Debugging Scandal: The Next Generation

In 1997, the general lack of debugging tools was termed "the debugging scandal". Today, as new languages are emerging to support software evolution, once more debugging support is lagging. The powerful abstractions offered by new languages are compiled away and transformed into complex synthetic structures. Current debugging tools only allow inspection in terms of this complex synthetic structure; they do not support observation of program executions in terms of the original development abstractions. In this position paper, we outline this problem and present two emerging lines of research that ease the burden for debugger implementers and enable developers to debug in terms of development abstractions. For both approaches we identify language-independent debugger components and those that must be implemented for every new language. One approach restores the abstractions by a tool external to the program. The other maintains the abstractions by using a dedicated execution environment, supporting the relevant abstractions. Both approaches have the potential of improving debugging support for new languages. We discuss the advantages and disadvantages of both approaches, outline a combination thereof and also discuss open challenges

Automated Website Fingerprinting through Deep Learning

Several studies have shown that the network traffic that is generated by a visit to a website over Tor reveals information specific to the website through the timing and sizes of network packets. By capturing traffic traces between users and their Tor entry guard, a network eavesdropper can leverage this meta-data to reveal which website Tor users are visiting. The success of such attacks heavily depends on the particular set of traffic features that are used to construct the fingerprint. Typically, these features are manually engineered and, as such, any change introduced to the Tor network can render these carefully constructed features ineffective. In this paper, we show that an adversary can automate the feature engineering process, and thus automatically deanonymize Tor traffic by applying our novel method based on deep learning. We collect a dataset comprised of more than three million network traces, which is the largest dataset of web traffic ever used for website fingerprinting, and find that the performance achieved by our deep learning approaches is comparable to known methods which include various research efforts spanning over multiple years. The obtained success rate exceeds 96% for a closed world of 100 websites and 94% for our biggest closed world of 900 classes. In our open world evaluation, the most performant deep learning model is 2% more accurate than the state-of-the-art attack. Furthermore, we show that the implicit features automatically learned by our approach are far more resilient to dynamic changes of web content over time. We conclude that the ability to automatically construct the most relevant traffic features and perform accurate traffic recognition makes our deep learning based approach an efficient, flexible and robust technique for website fingerprinting.Comment: To appear in the 25th Symposium on Network and Distributed System Security (NDSS 2018

Feature placement algorithms for high-variability applications in cloud environments

While the use of cloud computing is on the rise, many obstacles to its adoption remain. One of the weaknesses of current cloud offerings is the difficulty of developing highly customizable applications while retaining the increased scalability and lower cost offered by the multi-tenant nature of cloud applications. In this paper we describe a Software Product Line Engineering (SPLE) approach to the modelling and deployment of customizable Software as a Service (SaaS) applications. Afterwards we define a formal feature placement problem to manage these applications, and compare several heuristic approaches to solve the problem. The scalability and performance of the algorithms is investigated in detail. Our experiments show that the heuristics scale and perform well for systems with a reasonable load

State of Utah v. Jindall : Brief of Appellant

Security principles, like least privilege, are among the resources in the security body of knowledge that survived the test of time. The implementation of these principles in a software architecture is difficult, as there are no systematic rules on how to apply them in practice. As a result, they are often neglected, which lowers the overall security level of the software system and increases the cost necessary to fix this later in de development life-cycle. This report improves the support for least privilege in software architectures by (i) defining the foundations to identify potential violations of the principle herein and (ii) elicitating architectural transformations that positively impact the security properties of the architecture, while preserving the semantics thereof. These results have been implemented and validated in a number of case studies.nrpages: 74status: publishe

Constructing Age in Children’s Literature: A Digital Approach to Guus Kuijer’s Oeuvre

This article applies digital methods to gain more insight into the role of age in the oeuvre of the Dutch author Guus Kuijer. The concept of “age” is relevant to Kuijer’s oeuvre in various ways: he is a crosswriter who has authored fiction for children, adolescents, and adults, and intergenerational relationships are a recurrent thematic feature in his work. Since discussions on age in his works have so far been limited to case-based research, this article offers a fuller understanding of the role that age plays in Kuijer’s oeuvre, in particular the explicit and implicit age norms that his books offer and the extent to which the age category of the intended reader determines the form and themes of Kuijer’s fiction. Kuijer’s juvenile literature is the prime place where he reflects on age. The negative and restrictive discourse about adulthood that has previously been addressed in selected titles (Joosen, Adulthood in Children's Literature), stretches out over his entire oeuvre. Both the analysis of implicit age norms in the vocabulary that the characters use as a consideration of those negative statements in context put that negativity into perspective, however. Moreover, reflections on childhood are also prominent in Kuijer's adult work, mostly to express sentiments about adult characters

Frictionless Authentication Systems: Emerging Trends, Research Challenges and Opportunities

Authentication and authorization are critical security layers to protect a wide range of online systems, services and content. However, the increased prevalence of wearable and mobile devices, the expectations of a frictionless experience and the diverse user environments will challenge the way users are authenticated. Consumers demand secure and privacy-aware access from any device, whenever and wherever they are, without any obstacles. This paper reviews emerging trends and challenges with frictionless authentication systems and identifies opportunities for further research related to the enrollment of users, the usability of authentication schemes, as well as security and privacy trade-offs of mobile and wearable continuous authentication systems.Comment: published at the 11th International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2017