183 research outputs found
COVID Down Under: where did Australia's pandemic apps go wrong?
Governments and businesses worldwide deployed a variety of technological
measures to help prevent and track the spread of COVID-19. In Australia, these
applications contained usability, accessibility, and security flaws that
hindered their effectiveness and adoption. Australia, like most countries, has
transitioned to treating COVID as endemic. However it is yet to absorb lessons
from the technological issues with its approach to the pandemic. In this short
paper we provide a systematization of the most notable events; identify and
review different failure modes of these applications; and develop
recommendations for developing apps in the face of future crises. Our work
focuses on a single country. However, Australia's issues are particularly
instructive as they highlight surprisingly pitfalls that countries should
address in the face of a future pandemic
Transactional Scripts in Contract Stacks
Deals accomplished through software persistently residing on computer networks—sometimes called smart contracts, but better termed transactional scripts—embody a potentially revolutionary contracting innovation. Ours is the first precise account in the legal literature of how such scripts are created, and when they produce errors of legal significance.Scripts’ most celebrated use case is for transactions operating exclusively on public, permissionless, blockchains: such exchanges eliminate the need for trusted intermediaries and seem to permit parties to commit ex ante to automated performance. But public transactional scripts are costly both to develop and execute, with significant fees imposed for data storage. Worse, bugs practically can’t be eliminated. The result is that many scripts will terminate in misunderstanding, frustrated intent and failure.When code misdelivers, disappointed parties will seek legal recourse. We argue that jurists should situate scripts within other legally operative statements and disclosures, or contract stacks. Precision about the relationship between script and stack sustains a novel framework, rooted in old doctrines of interpretation, parol evidence and equity, that will help jurists compile answers to the private law problems that digitized exchange entails
Thrombotic microangiopathy and associated renal disorders
Thrombotic microangiopathy (TMA) is a pathological process involving thrombocytopenia, microangiopathic haemolytic anaemia and microvascular occlusion. TMA is common to haemolytic uraemic syndrome (HUS) associated with shiga toxin or invasive pneumococcal infection, atypical HUS (aHUS), thrombotic thrombocytopenic purpura (TTP) and other disorders including malignant hypertension. HUS complicating infection with shiga toxin-producing Escherichia coli (STEC) is a significant cause of acute renal failure in children worldwide, occurring sporadically or in epidemics. Studies in aHUS have revealed genetic and acquired factors leading to dysregulation of the alternative complement pathway. TTP has been linked to reduced activity of the ADAMTS13 cleaving protease (typically with an autoantibody to ADAMTS13) with consequent disruption of von Willebrand factor multimer processing. However, the convergence of pathogenic pathways and clinical overlap create diagnostic uncertainty, especially at initial presentation. Furthermore, recent developments are challenging established management protocols. This review addresses the current understanding of molecular mechanisms underlying TMA, relating these to clinical presentation with an emphasis on renal manifestations. A diagnostic and therapeutic approach is presented, based on international guidelines, disease registries and published trials. Early treatment remains largely empirical, consisting of plasma replacement/exchange with the exception of childhood STEC-HUS or pneumococcal sepsis. Emerging therapies such as the complement C5 inhibitor eculizumab for aHUS and rituximab for TTP are discussed, as is renal transplantation for those patients who become dialysis-dependent as a result of aHUS
Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing
APIs often transmit far more data to client applications than they need, and
in the context of web applications, often do so over public channels. This
issue, termed Excessive Data Exposure (EDE), was OWASP's third most significant
API vulnerability of 2019. However, there are few automated tools -- either in
research or industry -- to effectively find and remediate such issues. This is
unsurprising as the problem lacks an explicit test oracle: the vulnerability
does not manifest through explicit abnormal behaviours (e.g., program crashes
or memory access violations).
In this work, we develop a metamorphic relation to tackle that challenge and
build the first fuzzing tool -- that we call EDEFuzz -- to systematically
detect EDEs. EDEFuzz can significantly reduce false negatives that occur during
manual inspection and ad-hoc text-matching techniques, the current most-used
approaches.
We tested EDEFuzz against the sixty-nine applicable targets from the Alexa
Top-200 and found 33,365 potential leaks -- illustrating our tool's broad
applicability and scalability. In a more-tightly controlled experiment of eight
popular websites in Australia, EDEFuzz achieved a high true positive rate of
98.65% with minimal configuration, illustrating our tool's accuracy and
efficiency
Coin-Operated Capitalism
This Article presents the legal literature’s first detailed analysis of the inner workings of Initial Coin Offerings. We characterize the ICO as an example of financial innovation, placing it in kinship with venture capital contracting, asset securitization, and (obviously) the IPO. We also take the form seriously as an example of technological innovation, where promoters are beginning to effectuate their promises to investors through computer code, rather than traditional contract. To understand the dynamics of this shift, we first collect contracts, “white papers,” and other contract-like documents for the fifty top-grossing ICOs of 2017. We then analyze how such projects’ software code reflected (or failed to reflect) their contractual promises. Our inquiry reveals that many ICOs failed even to promise that they would protect investors against insider self-dealing. Fewer still manifested such contracts in code. Surprisingly, in a community known for espousing a technolibertarian belief in the power of “trustless trust” built with carefully designed code, a significant fraction of issuers retained centralized control through previously undisclosed code permitting modification of the entities’ governing structures. These findings offer valuable lessons to legal scholars, economists, and policymakers about the roles played by gatekeepers; about the value of regulation; and the possibilities for socially valuable private ordering in a relatively anonymous, decentralized environment
A Gentle Tutorial for Lattice-Based Cryptanalysis
The applicability of lattice reduction to a wide variety of cryptographic situations makes it an important part of the cryptanalyst\u27s toolbox. Despite this, the construction of lattices and use of lattice reduction algorithms for cryptanalysis continue to be somewhat difficult to understand for beginners. This tutorial aims to be a gentle but detailed introduction to lattice-based cryptanalysis targeted towards the novice cryptanalyst with little to no background in lattices. We explain some popular attacks through a conceptual model that simplifies the various components of a lattice attack
NOTRY: deniable messaging with retroactive avowal
Modern secure messaging protocols typically aim to provide deniability. Achieving this requires that convincing cryptographic transcripts can be forged without the involvement of genuine users. In this work, we observe that parties may wish to revoke deniability and avow a conversation after it has taken place. We propose a new protocol called Not-on-the-Record-Yet (NOTRY) which enables users to prove a prior conversation transcript is genuine. As a key building block we propose avowable designated verifier proofs which may be of independent interest. Our implementation incurs roughly 8× communication and computation overhead over the standard Signal protocol during regular operation. We find it is nonetheless deployable in a realistic setting as key exchanges (the source of the overhead) still complete in just over 1ms on a modern computer. The avowal protocol induces only constant computation and communication performance for the communicating parties and scales linearly in the number of messages avowed for the verifier—in the tens of milliseconds per avowal
Comparison of the regulatory regions of the α1,3galactosyltransferase gene between murine and porcine species
- …