Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge

When critical assets or functionalities are included in a piece of software accessible to the end users, code protections are used to hinder or delay the extraction or manipulation of such critical assets. The process and strategy followed by hackers to understand and tamper with protected software might differ from program understanding for benign purposes. Knowledge of the actual hacker behaviours while performing real attack tasks can inform better ways to protect the software and can provide more realistic assumptions to the developers, evaluators, and users of software protections. Within Aspire, a software protection research project funded by the EU under framework programme FP7, we have conducted three industrial case studies with the involvement of professional penetration testers and a public challenge consisting of eight attack tasks with open participation. We have applied a systematic qualitative analysis methodology to the hackers’ reports relative to the industrial case studies and the public challenge. The qualitative analysis resulted in 459 and 265 annotations added respectively to the industrial and to the public challenge reports. Based on these annotations we built a taxonomy consisting of 169 concepts. They address the hacker activities related to (i) understanding code; (ii) defining the attack strategy; (iii) selecting and customizing the tools; and (iv) defeating the protections. While there are many commonalities between professional hackers and practitioners, we could spot many fundamental differences. For instance, while industrial professional hackers aim at elaborating automated and reproducible deterministic attacks, practitioners prefer to minimize the effort and try many different manual tasks. This analysis allowed us to distill a number of new research directions and potential improvements for protection techniques. In particular, considering the critical role of analysis tools, protection techniques should explicitly attack them, by exploiting analysis problems and complexity aspects that available automated techniques are bad at addressing

A three-state mathematical model of hyperthermic cell death.

Thermal treatments for tissue ablation rely upon the heating of cells past a threshold beyond which the cells are considered destroyed, denatured, or killed. In this article, a novel three-state model for cell death is proposed where there exists a vulnerable state positioned between the alive and dead states used in a number of existing cell death models. Proposed rate coefficients include temperature dependence and the model is fitted to experimental data of heated co-cultures of hepatocytes and lung fibroblasts with very small RMS error. The experimental data utilized include further reductions in cell viabilities over 24 and 48 h post-heating and these data are used to extend the three-state model to account for slow cell death. For the two cell lines employed in the experimental data, the three parameters for fast cell death appear to be linearly increasing with % content of lung fibroblast, while the sparse nature of the data did not indicate any co-culture make-up dependence for the parameters for slow cell death. A critical post-heating cell viability threshold is proposed beyond which cells progress to death; and these results are of practical importance with potential for more accurate prediction of cell death

High-resolution contrast enhanced multi-phase hepatic computed tomography data fromaporcine Radio-Frequency Ablation study

Data below 1 mm voxel size is getting more and more common in the clinical practice but it is still hard to obtain a consistent collection of such datasets for medical image processing research. With this paper we provide a large collection of Contrast Enhanced (CE) Computed Tomography (CT) data from porcine animal experiments and describe their acquisition procedure and peculiarities. We have acquired three CE-CT phases at the highest available scanner resolution of 57 porcine livers during induced respiratory arrest. These phases capture contrast enhanced hepatic arteries, portal venous veins and hepatic veins. Therefore, we provide scan data that allows for a highly accurate reconstruction of hepatic vessel trees. Several datasets have been acquired during Radio-Frequency Ablation (RFA) experiments. Hence, many datasets show also artificially induced hepatic lesions, which can be used for the evaluation of structure detection methods