Spelling suggestions: "subject:"vulnerability 2analysis"" "subject:"vulnerability 3analysis""
11 |
Unwanted Traffic and Information Disclosure in VoIP Networks : Threats and CountermeasuresZhang, Ge January 2012 (has links)
The success of the Internet has brought significant changes to the telecommunication industry. One of the remarkable outcomes of this evolution is Voice over IP (VoIP), which enables realtime voice communications over packet switched networks for a lower cost than traditional public switched telephone networks (PSTN). Nevertheless, security and privacy vulnerabilities pose a significant challenge to hindering VoIP from being widely deployed. The main object of this thesis is to define and elaborate unexplored security and privacy risks on standardized VoIP protocols and their implementations as well as to develop suitable countermeasures. Three research questions are addressed to achieve this objective: Question 1: What are potential unexplored threats in a SIP VoIP network with regard to availability, confidentiality and privacy by means of unwanted traffic and information disclosure? Question 2: How far are existing security and privacy mechanisms sufficient to counteract these threats and what are their shortcomings? Question 3: How can new countermeasures be designed for minimizing or preventing the consequences caused by these threats efficiently in practice? Part I of the thesis concentrates on the threats caused by "unwanted traffic", which includes Denial of Service (DoS) attacks and voice spam. They generate unwanted traffic to consume the resources and annoy users. Part II of this thesis explores unauthorized information disclosure in VoIP traffic. Confidential user data such as calling records, identity information, PIN code and data revealing a user's social networks might be disclosed or partially disclosed from VoIP traffic. We studied both threats and countermeasures by conducting experiments or using theoretical assessment. Part II also presents a survey research related to threats and countermeasures for anonymous VoIP communication.
|
12 |
Community vulnerability and capacity in post-disaster recovery: the cases of Mano and Mikura neighbourhoods in the wake of the 1995 Kobe earthquakeYasui, Etsuko 05 1900 (has links)
This is a study of how two small neighbourhoods, Mano and Mikura, recovered from the 1995 Kobe (Japan) earthquake, with a particular focus on the relationship between community vulnerability and capacity. Few studies have examined these interactions, even though vulnerability reduction is recognized to be a vital component of community recovery. Drawing from literature on disaster recovery, community development, vulnerability analysis, community capacity building and the Kobe earthquake, a community vulnerability and capacity model is elaborated from Blaikie et al.’s Pressure and Release Model (1994) to analyze the interactions. The Mano and Mikura cases are analyzed by applying this model and relating outcomes to the community’s improved safety and quality of community lives. Based on the experience of Mano, appropriate long-term community development practices as well as community capacity building efforts in the past can contribute to the reduction of overall community vulnerability in the post-disaster period, while it is recovering. On the other hand, the Mikura case suggests that even though the community experiences high physical and social vulnerability in the pre-disaster period, if the community is able to foster certain conditions, including active CBOs, adequate availability and accessibility to resources, and a collaborative working relationship with governments, the community can make progress on recovery. Although both Mano and Mikura communities achieved vulnerability reduction as well as capacity building, the long-term sustainability of the two communities remains uncertain, as issues and challenges, such as residual and newly emerging physical vulnerability, negative or slow population growth and aging, remained to create vulnerability to future disasters. The case studies reveal the interactions of community vulnerability and capacity to be highly complex and contingent on many contextual considerations.
|
13 |
Model-Based Hazard Analysis of Undesirable Environmental and Components InteractionMehrpouyan, Hoda January 2011 (has links)
Identifying the detrimental effect of environmental factors and subsystem interactions are one of themost challenging aspects of early hazard assessment in the design of complex safety critical systems.Therefore, a complete understanding of potential failure effects before the catastrophe happens is a verydifficult task. The thesis proposes a model-based hazard analysis procedure for early identification ofpotential safety issues caused by unexpected environmental factors and subsystem interactions within acomplex safety critical system. The proposed methodology maps hazard and vulnerability modes tospecific components in the system and analyzes the hazard propagation paths for risk control andprotection strategies. The main advantage of the proposed method is the ability to provide the designerswith means to use low-fidelity, high level models to identify hazardous interactions. Using thistechnique, designers can examine the collective impacts of environmental and subsystem risks onoverall system during early stages of design and develop a hazard mitigation strategy.
