Measuring Software Diversity, with Applications to Security

In this work, we briefly introduce and discuss some of the diversity measures used in Ecology. After a succinct description and analysis of the most relevant ones, we single out the Shannon-Weiner index. We justify why it is the most informative and relevant one for measuring software diversity. Then, we show how it can be used for effectively assessing the diversity of various real software ecosystems. We discover in the process a frequently overlooked software monopoly, and its key security implications. We finally extract some conclusions from the results obtained, focusing mostly on their security implications.Comment: 10 pages, 5 figure

Mismatch between entrepreneurs and their firms: the role of cognitive fit / misfit

(WP 10/04 Clave pdf) This paper examines the relationship between cognitive fit/misfit, and burnout, satisfaction, and intentions to exit the firm in entrepreneurs. Given the disordinal (crossed) nature of the significant interactions, the results indicate when cognitive misfit in entrepreneurs (based on their dominant decision-making approach) is more likely lead them to experience negative outcomes, given the nature and degree of firm structure.

On the limits of engine analysis for cheating detection in chess

The integrity of online games has important economic consequences for both the gaming industry and players of all levels, from professionals to amateurs. Where there is a high likelihood of cheating, there is a loss of trust and players will be reluctant to participate — particularly if this is likely to cost them money. Chess is a game that has been established online for around 25 years and is played over the Internet commercially. In that environment, where players are not physically present “over the board” (OTB), chess is one of the most easily exploitable games by those who wish to cheat, because of the widespread availability of very strong chess-playing programs. Allegations of cheating even in OTB games have increased significantly in recent years, and even led to recent changes in the laws of the game that potentially impinge upon players’ privacy. In this work, we examine some of the difficulties inherent in identifying the covert use of chess-playing programs purely from an analysis of the moves of a game. Our approach is to deeply examine a large collection of games where there is confidence that cheating has not taken place, and analyse those that could be easily misclassified. We conclude that there is a serious risk of finding numerous “false positives” and that, in general, it is unsafe to use just the moves of a single game as prima facie evidence of cheating. We also demonstrate that it is impossible to compute definitive values of the figures currently employed to measure similarity to a chess-engine for a particular game, as values inevitably vary at different depths and, even under identical conditions, when multi-threading evaluation is used

Sustainability analysis of copper extraction and processing using LCA methods

The concept of sustainability on the one hand and the extraction and processing of primary resources on the other, at first glance, appear to be in conflict, since the production processes deplete resources that are strictly considered finite. In addition, these processes inevitably disturb the environment. This is especially true in copper production considering this is a metal with a high global demand, currently mined at increasingly low grades. Life Cycle Assessment (LCA) is an established method to assess the sustainability profile of products, processes and systems that has become important in recent years through the establishment of the ISO 14040 series of standards. Although LCA studies on mining and mineral processing systems, including copper, have been carried out since the mid- to late 1990s; these studies are limited to the ore extraction and mineral processing, not considering waste management, which is absent from all LCA based sustainability assessment of metal production systems reported in literature. In addition the low level of detail used in conventional LCA tools (not accounting for emissions at unit process level) lead to oversimplifications and underestimation of the true impacts. In this PhD research an LCA model has been developed to assess the impacts of copper mining and processing, considering the mine, mineral processing and waste disposal facilities life cycles as part of the copper production. The model is designed at unit process level and integrates the mining (open-pit and underground), mineral processing and waste management processes and accounts for emissions to the different environmental compartments (air, water, soil). The life cycle inventory (LCI) models developed are designed using specific activity data at component unit-process level together with emission factors from literature (US EPA, Australian NPI) and engineering calculations or models. The model developed uses mass balance/equilibrium calculations from intermediate products, resource consumption rates or activity levels to estimate life cycle estimates. The model functionality is illustrated using a true Chilean mine case study which was parameterised using mining, mineral processing and waste disposal facilities information for a baseline year when detailed operational data and key variables were recorded. The different LCA impact indicators estimated are carbon footprint (or global warming potential), water footprint, human toxicity, resource depletion and ecotoxicity (USEtox). Different Life Cycle Impact Assessment (LCIA) methods, chosen from the most recent and widely used LCIA methods, are utilised to compare the different methods results. Extensive Sensitivity and Monte Carlo analysis is performed to assess the uncertainty of key parameters. The response of the LCA impact indicator scores to the variation of variables such as the copper ore grade, copper recovery efficiency, average stripping ratio, electricity grid mix, are evaluated and presented.Open Acces

El derecho a la libertad de expresión e información en el ordenamiento constitucional colombiano y su relación con el proceso de paz

Artículo de reflexiónEn el presente trabajo investigativo se analiza por medio del método dogmático y hermenéutico y de forma sistemática el derecho a la libertad de expresión e información, partiendo de la premisa de que es un postulado que fue establecido en el ordenamiento jurídico colombiano por parte del constituyente derivado – es decir, por la Asamblea Nacional Constituyente – como un derecho de categoría fundamental. Se analiza de manera general el marco normativo internacional que sustenta su existencia y, el conjunto de instrumentos internacionales que han sido incorporados al denominado bloque de constitucionalidad por medio del proceso de ratificación en el Congreso de la República. Se examina además, su ejercicio por parte de los medios de comunicación en el proceso de paz colombiano, por lo anterior, se buscará determinar la forma por medio de la cual se manifestó el ejercicio de dicho postulado constitucional en el proceso de paz, teniendo en cuenta que es uno de los derechos esenciales para el real funcionamiento de la sociedad democrática que garantiza la libertad de expresar y difundir el propio pensamiento, opiniones, informaciones e ideas, sin limitación de fronteras y a través de cualquier medio de expresión.INTRODUCCIÓN 1. ANÁLISIS SEMÁNTICO DEL CONCEPTO DE MEDIOS DE COMUNICACIÓN 2. LOS MEDIOS DE COMUNICACIÓN Y SU RELACIÓN CON EL DERECHO A LA LIBERTAD DE EXPRESIÓN Y DE INFORMACIÓN 3. LOS MEDIOS DE COMUNICACIÓN Y EL ACUERDO DE PAZ COLOMBIANO CONCLUSIONES REFERENCIASPregradoAbogad

Cryptanalysis of the RSA-CEGD protocol

Recently, Nenadi\'c et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others. In this paper, we demonstrate how this protocol cannot achieve fairness by presenting a severe attack and also pointing out some other weaknesses.Comment: 8 pages, 1 figur