Biblio

In an increasingly asymmetric context of both instability and permanent innovation, organizations demand new capacities and learning patterns. In this sense, supervisors have adopted the metaphor of the "sandbox" as a strategy that allows their regulated parties to experiment and test new proposals in order to study them and adjust to the established compliance frameworks. Therefore, the concept of the "sandbox" is of educational interest as a way to revindicate failure as a right in the learning process, allowing students to think, experiment, ask questions and propose ideas outside the known theories, and thus overcome the mechanistic formation rooted in many of the higher education institutions. Consequently, this article proposes the application of this concept for educational institutions as a way of resignifying what students have learned.

Underwater acoustic communications experiments often involve custom implementations of schemes and protocols for the physical and data link layers. However, most commercial modems focus on providing reliable or optimized communication links, rather than on allowing low-level reconfiguration or reprogramming of modulation and coding schemes. As a result, the physical layer is typically provided as a closed, non-reprogrammable black box, accessible by the user only through a specific interface. While software-defined modems would be the ultimate solution to overcome this issue, having access to the symbols transmitted by the modems using a proprietary modulation format already opens up a number of research opportunities, e.g., aimed at the cross-layer design and optimization of channel coding schemes and communication protocols. In this paper, we take the latter approach. We consider the commercial EvoLogics modem, driven by a custom firmware version that bypasses the channel coding methods applied by the modem, and allows the user to set the transmit bit rate to any desired value within a given set. This makes it possible to evaluate different coding schemes in the presence of different bit rates. Our results show that the custom firmware offers sufficient flexibility to test different configurations of the coding schemes and bit rates, by providing direct access both to correctly decoded and to corrupted symbols, which can be separated at the receiver for further processing. In addition, we show that the DESERT Underwater framework can also leverage the same flexibility by employing low-level physical layer access in more complex networking experiments.

Malware researchers rely on the observation of malicious code in execution to collect datasets for a wide array of experiments, including generation of detection models, study of longitudinal behavior, and validation of prior research. For such research to reflect prudent science, the work needs to address a number of concerns relating to the correct and representative use of the datasets, presentation of methodology in a fashion sufficiently transparent to enable reproducibility, and due consideration of the need not to harm others. In this paper we study the methodological rigor and prudence in 36 academic publications from 2006-2011 that rely on malware execution. 40% of these papers appeared in the 6 highest-ranked academic security conferences. We find frequent shortcomings, including problematic assumptions regarding the use of execution-driven datasets (25% of the papers), absence of description of security precautions taken during experiments (71% of the articles), and oftentimes insufficient description of the experimental setup. Deficiencies occur in top-tier venues and elsewhere alike, highlighting a need for the community to improve its handling of malware datasets. In the hope of aiding authors, reviewers, and readers, we frame guidelines regarding transparency, realism, correctness, and safety for collecting and using malware datasets.