|
14 |
Probabilistic basis and assessment methodology for effectiveness of protecting nuclear materialsDurán, Felicia Angélica 09 February 2011 (has links)
Safeguards and security (S&S) systems for nuclear facilities include material control and accounting (MC&A) and a physical protection system (PPS) to protect nuclear materials from theft, sabotage and other malevolent human acts. The PPS for a facility is evaluated using probabilistic analysis of adversary paths on the basis of detection, delay, and response timelines to determine timely detection. The path analysis methodology focuses on systematic, quantitative evaluation of the physical protection component for potential external threats, and often calculates the probability that the PPS is effective (PE) in defeating an adversary who uses that attack path. By monitoring and tracking critical materials, MC&A activities provide additional protection against inside adversaries, but have been difficult to characterize in ways that are compatible with the existing path analysis methods that are used to systematically evaluate the effectiveness of a site’s protection system. This research describes and demonstrates a new method to incorporate MC&A protection elements explicitly within the existing probabilistic path analysis methodology. MC&A activities, from monitoring to inventory measurements, provide many, often recurring opportunities to determine the status of critical items, including detection of missing materials. Human reliability analysis methods are applied to determine human error probabilities to characterize the detection capabilities of MC&A activities. An object-based state machine paradigm was developed to characterize the path elements and timing of an insider theft scenario as a race against MC&A activities that can move a facility from a normal state to a heightened alert state having additional detection opportunities. This paradigm is coupled with nuclear power plant probabilistic risk assessment techniques to incorporate the evaluation of MC&A activities in the existing path analysis methodology. Event sequence diagrams describe insider paths through the PPS and also incorporate MC&A activities as path elements. This work establishes a probabilistic basis for incorporating MC&A activities explicitly within the existing path analysis methodology to extend it to address insider threats. The analysis results for this new method provide an integrated effectiveness measure for a safeguards and security system that addresses threats from both outside and inside adversaries. / text
|
15 |
Community vulnerability and capacity in post-disaster recovery: the cases of Mano and Mikura neighbourhoods in the wake of the 1995 Kobe earthquakeYasui, Etsuko 05 1900 (has links)
This is a study of how two small neighbourhoods, Mano and Mikura, recovered from the 1995 Kobe (Japan) earthquake, with a particular focus on the relationship between community vulnerability and capacity. Few studies have examined these interactions, even though vulnerability reduction is recognized to be a vital component of community recovery. Drawing from literature on disaster recovery, community development, vulnerability analysis, community capacity building and the Kobe earthquake, a community vulnerability and capacity model is elaborated from Blaikie et al.’s Pressure and Release Model (1994) to analyze the interactions. The Mano and Mikura cases are analyzed by applying this model and relating outcomes to the community’s improved safety and quality of community lives. Based on the experience of Mano, appropriate long-term community development practices as well as community capacity building efforts in the past can contribute to the reduction of overall community vulnerability in the post-disaster period, while it is recovering. On the other hand, the Mikura case suggests that even though the community experiences high physical and social vulnerability in the pre-disaster period, if the community is able to foster certain conditions, including active CBOs, adequate availability and accessibility to resources, and a collaborative working relationship with governments, the community can make progress on recovery. Although both Mano and Mikura communities achieved vulnerability reduction as well as capacity building, the long-term sustainability of the two communities remains uncertain, as issues and challenges, such as residual and newly emerging physical vulnerability, negative or slow population growth and aging, remained to create vulnerability to future disasters. The case studies reveal the interactions of community vulnerability and capacity to be highly complex and contingent on many contextual considerations.
|
16 |
A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threatsMunir, Rashid January 2014 (has links)
Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically.
