Results 141-160 of 5677.
Bookmark and Share    
Full Text
Peer Reviewed
See detail§§ 6 bis 15 WpHG betreffend die Eingriffsbefugnisse der BaFin und Positionskontrollen
Zetzsche, Dirk Andreas UL; Lehmann, Mattias

in Schwark; Zimmer (Eds.) Kapitalmarktrechtskommentar (in press)

Detailed reference viewed: 7 (0 UL)
Full Text
Peer Reviewed
See detailUsing Machine Learning to Assist with the Selection of Security Controls During Security Assessment
Bettaieb, Seifeddine UL; Shin, Seung Yeob UL; Sabetzadeh, Mehrdad UL et al

in Empirical Software Engineering (in press)

In many domains such as healthcare and banking, IT systems need to fulfill various requirements related to security. The elaboration of security requirements for a given system is in part guided by the ... [more ▼]

In many domains such as healthcare and banking, IT systems need to fulfill various requirements related to security. The elaboration of security requirements for a given system is in part guided by the controls envisaged by the applicable security standards and best practices. An important difficulty that analysts have to contend with during security requirements elaboration is sifting through a large number of security controls and determining which ones have a bearing on the security requirements for a given system. This challenge is often exacerbated by the scarce security expertise available in most organizations. [Objective] In this article, we develop automated decision support for the identification of security controls that are relevant to a specific system in a particular context. [Method and Results] Our approach, which is based on machine learning, leverages historical data from security assessments performed over past systems in order to recommend security controls for a new system. We operationalize and empirically evaluate our approach using real historical data from the banking domain. Our results show that, when one excludes security controls that are rare in the historical data, our approach has an average recall of ≈ 94% and average precision of ≈ 63%. We further examine through a survey the perceptions of security analysts about the usefulness of the classification models derived from historical data. [Conclusions] The high recall – indicating only a few relevant security controls are missed – combined with the reasonable level of precision – indicating that the effort required to confirm recommendations is not excessive – suggests that our approach is a useful aid to analysts for more efficiently identifying the relevant security controls, and also for decreasing the likelihood that important controls would be overlooked. Further, our survey results suggest that the generated classification models help provide a documented and explicit rationale for choosing the applicable security controls. [less ▲]

Detailed reference viewed: 22 (3 UL)
Full Text
Peer Reviewed
See detailPractical Model-driven Data Generation for System Testing
Soltana, Ghanem; Sabetzadeh, Mehrdad UL; Briand, Lionel UL

in ACM Transactions on Software Engineering and Methodology (in press)

The ability to generate test data is often a necessary prerequisite for automated software testing. For the generated data to be fit for its intended purpose, the data usually has to satisfy various ... [more ▼]

The ability to generate test data is often a necessary prerequisite for automated software testing. For the generated data to be fit for its intended purpose, the data usually has to satisfy various logical constraints. When testing is performed at a system level, these constraints tend to be complex and are typically captured in expressive formalisms based on first-order logic. Motivated by improving the feasibility and scalability of data generation for system testing, we present a novel approach, whereby we employ a combination of metaheuristic search and Satisfiability Modulo Theories (SMT) for constraint solving. Our approach delegates constraint solving tasks to metaheuristic search and SMT in such a way as to take advantage of the complementary strengths of the two techniques. We ground our work on test data models specified in UML, with OCL used as the constraint language. We present tool support and an evaluation of our approach over three industrial case studies. The results indicate that, for complex system test data generation problems, our approach presents substantial benefits over the state of the art in terms of applicability and scalability. [less ▲]

Detailed reference viewed: 41 (3 UL)
Full Text
Peer Reviewed
See detailSammelbesprechung Sound History
Krebs, Stefan UL

in NTM (in press)

Detailed reference viewed: 12 (1 UL)
Full Text
Peer Reviewed
See detailDual-Use Research In Ransomware Attacks: A Discussion on Ransomware Defence Intelligence
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Sgandurra, Daniele

in Proceedings of the 6th International Conference on Information Systems Security and Privacy (in press)

Previous research has shown that developers rely on public platforms and repositories to produce functional but insecure code. We looked into the matter for ransomware, enquiring whether also ransomware ... [more ▼]

