Ruolo e limiti del contratto negli assetti familiari in funzione successoria

The Article 457 c.c. expressly excludes the contract by the sources of the succession. Moreover, the article 458 c.c., apart from the initial brief aside dedicated to the institute of the family pact, agrees nullity of the agreements with whom someone decides its own succession as well as those with which the future successor could decide about his rights or renounce to them about a succession not yet open. However, for a long time, the Italian doctrine wonders about the role of the contract within the succession law. It feels, in fact, the need to expand the private autonomy within the inheritance that is excessively sacrificed by the prohibition of succession agreements and by the norms for the protection of legitimate heirs. The reasons which led the legal science to these conclusions are based on different events, both social and economic, that push the interpreter to a modernization of dogmatic categories with which he can represent the succession mortis causa. In addiction, it is necessary to underline the crisis of the agreements mortis causa due to this economical and social events: as a matter of fact, the will, as the only way to give the assets post mortem, revealed itself incomplete and extremely severe compared to the new social needs. In fact, increasingly the way to give the assets happens out of the inheritance and despite to the institutions designed by the law. For these reasons, in order to adapt the system of succession to modern economic and social needs, the doctrine has identified, within the system, institutions of a contractual nature in order to better achieve the interests of private, obviating the limits assigned to the shop last will. And recently, in this context, our legislator has introduced the institution of the family pact (art. 768 bis et seq. c.c.), that is the agreement through “the entrepreneur transfers, in whole or in part , the company, and the holder of equity investments transfers, in whole or in part, its shares, to one or more descendants". While, however, part of the doctrine encourages the provision of tools that enable a person to have in advance of his succession, on the other hand there are those who promote the centrality of the will within our legal system and calls for the revitalization in respect of its vast potential is not always adequately exploited. This research aims to verify whether the contract can find importance within the phenomenon of succession for the inter vivos transfer of family assets and if the same has the characteristics to be considered a working alternative to the will. In the present work will be analyzed, in addition, some of the institutions that the doctrine has considered alternatives to the will and particularly the institution of the family pact. The survey will also be directed to the limits that the private autonomy and the legislator met in the use of the contractual instrument, limits that are mostly originated by the rules and principles of the law of succession.

Design and implementation of robust systems for secure malware detection

Malicious software (malware) have significantly increased in terms of number and effectiveness during the past years. Until 2006, such software were mostly used to disrupt network infrastructures or to show coders’ skills. Nowadays, malware constitute a very important source of economical profit, and are very difficult to detect. Thousands of novel variants are released every day, and modern obfuscation techniques are used to ensure that signature-based anti-malware systems are not able to detect such threats. This tendency has also appeared on mobile devices, with Android being the most targeted platform. To counteract this phenomenon, a lot of approaches have been developed by the scientific community that attempt to increase the resilience of anti-malware systems. Most of these approaches rely on machine learning, and have become very popular also in commercial applications. However, attackers are now knowledgeable about these systems, and have started preparing their countermeasures. This has lead to an arms race between attackers and developers. Novel systems are progressively built to tackle the attacks that get more and more sophisticated. For this reason, a necessity grows for the developers to anticipate the attackers’ moves. This means that defense systems should be built proactively, i.e., by introducing some security design principles in their development. The main goal of this work is showing that such proactive approach can be employed on a number of case studies. To do so, I adopted a global methodology that can be divided in two steps. First, understanding what are the vulnerabilities of current state-of-the-art systems (this anticipates the attacker’s moves). Then, developing novel systems that are robust to these attacks, or suggesting research guidelines with which current systems can be improved. This work presents two main case studies, concerning the detection of PDF and Android malware. The idea is showing that a proactive approach can be applied both on the X86 and mobile world. The contributions provided on this two case studies are multifolded. With respect to PDF files, I first develop novel attacks that can empirically and optimally evade current state-of-the-art detectors. Then, I propose possible solutions with which it is possible to increase the robustness of such detectors against known and novel attacks. With respect to the Android case study, I first show how current signature-based tools and academically developed systems are weak against empirical obfuscation attacks, which can be easily employed without particular knowledge of the targeted systems. Then, I examine a possible strategy to build a machine learning detector that is robust against both empirical obfuscation and optimal attacks. Finally, I will show how proactive approaches can be also employed to develop systems that are not aimed at detecting malware, such as mobile fingerprinting systems. In particular, I propose a methodology to build a powerful mobile fingerprinting system, and examine possible attacks with which users might be able to evade it, thus preserving their privacy. To provide the aforementioned contributions, I co-developed (with the cooperation of the researchers at PRALab and Ruhr-Universität Bochum) various systems: a library to perform optimal attacks against machine learning systems (AdversariaLib), a framework for automatically obfuscating Android applications, a system to the robust detection of Javascript malware inside PDF files (LuxOR), a robust machine learning system to the detection of Android malware, and a system to fingerprint mobile devices. I also contributed to develop Android PRAGuard, a dataset containing a lot of empirical obfuscation attacks against the Android platform. Finally, I entirely developed Slayer NEO, an evolution of a previous system to the detection of PDF malware. The results attained by using the aforementioned tools show that it is possible to proactively build systems that predict possible evasion attacks. This suggests that a proactive approach is crucial to build systems that provide concrete security against general and evasion attacks.