Software Attestation with Static and Dynamic Techniques

L'abstract è presente nell'allegato / the abstract is in the attachmen

Privacy issues of ISPs in the modern web

In recent years, privacy issues in the networking field are getting more important. In particular, there is a lively debate about how Internet Service Providers (ISPs) should collect and treat data coming from passive network measurements. This kind of information, such as flow records or HTTP logs, carries considerable knowledge from several points of view: traffic engineering, academic research, and web marketing can take advantage from passive network measurements on ISP customers. Nevertheless, in many cases collected measurements contain personal and confidential information about customers exposed to monitoring, thus raising several ethical issues. Modern web is very different from the one we experienced few years ago: web services converged to few protocols (i.e., HTTP and HTTPS) and a large share of traffic is encrypted. The aim of this work is to provide an insight about which information is still visible to ISPs, with particular attention to novel and emerging protocols, and to what extent it carries personal information. We illustrate that sensible information, such as website history, is still exposed to passive monitoring. We illustrate privacy and ethical issues deriving by the current situation and provide general guidelines and best practices to cope with the collection of network traffic measurements

On the impossibility of effectively using likely-invariants for software attestation purposes

Invariants monitoring is a software attestation technique that aims at proving the integrity of a running application by checking likely-invariants, which are statistically significant predicates inferred on variables’ values. Being very promising, according to the software protection literature, we developed a technique to remotely monitor invariants. This paper presents the analysis we have performed to assess the effectiveness of our technique and the effectiveness of likely-invariants for software attestation purposes. Moreover, it illustrates the identified limitations and our studies to improve the detection abilities of this technique. Our results suggest that, despite further studies and future results may increase the efficacy and reduce the side effects, software attestation based on likely-invariants is not yet ready for the real world. Software developers should be warned of these limitations, if they could be tempted by adopting this technique, and companies developing software protections should not invest in development without also investing in further research

Comparative analysis of neural networks techniques to forecast Airfare Prices

With the growth of tourism industry, airplanes have became an affordable choice for medium- and long-distance travels. Accurate forecasting of flights tickets helps the aviation industry to match demand, supply flexibly and optimize aviation resources. Airline companies use dynamic pricing strategies to determine the price of airline tickets to maximize profits. Passengers want to purchase tickets at the lowest selling price for the flight of their choice. However, airline tickets are a special commodity that is time-sensitive and scarce, and the price of airline tickets is affected by various factors. Our research work provides a systematic comparison of various traditional machine learning methods (i.e., Ridge Regression, Lasso Regression, K-Nearest Neighbor, Decision Tree, XGBoost, Random Forest) and deep learning methods (e.g., Fully Connected Networks, Convolutional Neural Networks, Transformer) to address the problem of airfare prediction, by keeping the consumers’ needs. Moreover, we proposed innovative Bayesian neural networks, which represent the first exploitation attempt of Bayesian Inference for the airfare prediction task, to the best of our knowledge. Therefore, we evaluate the performance of our implemented and optimized models on an open dataset. The experimental results show that deep learning-based methods achieve better results on average than traditional ones, while Bayesian neural networks can achieve better performance among the other machine learning methods. However, taking into account both prediction performance and computational time, the Random Forest turns out to be the best choice to apply in this scenario

Towards Automatic Risk Analysis and Mitigation of Software Applications

This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications

Empirical assessment of the effort needed to attack programs protected with client/server code splitting

Context. Code hardening is meant to fight malicious tampering with sensitive code executed on client hosts. Code splitting is a hardening technique that moves selected chunks of code from client to server. Although widely adopted, the effective benefits of code splitting are not fully understood and thoroughly assessed. Objective. The objective of this work is to compare non protected code vs. code splitting protected code, considering two levels of the chunk size parameter, in order to assess the effectiveness of the protection - in terms of both attack time and success rate - and to understand the attack strategy and process used to overcome the protection. Method. We conducted an experiment with master students performing attack tasks on a small application hardened with different levels of protection. Students carried out their task working at the source code level. Results. We observed a statistically significant effect of code splitting on the attack success rate that, on the average, was reduced from 89% with unprotected clear code to 52% with the most effective protection. The protection variant that moved some small-sized code chunks turned out to be more effective than the alternative moving fewer but larger chunks. Different strategies were identified yielding different success rates. Moreover, we discovered that successful attacks exhibited different process w.r.t. failed ones.Conclusions We found empirical evidence of the effect of code splitting, assessed the relative magnitude, and evaluated the influence of the chunk size parameter. Moreover, we extracted the process used to overcome such obfuscation technique

A Novel Network Integrating a miRNA-203/SNAI1 Feedback Loop which Regulates Epithelial to Mesenchymal Transition

