpose, we also propose a novel system call tracing method that is designed to be configurable in terms of transparency and granularity. I

Employee Testing, Tracing, and Disclosure as a Response to the Coronavirus Pandemic

As the COVID-19 pandemic continues to devastate the United States, the federal government has largely failed to implement a national program to prevent and contain the virus. As a result, many employers have undertaken their own workplace coronavirus mitigation efforts. This essay examines, in three parts, the legal framework surrounding employer systems of workplace testing, tracing, and disclosure. It first examines the legal issues surrounding employer-mandated COVID-19 testing and temperature checks, especially issues arising under the Americans with Disabilities Act (ADA) and Health Information Portability and Accountability Act (HIPAA). Regarding employer contact tracing efforts, the essay next reviews the multitude of new digital tools and applications designed to aid in contact tracing and how these may implicate various state and federal privacy laws. Finally, the essay looks into employer disclosure of employee infections, including legal ramifications under the ADA, HIPAA, and other privacy laws. Our conclusion: employer testing, tracing, and disclosure programs are legally feasible but require careful planning and execution to protect employee privacy interests

Employee Testing, Tracing, and Disclosure as a Response to the Coronavirus Pandemic

Testing, tracing, and disclosure is a common workplace safety measure implemented to mitigate the spread of the coronavirus in the United States. The absence of a coordinated national response presented local governments and private businesses with difficult questions regarding operation in the pandemic. This Article analyzes the legal framework for this approach, specifically addressing concerns of invasion into worker privacy. This Article encourages employers to develop their own testing, tracing, and disclosure systems to prevent widespread workplace outbreaks, avoid costly litigation, and preserve their business operations. Steps integral to the system include: providing clear notice to employees about what is required of them and how the employer will use employees’ personal information; limiting sharing of personal information to those who “need to know;” crafting disclosures that protect individual privacy while promptly alerting affected employees of potential virus exposure; and maintaining strong data security systems and practices

EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination

Software security researchers commonly reverse engineer and analyze current malicious software (malware) to determine what the latest techniques malicious attackers are utilizing and how to protect computer systems from attack. The most common analysis methods involve examining how the program behaves during execution and interpreting its machine-level instructions. However, modern malicious applications use advanced anti-debugger, anti-virtualization, and code packing techniques to obfuscate the malware\u27s true activities and divert security analysts. Malware analysts currently do not have a simple method for tracing malicious code activity at the instruction-level in a highly undetectable environment. There also lacks a simple method for combining actual run-time register and memory values with statically disassembled code. Combining statically disassembled code with the run-time values found in the memory and registers being accessed would create a new level of analysis possible by combining key aspects of static analysis with dynamic analysis. This thesis presents EtherAnnotate, a new extension to the Xen Ether virtualization framework and the IDA Pro disassembler to aid in the task of malicious software analysis. This new extension consists of two separate components - an enhanced instruction tracer and a graphical annotation and visualization plug-in for IDA Pro. The specialized instruction tracer places a malware binary into a virtualized environment and records the contents of all processor general register values that occur during its execution. The annotation plug-in for IDA Pro interprets the output of the instruction tracer and adds line comments of the register values in addition to visualizing code coverage of all disassembled instructions that were executed during the malware\u27s execution. These two tools can be combined to provide a new level of introspection for advanced malware that was not available with the previous state-of-the-art analysis tools --Abstract, page iii

Nazi Punks Folk Off: Leisure, Nationalism, Cultural Identity and the Consumption of Metal and Folk Music

Far-right activists have attempted to infiltrate and use popular music scenes to propagate their racialised ideologies. This paper explores attempts by the far right to co-opt two particular music scenes: black metal and English folk. Discourse tracing is used to explore online debates about boundaries, belonging and exclusion in the two scenes, and to compare such online debates with ethnographic work and previous research. It is argued that both scenes have differently resisted the far right through the policing of boundaries and communicative choices, but both scenes are compromised by their relationship to myths of whiteness and the instrumentality of the pop music industry

The “New World Order”: From Unilateralism to Cosmopolitanism. CES Germany & Europe Working Papers, no. 04.1, 2004

On January 26, 2004, the topic of the CES-Berlin Dialogues was “The ‘New World Order’: From Unilateralism to Cosmopolitanism.” It was the second in a series of four meetings organized in Berlin under the heading “Redefining Justice.” The session was intended to examine successful and failed arenas of cooperation between the US and Europe; political misunderstandings and conscious manipulation; and models for future transatlantic relations. The presenters were Jeffrey Herf, Professor of History, University of Maryland, and Prof. Dr. Jürgen Neyer, Professor of International Political Economy, Ludwig-Maximilians-University of Munich, and Heisenberg Fellow of the Deutsche Forschungsgemeinschaft at the Department of Political and Social Sciences of the Freie Universität Berlin. Jeffrey Herf was asked to speak on the basic tenets of U.S. foreign policy in the administration of President George W. Bush, and Jürgen Neyer focused on the European view of international relations and conduct in the period since the invasion of Iraq

“Legal Form and Legal Legitimacy: The IHRA Definition of Antisemitism as a Case Study in Censored Speech”

The challenge posed by legal indeterminacy to legal legitimacy has generally been considered from points of view internal to the law and its application. But what becomes of legal legitimacy when the legal status of a given norm is itself a matter of contestation? This article, the first extended scholarly treatment of the International Holocaust Remembrance Alliance (IHRA)’s new definition of antisemitism, pursues this question by examining recent applications of the IHRA definition within the UK following its adoption by the British government in 2016. Instead of focusing on this definition’s substantive content, I show how the document reaches beyond its self-described status as a “non-legally binding working definition” and comes to function as what I call a quasi-law, in which capacity it exercises the de facto authority of the law, without having acquired legal legitimacy. Broadly, this work elucidates the role of speech codes in restricting freedom of expression within liberal states

Harzer Roller: Linker-Based Instrumentation for Enhanced Embedded Security Testing

Due to the rise of the Internet of Things, there are many new chips and platforms available for hobbyists and industry alike to build smart devices. The SDKs for these new platforms usually include closed-source binaries containing wireless protocol implementations, cryptographic implementations, or other library functions, which are shared among all user code across the platform. Leveraging such a library vulnerability has a high impact on a given platform. However, as these platforms are often shipped ready-to-use, classic debug infrastructure like JTAG is often times not available. In this paper, we present a method, called Harzer Roller, to enhance embedded firmware security testing on resource-constrained devices. With the Harzer Roller, we hook instrumentation code into function call and return. The hooking not only applies to the user application code but to the SDK used to build firmware as well. While we keep the design of the Harzer Rollergenerally architecture independent, we provide an implementation for the ESP8266 Wi-Fi IoT chip based on the xtensa architecture. We show that the Harzer Roller can be leveraged to trace execution flow through libraries without available source code and to detect stack-based buffer-overflows. Additionally, we showcase how the overflow detection can be used to dump debugging information for later analysis. This enables better usage of a variety of software security testing methods like fuzzing of wireless protocol implementations or proof-of-concept attack development.Comment: 9 Pages, 7 Figures, ROOTS'1