65 research outputs found
The Development Of The Merchant Advance Industry As An Example Of Innovation In The Financial Markets
The capital markets, like all areas of business, evolve over time. This evolution is often made possible by the application of technology. In particular, stock and bond markets, as well as options, commodities and derivatives markets, have all undergone enormous and rapid transformations due to the application of technology (Gurbaxani & Whang, 1991; Carlsson & Stankiewicz, 1995). These transformations, because of economies of scale, have benefited large businesses more than small businesses. This article 1) outlines the development of a new form of financing for small business that has become possible as a result of technological innovation, 2) describes why it has advantages in some circumstances over existing forms of financing, and 3) examines why the existence of this form of financing may have positive effects in terms of job creation
Execution Integrity with In-Place Encryption
Instruction set randomization (ISR) was initially proposed with the main goal
of countering code-injection attacks. However, ISR seems to have lost its
appeal since code-injection attacks became less attractive because protection
mechanisms such as data execution prevention (DEP) as well as code-reuse
attacks became more prevalent.
In this paper, we show that ISR can be extended to also protect against
code-reuse attacks while at the same time offering security guarantees similar
to those of software diversity, control-flow integrity, and information hiding.
We present Scylla, a scheme that deploys a new technique for in-place code
encryption to hide the code layout of a randomized binary, and restricts the
control flow to a benign execution path. This allows us to i) implicitly
restrict control-flow targets to basic block entries without requiring the
extraction of a control-flow graph, ii) achieve execution integrity within
legitimate basic blocks, and iii) hide the underlying code layout under
malicious read access to the program. Our analysis demonstrates that Scylla is
capable of preventing state-of-the-art attacks such as just-in-time
return-oriented programming (JIT-ROP) and crash-resistant oriented programming
(CROP). We extensively evaluate our prototype implementation of Scylla and show
feasible performance overhead. We also provide details on how this overhead can
be significantly reduced with dedicated hardware support
OS-level Attacks and Defenses: from Software to Hardware-based Exploits
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijacking attacks such as return-oriented programming representing the long-standing state-of-the-art in memory-corruption based exploits. These attacks exploit memory-corruption vulnerabilities in widely deployed software, e.g., through malicious inputs, to gain full control over the platform remotely at run time, and many defenses have been proposed and thoroughly studied in the past. Among those defenses, control-flow integrity emerged as a powerful and effective protection against code-reuse attacks in practice. As a result, we now start to see attackers shifting their focus towards novel techniques through a number of increasingly sophisticated attacks that combine software and hardware vulnerabilities to construct successful exploits. These emerging attacks have a high impact on computer security, since they completely bypass existing defenses that assume either hardware or software adversaries. For instance, they leverage physical effects to provoke hardware faults or force the system into transient micro-architectural states. This enables adversaries to exploit hardware vulnerabilities from software without requiring physical presence or software bugs.
In this dissertation, we explore the real-world threat of hardware and software-based run-time attacks against operating systems. While memory-corruption-based exploits have been studied for more than three decades, we show that data-only attacks can completely bypass state-of-the-art defenses such as Control-Flow Integrity which are also deployed in practice. Additionally, hardware vulnerabilities such as Rowhammer, CLKScrew, and Meltdown enable sophisticated adversaries to exploit the system remotely at run time without requiring any memory-corruption vulnerabilities in the system’s software. We develop novel design strategies to defend the OS against hardware-based attacks such as Rowhammer and Meltdown to tackle the limitations of existing defenses. First, we present two novel data-only attacks that completely break current code-reuse defenses deployed in real-world software and propose a randomization-based defense against such data-only attacks in the kernel. Second, we introduce a compiler-based framework to automatically uncover memory-corruption vulnerabilities in real-world kernel code. Third, we demonstrate the threat of Rowhammer-based attacks in security-sensitive applications and how to enable a partitioning policy in the system’s physical memory allocator to effectively and efficiently defend against such attacks. We demonstrate feasibility and real-world performance through our prototype for the popular and widely used Linux kernel. Finally, we develop a side-channel defense to eliminate Meltdown-style cache attacks by strictly isolating the address space of kernel and user memory
Padrão de evolução das bandeiras de catástrofe na apreciação e na transposição efectiva de uma fasquia horizontal: estudo transversal em crianças dos 3 aos 7 anos de idade
O estudo da catástrofe, entendida como o processo de transição de um estado
estável para outro estado estável, tem sido usado para se compreender o
processo de desenvolvimento motor. Fomos verificar se o padrão de catástrofe
se alterava entre os 3 e os 7 anos perante alteração da altura de uma barreira
horizontal, em duas condições: (i) percepção – a criança referir se passaria
por baixo ou por cima; (ii) acção - realizar a transposição. Foi aplicado o
procedimento scanning para detecção de bandeiras de catástrofe. Dos 4 aos
7 anos, a bandeira contraste acentuado predominou na condição percepção,
tendo sido secundada pela bandeira histerese na condição acção. O intervalo
de transição foi superior na condição percepção. A bandeira salto abrupto
foi mais frequente na condição acção e a ausência de bimodalidade foi mais
frequente na condição percepção. Em qualquer condição e em ambos os
sentidos de alteração da altura da fasquia, as crianças de 7 anos mudaram de
comportamento numa altura média da fasquia inferior às de 6 anos. Os 3 anos
foram os que se revelaram na condição acção mais condicionados pelo ensaio
anterior (histerese), e foram o grupo mais heterogéneo na condição percepção.