Previous research has shown that developers rely on public platforms and repositories to produce functional but insecure code. We looked into the matter for ransomware, enquiring whether also ransomware engineers re-use the work of others and produce insecure code. By methodically reverse-engineering 128 malware executables, we have found that, out of 21 ransomware samples, 9 contain copy-paste code from public resources. Thanks to this finding, we managed to retrieve the decryption keys with which to nullify the ransomware attacks. From this fact, we recall critical cases of code disclosure in the recent history of ransomware and, arguing that ransomware are components in cyber-weapons, reflect on the dual-use nature of this research. We further discuss benefits and limits of using cyber-intelligence and counter-intelligence strategies that could be used against this threat. [less ▲]

Detailed reference viewed: 4 (0 UL)
Full Text
Peer Reviewed
See detailA Spatially explicit ABM of Central Place Foraging Theory and its explanatory power for hunter-gatherers settlement patterns formation processes
Sikk, Kaarel UL; Caruso, Geoffrey UL

in Adaptive Behaviour (in press)

The behavioural ecological approach to anthropology states that the density and distribution of resources determine optimal patterns of resource use and also sets its constraints to grouping, mobility and ... [more ▼]

The behavioural ecological approach to anthropology states that the density and distribution of resources determine optimal patterns of resource use and also sets its constraints to grouping, mobility and settlement choice. Central Place Foraging (CPF) models have been used for analysing foraging behaviours of hunter-gatherers and to draw a causal link from the volume of available resources in the environment to the mobility decisions of hunter-gatherers. In this study we propose a spatially explicit agent-based CPF mode. We explore its potential for explaining formation of settlement patterns and test its robustness to the configuration of space. Building on a model assuming homogeneous energy distributions we had to add several new parameters and an adaptation mechanism for foragers to predict the length of their stay, together with a heterogeneous environment configuration. The validation of the model shows that the spatially explicit CPF is generally robust to spatial configuration of energy resources. The total volume of energy has a significant effect on constraining sedentism as predicted by aspatial model and thus can be used on different environmental conditions. Still the spatial autocorrelation of resource distribution has a linear effect on optimal mobility decisions and needs to be considered in predictive models. The effect on settlement choice is not substantial and is more determined by other characteristics of settlement location. This limits the CPF models in analysing settlement pattern formation processes. [less ▲]

Detailed reference viewed: 7 (0 UL)
Full Text
Peer Reviewed
See detail§§ 53a bis 56 AktG zur Gleichbehandlung der Aktionäre und Nebenabreden mit Aktionären
Zetzsche, Dirk Andreas UL

in Zetzsche, Dirk Andreas; Noack, Ulrich (Eds.) Kölner Kommentar zum Aktiengesetz (in press)

Detailed reference viewed: 1 (0 UL)
Full Text
Peer Reviewed
See detailBürgschaft (§§ 765-778), in Erman, BGB
Zetzsche, Dirk Andreas UL

in Erman (Ed.) Bürgschaft (§§ 765-778), in Erman, BGB (in press)

Detailed reference viewed: 1 (0 UL)
Full Text
Peer Reviewed
See detailVerwahrung (§§ 688-700), in Erman, BGB
Zetzsche, Dirk Andreas UL

in Erman (Ed.) Verwahrung (§§ 688-700), in Erman, BGB (in press)

Detailed reference viewed: 2 (0 UL)
Full Text
Peer Reviewed
See detailThe EU’s Future of Data-Driven Finance
Zetzsche, Dirk Andreas UL; Buckley, Ross; Arner, Douglas et al

in Common Market Law Review (in press)

Detailed reference viewed: 1 (0 UL)
Full Text
Peer Reviewed
See detailBuilding FinTech Ecosystems: Regulatory Sandboxes, Innovation Hubs and Beyond
Buckley, Ross; Arner, Douglas; Veidt, Robin UL et al

in Washington University Journal of Law & Policy (in press), 61

Around the world, regulators and policymakers are working to support the development of financial technology (FinTech) ecosystems. As one example, over 50 jurisdictions have now established or announced ... [more ▼]