|
17 |
Line outage vulnerabilities of power systems : models and indicators / Modèles et indicateurs pour l'analyse des vulnérabilités des réseaux électriques aux pertes de lignesHa, Dinh Truc 06 March 2018 (has links)
La vulnérabilité des systèmes électriques est l'un des problèmes liés à leur complexité. Il a fait l’objet d’une attention croissante des chercheurs au cours des dernières décennies. Malgré cela, les phénomènes fondamentaux qui régissent la vulnérabilité du système ne sont pas encore bien compris.Comprendre comment la vulnérabilité des réseaux électriques émerge de leur topologie est la motivation principale du présent travail. Pour cela, le présent travail de recherché propose une nouvelle méthode pour évaluer la vulnérabilité des systèmes électriques et identifier leurs éléments les plus critiques. La méthode permet d’avoir une bonne compréhension des liens entre la topologie d’un réseau et sa vulnérabilité à des pertes d’ouvrages (lignes ou transformateurs).La première partie de ce travail consiste en une analyse critique des approches rencontrées dans la littérature, s’appuyant sur la théorie des graphes, pour analyser la vulnérabilité des réseaux électriques. Les résultats fournis par ces approches pour quatre réseaux IEEE sont comparés à ceux fournis par une analyse de contingence de référence, basée sur une résolution d’un load-flow AC. Des avantages et inconvénients de chaque approche est tirée une méthode améliorée pour l'évaluation de la vulnérabilité des réseaux électriques aux pertes d’ouvrage. Cette méthode est basée sur une approximation courant continue du load flow.La deuxième partie propose une nouvelle approche basée sur la théorie spectrale des graphes et son utilisation pour la résolution d’un load flow DC. Elle permet de mieux comprendre comment la vulnérabilité des réseaux électriques et leurs composants critiques émergent de la topologie du graphe sous-jacent au réseau. / The vulnerability of electrical systems is one of the problems related to their complexity. It has received increasing attention from researchers in recent decades. Despite this, the fundamental phenomena that govern the vulnerability of the system are still not well understood.Understanding how the vulnerability of power systems emerges from their complex organization is, therefore, the main motivation of the present work. It proposes the definition of a standard method to assess the vulnerability of power systems and identify their most critical elements. The method enables a better understanding of the links between the topology of the grid and the line outage vulnerabilities.The first part of this research work offers a critical review of literature approaches used to assess system vulnerability. The results provided by these approaches for four IEEE test systems are confronted to a reference contingency analysis using AC power flow calculations. From these analyses, pros and cons of each approach are outlined. An improved method for assessment of system vulnerability to line outages is defined from this confrontation. It is based on DC load flow and graph theory.The second part proposes a new approach based on spectral graph theory and solving of DC power flow to identify how system vulnerability and critical components emerge from the power network topology.
|
18 |
Topology Attacks on Power System Operation and Consequences AnalysisJanuary 2015 (has links)
abstract: The large distributed electric power system is a hierarchical network involving the
transportation of power from the sources of power generation via an intermediate
densely connected transmission network to a large distribution network of end-users
at the lowest level of the hierarchy. At each level of the hierarchy (generation/ trans-
mission/ distribution), the system is managed and monitored with a combination of
(a) supervisory control and data acquisition (SCADA); and (b) energy management
systems (EMSs) that process the collected data and make control and actuation de-
cisions using the collected data. However, at all levels of the hierarchy, both SCADA
and EMSs are vulnerable to cyber attacks. Furthermore, given the criticality of the
electric power infrastructure, cyber attacks can have severe economic and social con-
sequences.
This thesis focuses on cyber attacks on SCADA and EMS at the transmission
level of the electric power system. The goal is to study the consequences of three
classes of cyber attacks that can change topology data. These classes include: (i)
unobservable state-preserving cyber attacks that only change the topology data; (ii)
unobservable state-and-topology cyber-physical attacks that change both states and
topology data to enable a coordinated physical and cyber attack; and (iii) topology-
targeted man-in-the-middle (MitM) communication attacks that alter topology data
shared during inter-EMS communication. Specically, attack class (i) and (ii) focus on
the unobservable attacks on single regional EMS while class (iii) focuses on the MitM
attacks on communication links between regional EMSs. For each class of attacks,
the theoretical attack model and the implementation of attacks are provided, and the
worst-case attack and its consequences are exhaustively studied. In particularly, for
class (ii), a two-stage optimization problem is introduced to study worst-case attacks
that can cause a physical line over
ow that is unobservable in the cyber layer. The long-term implication and the system anomalies are demonstrated via simulation.