Dos 4 aos 7 anos, as crianças refugiaram-se numa maior margem de segurança
na condição percepção. Até aos 7 anos o sistema perceptivo visual isolado é
menos afinado aos constrangimentos da tarefa do que o sistema perceptivo-motorFCTinfo:eu-repo/semantics/publishedVersio
Percepção e acção na transposição de uma fasquia horizontal: estudo transversal em crianças dos 3 aos 7 anos de idade
O ciclo percepção-acção é essencial para a regulação afinada da acção motora.
Num estudo transversal, colocámos 90 crianças entre os 3 e os 7 anos de idade,
perante alteração progressiva de uma fasquia horizontal, em duas condições:
i) percepção – a criança dizia se passaria por baixo ou por cima da fasquia;
ii) acção – a criança transpunha-a. Para obviar as diferenças antropométricas,
determinou-se o valor pi da proporção altura da fasquia/distância gancho solo, onde ocorreu mudança de comportamento. Dos 3 para os 7 anos ocorreu:
(i) uma inversão dos valores pi médios entre condições, que aos 3 anos são
inferiores na condição acção (ns), e aos 6 e 7 anos são significativamente
inferiores na condição percepção; (ii) na condição percepção, um aumento
constante da consistência da resposta entre crianças da mesma idade; e (iii)
uma redução sistemática e significativa do número de derrubes da fasquia. Os
resultados sustentam a importância da preservação do ciclo percepção-acção
na sintonia entre constrangimentos intrÃnsecos e extrÃnsecos. Na acção, as
crianças conservaram mais o comportamento anterior; na percepção, foram se revelando com o aumento da idade mais susceptÃveis ao constrangimento
espacial, o que está de acordo com o conceito de diferenciação perceptiva. A
ausência de diferença no valor pi entre idades sustenta o conceito de escala
corporal.FCTinfo:eu-repo/semantics/publishedVersio
Scott William Sloan 1954–2019
Scott Sloan (1954–2019) was a leader of academic engineering in Australia and beyond, as evidenced by his numerous professional accolades and important research achievements, which have had significant impact on his chosen profession of geotechnical engineering. Educated in Australia and the United Kingdom, he returned to Australia in 1984 and developed a large and active research group at the University of Newcastle, and tackled a wide range of important problems in civil and mining engineering. These include the development of computational methods to predict the mechanical behaviour of soil and rock masses, and his pioneering methods to predict the collapse states of structures made of, on, and in, earth materials, allowing engineers to design cheaper and safer civil infrastructure around the globe. Sloan established long-standing international collaborations and was awarded many honours for his research achievements. He was also a keen and skilful fisherman and a more than competent blues guitar player.Postprint (published version
Is Rust Used Safely by Software Developers?
Rust, an emerging programming language with explosive growth, provides a
robust type system that enables programmers to write memory-safe and data-race
free code. To allow access to a machine's hardware and to support low-level
performance optimizations, a second language, Unsafe Rust, is embedded in Rust.
It contains support for operations that are difficult to statically check, such
as C-style pointers for access to arbitrary memory locations and mutable global
variables. When a program uses these features, the compiler is unable to
statically guarantee the safety properties Rust promotes. In this work, we
perform a large-scale empirical study to explore how software developers are
using Unsafe Rust in real-world Rust libraries and applications. Our results
indicate that software engineers use the keyword unsafe in less than 30% of
Rust libraries, but more than half cannot be entirely statically checked by the
Rust compiler because of Unsafe Rust hidden somewhere in a library's call
chain. We conclude that although the use of the keyword unsafe is limited, the
propagation of unsafeness offers a challenge to the claim of Rust as a
memory-safe language. Furthermore, we recommend changes to the Rust compiler
and to the central Rust repository's interface to help Rust software developers
be aware of when their Rust code is unsafe
- …