The Development Of The Merchant Advance Industry As An Example Of Innovation In The Financial Markets

The capital markets, like all areas of business, evolve over time. This evolution is often made possible by the application of technology. In particular, stock and bond markets, as well as options, commodities and derivatives markets, have all undergone enormous and rapid transformations due to the application of technology (Gurbaxani & Whang, 1991; Carlsson & Stankiewicz, 1995). These transformations, because of economies of scale, have benefited large businesses more than small businesses. This article 1) outlines the development of a new form of financing for small business that has become possible as a result of technological innovation, 2) describes why it has advantages in some circumstances over existing forms of financing, and 3) examines why the existence of this form of financing may have positive effects in terms of job creation

Execution Integrity with In-Place Encryption

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect against code-reuse attacks while at the same time offering security guarantees similar to those of software diversity, control-flow integrity, and information hiding. We present Scylla, a scheme that deploys a new technique for in-place code encryption to hide the code layout of a randomized binary, and restricts the control flow to a benign execution path. This allows us to i) implicitly restrict control-flow targets to basic block entries without requiring the extraction of a control-flow graph, ii) achieve execution integrity within legitimate basic blocks, and iii) hide the underlying code layout under malicious read access to the program. Our analysis demonstrates that Scylla is capable of preventing state-of-the-art attacks such as just-in-time return-oriented programming (JIT-ROP) and crash-resistant oriented programming (CROP). We extensively evaluate our prototype implementation of Scylla and show feasible performance overhead. We also provide details on how this overhead can be significantly reduced with dedicated hardware support

OS-level Attacks and Defenses: from Software to Hardware-based Exploits

Run-time attacks have plagued computer systems for more than three decades, with control-flow hijacking attacks such as return-oriented programming representing the long-standing state-of-the-art in memory-corruption based exploits. These attacks exploit memory-corruption vulnerabilities in widely deployed software, e.g., through malicious inputs, to gain full control over the platform remotely at run time, and many defenses have been proposed and thoroughly studied in the past. Among those defenses, control-flow integrity emerged as a powerful and effective protection against code-reuse attacks in practice. As a result, we now start to see attackers shifting their focus towards novel techniques through a number of increasingly sophisticated attacks that combine software and hardware vulnerabilities to construct successful exploits. These emerging attacks have a high impact on computer security, since they completely bypass existing defenses that assume either hardware or software adversaries. For instance, they leverage physical effects to provoke hardware faults or force the system into transient micro-architectural states. This enables adversaries to exploit hardware vulnerabilities from software without requiring physical presence or software bugs. In this dissertation, we explore the real-world threat of hardware and software-based run-time attacks against operating systems. While memory-corruption-based exploits have been studied for more than three decades, we show that data-only attacks can completely bypass state-of-the-art defenses such as Control-Flow Integrity which are also deployed in practice. Additionally, hardware vulnerabilities such as Rowhammer, CLKScrew, and Meltdown enable sophisticated adversaries to exploit the system remotely at run time without requiring any memory-corruption vulnerabilities in the system’s software. We develop novel design strategies to defend the OS against hardware-based attacks such as Rowhammer and Meltdown to tackle the limitations of existing defenses. First, we present two novel data-only attacks that completely break current code-reuse defenses deployed in real-world software and propose a randomization-based defense against such data-only attacks in the kernel. Second, we introduce a compiler-based framework to automatically uncover memory-corruption vulnerabilities in real-world kernel code. Third, we demonstrate the threat of Rowhammer-based attacks in security-sensitive applications and how to enable a partitioning policy in the system’s physical memory allocator to effectively and efficiently defend against such attacks. We demonstrate feasibility and real-world performance through our prototype for the popular and widely used Linux kernel. Finally, we develop a side-channel defense to eliminate Meltdown-style cache attacks by strictly isolating the address space of kernel and user memory

Padrão de evolução das bandeiras de catástrofe na apreciação e na transposição efectiva de uma fasquia horizontal: estudo transversal em crianças dos 3 aos 7 anos de idade

O estudo da catástrofe, entendida como o processo de transição de um estado estável para outro estado estável, tem sido usado para se compreender o processo de desenvolvimento motor. Fomos verificar se o padrão de catástrofe se alterava entre os 3 e os 7 anos perante alteração da altura de uma barreira horizontal, em duas condições: (i) percepção – a criança referir se passaria por baixo ou por cima; (ii) acção - realizar a transposição. Foi aplicado o procedimento scanning para detecção de bandeiras de catástrofe. Dos 4 aos 7 anos, a bandeira contraste acentuado predominou na condição percepção, tendo sido secundada pela bandeira histerese na condição acção. O intervalo de transição foi superior na condição percepção. A bandeira salto abrupto foi mais frequente na condição acção e a ausência de bimodalidade foi mais frequente na condição percepção. Em qualquer condição e em ambos os sentidos de alteração da altura da fasquia, as crianças de 7 anos mudaram de comportamento numa altura média da fasquia inferior às de 6 anos. Os 3 anos foram os que se revelaram na condição acção mais condicionados pelo ensaio anterior (histerese), e foram o grupo mais heterogéneo na condição percepção. Dos 4 aos 7 anos, as crianças refugiaram-se numa maior margem de segurança na condição percepção. Até aos 7 anos o sistema perceptivo visual isolado é menos afinado aos constrangimentos da tarefa do que o sistema perceptivo-motorFCTinfo:eu-repo/semantics/publishedVersio