For attack classes (i) and (ii), both mathematical and experimental analyses sug-
gest that these unobservable attacks can be limited or even detected with resiliency
mechanisms including load monitoring, anomalous re-dispatches checking, and his-
torical data comparison. For attack class (iii), countermeasures including anomalous
tie-line interchange verication, anomalous re-dispatch alarms, and external contin-
gency lists sharing are needed to thwart such attacks. / Dissertation/Thesis / Masters Thesis Electrical Engineering 2015
|
19 |
Dimensão programática da vulnerabilidade ao HIV/Aids na fronteira no norte do Brasil com a Guiana Francesa / Programmatic dimension of vulnerability to HIV/Aids on the border in the north of Brazil with French GuianaJoão Farias da Trindade 18 May 2017 (has links)
A infecção pelo vírus da imunodeficiência humana (HIV) e a aids caracterizam-se como problemas de saúde pública, com incidências e prevalências elevadas em populações chaves. No Brasil a principal via de transmissão em indivíduos com 13 anos ou mais de idade é a sexual, porém, há uma tendencia de aumento na proporção de casos em homens que fazem sexo com homens nos últimos dez anos. Há escassa literaura sobre a vulnerabilidade ao HIV nas populações que vivem em região de fronteira, particularmente nas do Brasil e, mais ainda, na fronteira do Brasil com a Guiana Francesa. O estudo teve como objetivo analisar a vulnerabilidade ao HIV/Aids na dimensão programática em um município de fronteira do Brasil com a Guiana Francesa. Trata-se de um estudo descritivo, estudo de caso, tendo sido entrevistados dez depoentes: os gerentes e profissionais de saúde de Unidades Básicas de Saúde, os coordenadores das ações em DST/HIV do município de Oiapoque, o gestor local do hospital estadual, do laboratório de fronteira, os coordenadores municipal e estadual do Programa de DST/Aids e um representante de organização não governamental local envolvida com a prevenção e assistência ao portador do HIV/Aids. Também foram analisados os planos estadual e municipal de saúde, as atas de reuniões da comissão transfronteiriça Brasil-Guiana Francesa, os acordos internacionais e financiamentos para a região de Oiapoque no contexto do HIV/Aids, no período de 2012-2015. Os instrumentos de coleta de dados foram roteiros de entrevistas semiestruturadas, com questões norteadoras aos participantes, e roteiro para análise documental. As entrevistas foram gravadas, mediante consentimento dos participantes, realizadas pelo pesquisador nos meses de março a abril de 2016. Os conteúdos transcritos das entrevistas e obtidos nos documentos foram estudados pela análise de conteúdo, orientada pelo conceito da vulnerabilidade, com ênfase à dimensão programática. Como resultados se destacaram seis categorias: Expressão do compromisso dos governos; Participação e controle social; Atuações dos trabalhadores na atenção em HIV; Articulações multissetoriais das ações; Acesso aos serviços e insumos e Composição da rede de serviços. Conclui-se que há vulnerabilidade programática na medida em que o compromisso dos governos estadual e municipal no combate ao HIV é limitado, evidenciado nos planos de saúde estadual e municipal e pela escassez de investimentos financeiros no combate a doença; a participação e o controle social no enfrentamento da epidemia não têm ocorrido de forma eficiente, pois somente uma organização não governamental mantida com recurso externo tem ação efetiva em Oiapoque nas ações de prevenção; que o envolvimento dos profissionais das unidades básicas não se efetiva, com concentração de atividades na figura do profissional enfermeiro; que a articulação multissetorial para o desenvolvimento de ações de combate ao HIV não tem se concretizado, pois o setor saúde tem atuando isoladamente; que preservativos e testes diagnósticos são oferecidos, mas o tratamento e o acompanhamento dos casos não são realizados no município, sendo estes realizados em Macapá ou em Saint Georges e, por fim, a rede de serviços na atenção ao HIV e à aids não está plenamente organizada. / Human immunodeficiency virus (HIV) infection and AIDS are characterized as public health problems, with high incidence and prevalence in key populations. In Brazil, the main route of transmission in individuals aged 13 years and over is sexual, but there is a tendency to increase the proportion of cases in men who have sex with other men in the last ten years. There is little literature on the vulnerability to HIV in populations living in the border region, particularly in Brazil, and even more on the Brazilian border with French Guiana. The study aimed to analyze the vulnerability to HIV/Aids in the programmatic dimension in a border municipality of Brazil with French Guiana. It