Around the world, regulators and policymakers are working to support the development of financial technology (FinTech) ecosystems. As one example, over 50 jurisdictions have now established or announced “financial regulatory sandboxes”. Others have announced or established “innovation hubs”, sometimes incorporating a regulatory sandbox as one element. This article argues that innovation hubs provide all the benefits that the policy discussion associates with regulatory sandboxes, while avoiding most downsides of regulatory sandboxes, and that many benefits typically attributed to sandboxes are the result of inconsistent terminology, and actually accrue from the work of innovation hubs. The paper presents, as the first contribution of its kind, data on regulatory sandboxes and innovation hubs and argues that the data so far available on sandboxes does not justify the statement that regulatory sandboxes are the most effective approach to building FinTech ecosystems. Given that regulatory sandboxes require significant financial contributions, sometimes new legislation, and intense regulatory risk management, and that sandboxes do not work as well on a stand-alone basis (i.e. without an innovation hub), while innovation hubs alone can provide more significant benefits in supporting the development of a FinTech ecosystem, regulators should focus their resources on developing effective innovation hubs, including in appropriate cases a sandbox as one possible element. [less ▲]

Detailed reference viewed: 8 (3 UL)
Full Text
See detailThe Future of Data-Driven Finance and RegTech
Zetzsche, Dirk Andreas UL; Buckley, Ross; Arner, Douglas et al

in Stanford J. of Law and Policy (2021) (in press)

Detailed reference viewed: 2 (0 UL)
Full Text
Peer Reviewed
See detailRegulating Libra
Zetzsche, Dirk Andreas UL; Buckley; Arner

in Oxford Journal of Legal Studies (in press)

Detailed reference viewed: 2 (0 UL)
Full Text
See detailThe AIFM Directive– European Regulation of Alternative Investment Funds
Zetzsche, Dirk Andreas UL

Book published by Kluwer Law International - 3rd ed. (in press)

Detailed reference viewed: 4 (0 UL)
Full Text
Peer Reviewed
See detailThe Dark Side of Digital Financial Transformation: The New Risks of FinTech and the Rise of TechRisk
Zetzsche, Dirk Andreas UL; Arner, Douglas; Buckley, Ross

in Singapore Journal of Legal Studies (in press)

Detailed reference viewed: 4 (0 UL)
Full Text
Peer Reviewed
See detailThe EU’s Impact on Data-driven Finance
Zetzsche, Dirk Andreas UL; Buckley, Ross; Arner, Douglas et al

in Common Market Law Review (in press)

Detailed reference viewed: 4 (0 UL)
Full Text
Peer Reviewed
See detailSustainability, FinTech and Financial Inclusion
Zetzsche, Dirk Andreas UL; Veidt, Robin UL; Buckley, Ross et al

in European Business Organization Law Review (in press)

Detailed reference viewed: 10 (1 UL)
Full Text
Peer Reviewed
See detail§§ 134a bis 135 AktG zu den Pflichten institutioneller Anleger, Vermögensverwalter, Depotbanken und Stimmrechtberater bei der Stimmrechtsausübung
Zetzsche, Dirk Andreas UL

in Zetzsche, Dirk Andreas; Noack, Ulrich (Eds.) Kölner Kommentar zum Aktiengesetz (2021)

Detailed reference viewed: 1 (0 UL)
Peer Reviewed
See detailA short Survey on the Cyber Security in Control Systems
Bezzaoucha, Souad UL; Voos, Holger UL

Scientific Conference (2020, July)

In the present survey paper, we give a short, yet exhaustive state-of-the-art about the cyber-security applied to control systems, especially the event-based strategy. Indeed, in the past few years, due ... [more ▼]

In the present survey paper, we give a short, yet exhaustive state-of-the-art about the cyber-security applied to control systems, especially the event-based strategy. Indeed, in the past few years, due to a highest degree of connectivity in modern systems, new related control-specific cyber-physical systems security challengesarise and novel approaches integrating the cyber aspect are developed.Our goal in this paper is then to provide an overview of attack-modeling and security analysis approaches in recent works thatexplore networked control systems subject to cyber-attacks attacks. To this end, we look at the control, estimation, and modeling problems. [less ▲]

Detailed reference viewed: 77 (2 UL)