Ghera: A Repository of Android App Vulnerability Benchmarks

Security of mobile apps affects the security of their users. This has fueled the development of techniques to automatically detect vulnerabilities in mobile apps and help developers secure their apps; specifically, in the context of Android platform due to openness and ubiquitousness of the platform. Despite a slew of research efforts in this space, there is no comprehensive repository of up-to-date and lean benchmarks that contain most of the known Android app vulnerabilities and, consequently, can be used to rigorously evaluate both existing and new vulnerability detection techniques and help developers learn about Android app vulnerabilities. In this paper, we describe Ghera, an open source repository of benchmarks that capture 25 known vulnerabilities in Android apps (as pairs of exploited/benign and exploiting/malicious apps). We also present desirable characteristics of vulnerability benchmarks and repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1

An Institutional Frame to Compare Alternative Market Designs in EU Electricity Balancing

The so-called â electricity wholesale marketâ is, in fact, a sequence of several markets. The chain is closed with a provision for â balancing,â in which energy from all wholesale markets is balanced under the authority of the Transmission Grid Manager (TSO in Europe, ISO in the United States). In selecting the market design, engineers in the European Union have traditionally preferred the technical role of balancing mechanisms as â security mechanisms.â They favour using penalties to restrict the use of balancing energy by market actors. While our paper in no way disputes the importance of grid security, nor the competency of engineers to elaborate the technical rules, we wish to attract attention to the real economic consequences of alternative balancing designs. We propose a numerical simulation in the framework of a two-stage equilibrium model. This simulation allows us to compare the economic properties of designs currently existing within the European Union and to measure their fallout. It reveals that balancing designs, which are typically presented as simple variants on technical security, are in actuality alternative institutional frameworks having at least four potential economic consequences: a distortion of the forward price; an asymmetric shift in the participantsâ profits; an increase in the System Operatorâ s revenues; and inefficiencies

The Missing Link - Economic Exposure and Pension Plan Risk

The funding position of a defined benefit pension plan is often closely linked to the performance of the sponsoring company's business. For example, a plan sponsor whose financial health is dependent on high oil prices may struggle during periods of oil price weakness. If the pension plan’s assets perform poorly at this time, the ability of the sponsor to address any funding requirement could be restricted precisely when the need for funding is heightened. In this paper, we propose an approach to dealing with joint plan and sponsor risk that can provide protection against extreme adverse events for the sponsor. In particular, adopt a strategy of minimising a portfolio’s expected losses in the event of an assumed drop of x% in the oil price. Our methodology relies on an asset allocation framework which takes into account the impact of serial correlation in asset returns, as well as the negative skewness and leptokurtosis resulting from the non-normal shape of marginal distributions of historical asset returns. We also make use of copulas to measure the dependence between asset class returns

Attributing returns and optimising United States swaps portfolios using an intertemporally-consistent and arbitrage-free model of the yield curve

This paper uses the volatility-adjusted orthonormalised Laguerre polynomial model of the yield curve (the VAO model) from Krippner (2005), an intertemporally-consistent and arbitrage-free version of the popular Nelson and Siegel (1987) model, to develop a multi-dimensional yield-curve-based risk framework for fixed interest portfolios. The VAO model is also used to identify relative value (i.e. potential excess returns) from the universe of securities that define the yield curve. In combination, these risk and return elements provide an intuitive framework for attributing portfolio returns ex-post, and for optimising portfolios ex-ante. The empirical applications are to six years of daily United States interest rate swap data. The first application shows that the main sources of fixed interest portfolio risk (i.e. unanticipated variability in ex-post returns) are first-order (‘duration’) effects from stochastic shifts in the level and shape of the yield curve; second-order (‘convexity’) effects and other contributions are immaterial. The second application shows that fixed interest portfolios optimised ex-ante using the VAO model risk/relative framework significantly outperform a naive evenly-weighted benchmark over time

Vulnerability : a view from different disciplines

Practitioners from different disciplines use different meanings and concepts of vulnerability, which, in turn, have led to diverse methods of measuring it. This paper presents a selective review of the literature from several disciplines to examine how they define and measure vulnerability. The disciplines include economics, sociology/anthropology, disaster management, environmental science, and health/nutrition. Differences between the disciplines can be explained by their tendency to focus on different components of risk, household responses to risk and welfare outcomes. In general, they focus either on the risks (at one extreme) or the underlying conditions (or outcomes) at the other. Trade-offs exist between simple measurement schemes and rich conceptual understanding.Environmental Economics&Policies,Health Economics&Finance,Insurance&Risk Mitigation,Economic Theory&Research,Rural Poverty Reduction

A Benchmark Approach to Investing and Pricing

This paper introduces a general market modeling framework, the benchmark approach, which assumes the existence of the numeraire portfolio. This is the strictly positive portfolio that when used as benchmark makes all benchmarked nonnegative portfolios supermartingales, that is intuitively speaking downward trending or trendless. It can be shown to equal the Kelly portfolio which maximizes expected logarithmic utility. In several ways the Kelly or numeraire portfolio is the "best" performing portfolio and can not be out performed systematically by any other nonnegative portfolio. Its use in pricing as numeraire leads directly to the real world pricing formula, which employs the real world probability when calculating conditional expectations. In a large regular financial market, the Kelly portfolio is shown to be approximated by well diversified portfolios.Kelly portfolio; real world pricing; numeraire portfolio; strong arbitrage; diversification