Percepção e acção na transposição de uma fasquia horizontal: estudo transversal em crianças dos 3 aos 7 anos de idade

O ciclo percepção-acção é essencial para a regulação afinada da acção motora. Num estudo transversal, colocámos 90 crianças entre os 3 e os 7 anos de idade, perante alteração progressiva de uma fasquia horizontal, em duas condições: i) percepção – a criança dizia se passaria por baixo ou por cima da fasquia; ii) acção – a criança transpunha-a. Para obviar as diferenças antropométricas, determinou-se o valor pi da proporção altura da fasquia/distância gancho solo, onde ocorreu mudança de comportamento. Dos 3 para os 7 anos ocorreu: (i) uma inversão dos valores pi médios entre condições, que aos 3 anos são inferiores na condição acção (ns), e aos 6 e 7 anos são significativamente inferiores na condição percepção; (ii) na condição percepção, um aumento constante da consistência da resposta entre crianças da mesma idade; e (iii) uma redução sistemática e significativa do número de derrubes da fasquia. Os resultados sustentam a importância da preservação do ciclo percepção-acção na sintonia entre constrangimentos intrínsecos e extrínsecos. Na acção, as crianças conservaram mais o comportamento anterior; na percepção, foram se revelando com o aumento da idade mais susceptíveis ao constrangimento espacial, o que está de acordo com o conceito de diferenciação perceptiva. A ausência de diferença no valor pi entre idades sustenta o conceito de escala corporal.FCTinfo:eu-repo/semantics/publishedVersio

Scott William Sloan 1954–2019

Scott Sloan (1954–2019) was a leader of academic engineering in Australia and beyond, as evidenced by his numerous professional accolades and important research achievements, which have had significant impact on his chosen profession of geotechnical engineering. Educated in Australia and the United Kingdom, he returned to Australia in 1984 and developed a large and active research group at the University of Newcastle, and tackled a wide range of important problems in civil and mining engineering. These include the development of computational methods to predict the mechanical behaviour of soil and rock masses, and his pioneering methods to predict the collapse states of structures made of, on, and in, earth materials, allowing engineers to design cheaper and safer civil infrastructure around the globe. Sloan established long-standing international collaborations and was awarded many honours for his research achievements. He was also a keen and skilful fisherman and a more than competent blues guitar player.Postprint (published version

Is Rust Used Safely by Software Developers?

Rust, an emerging programming language with explosive growth, provides a robust type system that enables programmers to write memory-safe and data-race free code. To allow access to a machine's hardware and to support low-level performance optimizations, a second language, Unsafe Rust, is embedded in Rust. It contains support for operations that are difficult to statically check, such as C-style pointers for access to arbitrary memory locations and mutable global variables. When a program uses these features, the compiler is unable to statically guarantee the safety properties Rust promotes. In this work, we perform a large-scale empirical study to explore how software developers are using Unsafe Rust in real-world Rust libraries and applications. Our results indicate that software engineers use the keyword unsafe in less than 30% of Rust libraries, but more than half cannot be entirely statically checked by the Rust compiler because of Unsafe Rust hidden somewhere in a library's call chain. We conclude that although the use of the keyword unsafe is limited, the propagation of unsafeness offers a challenge to the claim of Rust as a memory-safe language. Furthermore, we recommend changes to the Rust compiler and to the central Rust repository's interface to help Rust software developers be aware of when their Rust code is unsafe

When a Patch is Not Enough - HardFails: Software-Exploitable Hardware Bugs

In this paper, we take a deep dive into microarchitectural security from a hardware designer's perspective by reviewing the existing approaches to detect hardware vulnerabilities during the design phase. We show that a protection gap currently exists in practice that leaves chip designs vulnerable to software-based attacks. In particular, existing verification approaches fail to detect specific classes of vulnerabilities, which we call HardFails: these bugs evade detection by current verification techniques while being exploitable from software. We demonstrate such vulnerabilities in real-world SoCs using RISC-V to showcase and analyze concrete instantiations of HardFails. Patching these hardware bugs may not always be possible and can potentially result in a product recall. We base our findings on two extensive case studies: the recent Hack@DAC 2018 hardware security competition, where 54 independent teams of researchers competed world-wide over a period of 12 weeks to catch inserted security bugs in SoC RTL designs, and an in-depth systematic evaluation of state-of-the-art verification approaches. Our findings indicate that even combinations of techniques will miss high-impact bugs due to the large number of modules with complex interdependencies and fundamental limitations of current detection approaches. We also craft a real-world software attack that exploits one of the RTL bugs from Hack@DAC that evaded detection and discuss novel approaches to mitigate the growing problem of cross-layer bugs at design time