BACKGROUND: The majority of human cancer deaths are caused by metastasis. The metastatic dissemination is initiated by the breakdown of epithelial cell homeostasis. During this phenomenon, referred to as epithelial to mesenchymal transition (EMT), cells change their genetic and trancriptomic program leading to phenotypic and functional alterations. The challenge of understanding this dynamic process resides in unraveling regulatory networks involving master transcription factors (e.g. SNAI1/2, ZEB1/2 and TWIST1) and microRNAs. Here we investigated microRNAs regulated by SNAI1 and their potential role in the regulatory networks underlying epithelial plasticity. RESULTS: By a large-scale analysis on epithelial plasticity, we highlighted miR-203 and its molecular link with SNAI1 and the miR-200 family, key regulators of epithelial homeostasis. During SNAI1-induced EMT in MCF7 breast cancer cells, miR-203 and miR-200 family members were repressed in a timely correlated manner. Importantly, miR-203 repressed endogenous SNAI1, forming a double negative miR203/SNAI1 feedback loop. We integrated this novel miR203/SNAI1 with the known miR200/ZEB feedback loops to construct an a priori EMT core network. Dynamic simulations revealed stable epithelial and mesenchymal states, and underscored the crucial role of the miR203/SNAI1 feedback loop in state transitions underlying epithelial plasticity. CONCLUSION: By combining computational biology and experimental approaches, we propose a novel EMT core network integrating two fundamental negative feedback loops, miR203/SNAI1 and miR200/ZEB. Altogether our analysis implies that this novel EMT core network could function as a switch controlling epithelial cell plasticity during differentiation and cancer progression

Induction of cell proliferation and survival genes by estradiol-repressed microRNAs in breast cancer cells

<p>Abstract</p> <p>Background</p> <p>In estrogen responsive MCF-7 cells, estradiol (E₂) binding to ERα leads to transcriptional regulation of genes involved in the control of cell proliferation and survival. MicroRNAs (miRNAs) have emerged as key post-transcriptional regulators of gene expression. The aim of this study was to explore whether miRNAs were involved in hormonally regulated expression of estrogen responsive genes.</p> <p>Methods</p> <p>Western blot and QPCR were used to determine the expression of estrogen responsive genes and miRNAs respectively. Target gene expression regulated by miRNAs was validated by luciferase reporter assays and transfection of miRNA mimics or inhibitors. Cell proliferation was evaluated by MTS assay.</p> <p>Results</p> <p>E₂significantly induced bcl-2, cyclin D1 and survivin expression by suppressing the levels of a panel of miRNAs (miR-16, miR-143, miR-203) in MCF-7 cells. MiRNA transfection and luciferase assay confirmed that bcl-2 was regulated by miR-16 and miR-143, cyclinD1 was modulated by miR-16. Importantly, survivin was found to be targeted by miR-16, miR-143, miR-203. The regulatory effect of E₂can be either abrogated by anti-estrogen ICI 182, 780 and raloxifene pretreatment, or impaired by ERα siRNA, indicating the regulation is dependent on ERα. In order to investigate the functional significance of these miRNAs in estrogen responsive cells, miRNAs mimics were transfected into MCF-7 cells. It revealed that overexpression of these miRNAs significantly inhibited E₂-induced cell proliferation. Further study of the expression of the miRNAs indicated that miR-16, miR-143 and miR-203 were highly expressed in triple positive breast cancer tissues, suggesting a potential tumor suppressing effect of these miRNAs in ER positive breast cancer.</p> <p>Conclusions</p> <p>These results demonstrate that E₂induces bcl-2, cyclin D1 and survivin by orchestrating the coordinate downregulation of a panel of miRNAs. In turn, the miRNAs manifest growth suppressive effects and control cell proliferation in response to E₂. This sheds a new insight into the integral post-transcriptional regulation of cell proliferation and survival genes by miRNAs, a potential therapeutic option for breast cancer.</p

Shedding Light on The Role of Keratinocyte-Derived Extracellular Vesicles on Skin-Homing Cells

Extracellular vesicles (EVs) are secretory lipid membranes with the ability to regulate cellular functions by exchanging biological components between different cells. Resident skin cells such as keratinocytes, fibroblasts, melanocytes, and inflammatory cells can secrete different types of EVs depending on their biological state. These vesicles can influence the physiological properties and pathological processes of skin, such as pigmentation, cutaneous immunity, and wound healing. Since keratinocytes constitute the majority of skin cells, secreted EVs from these cells may alter the pathophysiological behavior of other skin cells. This paper reviews the contents of keratinocyte-derived EVs and their impact on fibroblasts, melanocytes, and immune cells to provide an insight for better understanding of the pathophysiological mechanisms of skin disorders and their use in related therapeutic approaches