is a descriptive study, a case study, and ten deponents were interviewed: managers and health professionals from Basic Health Units, coordinators of STD / HIV actions in the municipality of Oiapoque, the local manager of the state hospital, the border laboratory, the municipal and state coordinators of the STD / Aids program and a representative of a local non-governmental organization involved in HIV/Aids prevention and care. It has also been analyzed the state and municipal health plans, the minutes of meetings of the cross-border commission Brazil-French Guiana, the international agreements and funding for the region of Oiapoque in the context of HIV/Aids in the period 2012-2015. The data collection instruments were semi-structured interview scripts, with questions guided to the participants, and a script for documentary analysis. The interviews were recorded with the consent of the participants, carried out by the researcher from March to April, 2016. The transcribed contents of the interviews and obtained in the documents were studied by content analysis, guided by the concept of vulnerability, with emphasis on the programmatic dimension. As a result, six categories were highlighted: Expression of the commitment of governments; Participation and social control; Workers\' actions on HIV care; Multisector articulation of actions; Access to services and inputs and Composition of the service network. It was concluded there is programmatic vulnerability to the extent that the commitment of state and municipal governments in the action against HIV is limited, evidenced in the state and municipal health plans and by the scarcity of financial investments in actions against the disease; the participation and social control to face up the epidemic have not occurred efficiently, because only a non-governmental organization keeping with external resources has effective action in Oiapoque in the prevention actions; that the involvement of the professionals of the basic units isnt effective, with concentration of activities in the figure of the professional nurse; that the multi sector articulation for the development of actions to combat HIV hasnt materialized, because the health sector has been working in isolation; that condoms and diagnostic tests are offered, but the treatment and follow-up of the cases are not done in the municipality, these are being realized in Macapá or in Saint Georges and, finally, the service network in HIV and aids care isnt fully organized.
|
20 |
Community vulnerability and capacity in post-disaster recovery: the cases of Mano and Mikura neighbourhoods in the wake of the 1995 Kobe earthquakeYasui, Etsuko 05 1900 (has links)
This is a study of how two small neighbourhoods, Mano and Mikura, recovered from the 1995 Kobe (Japan) earthquake, with a particular focus on the relationship between community vulnerability and capacity. Few studies have examined these interactions, even though vulnerability reduction is recognized to be a vital component of community recovery. Drawing from literature on disaster recovery, community development, vulnerability analysis, community capacity building and the Kobe earthquake, a community vulnerability and capacity model is elaborated from Blaikie et al.’s Pressure and Release Model (1994) to analyze the interactions. The Mano and Mikura cases are analyzed by applying this model and relating outcomes to the community’s improved safety and quality of community lives. Based on the experience of Mano, appropriate long-term community development practices as well as community capacity building efforts in the past can contribute to the reduction of overall community vulnerability in the post-disaster period, while it is recovering. On the other hand, the Mikura case suggests that even though the community experiences high physical and social vulnerability in the pre-disaster period, if the community is able to foster certain conditions, including active CBOs, adequate availability and accessibility to resources, and a collaborative working relationship with governments, the community can make progress on recovery. Although both Mano and Mikura communities achieved vulnerability reduction as well as capacity building, the long-term sustainability of the two communities remains uncertain, as issues and challenges, such as residual and newly emerging physical vulnerability, negative or slow population growth and aging, remained to create vulnerability to future disasters. The case studies reveal the interactions of community vulnerability and capacity to be highly complex and contingent on many contextual considerations. / Applied Science, Faculty of / Community and Regional Planning (SCARP), School of / Graduate
|
Page generated in 0.0814 seconds