Global ETD Search

61	A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures Holm, Hannes January 2014 (has links) Information Technology (IT) is a cornerstone of our modern society and essential for governments' management of public services, economic growth and national security. Consequently, it is of importance that IT systems are kept in a dependable and secure state. Unfortunately, as modern IT systems typically are composed of numerous interconnected components, including personnel and processes that use or support it (often referred to as an enterprise architecture), this is not a simple endeavor. To make matters worse, there are malicious actors who seek to exploit vulnerabilities in the enterprise architecture to conduct unauthorized activity within it. Various models have been proposed by academia and industry to identify and mitigate vulnerabilities in enterprise architectures, however, so far none has provided a sufficiently comprehensive scope. The contribution of this thesis is a modeling framework and calculation engine that can be used as support by enterprise decision makers in regard to cyber security matters, e.g., chief information security officers. In summary, the contribution can be used to model and analyze the vulnerability of enterprise architectures, and provide mitigation suggestions based on the resulting estimates. The contribution has been tested in real-world cases and has been validated on both a component level and system level; the results of these studies show that it is adequate in terms of supporting enterprise decision making. This thesis is a composite thesis of eight papers. Paper 1 describes a method and dataset that can be used to validate the contribution described in this thesis and models similar to it. Paper 2 presents what statistical distributions that are best fit for modeling the time required to compromise computer systems. Paper 3 describes estimates on the effort required to discover novel web application vulnerabilities. Paper 4 describes estimates on the possibility of circumventing web application firewalls. Paper 5 describes a study of the time required by an attacker to obtain critical vulnerabilities and exploits for compiled software. Paper 6 presents the effectiveness of seven commonly used automated network vulnerability scanners. Paper 7 describes the ability of the signature-based intrusion detection system Snort at detecting attacks that are more novel, or older than its rule set. Finally, paper 8 describes a tool that can be used to estimate the vulnerability of enterprise architectures; this tool is founded upon the results presented in papers 1-7. / Informationsteknik (IT) är en grundsten i vårt moderna samhälle och grundläggande för staters hantering av samhällstjänster, ekonomisk tillväxt och nationell säkerhet. Det är därför av vikt att IT-system hålls i ett tillförlitligt och säkert tillstånd. Då moderna IT-system vanligen består av en mångfald av olika integrerade komponenter, inklusive människor och processer som nyttjar eller stödjer systemet (ofta benämnd organisationsövergripande arkitektur, eller enterprise architecture), är detta tyvärr ingen enkel uppgift. För att förvärra det hela så finns det även illvilliga aktörer som ämnar utnyttja sårbarheter i den organisationsövergripande arkitekturen för att utföra obehörig aktivitet inom den. Olika modeller har föreslagits av den akademiska världen och näringslivet för att identifiera samt behandla sårbarheter i organisationsövergripande arkitekturer, men det finns ännu ingen modell som är tillräckligt omfattande. Bidraget presenterat i denna avhandling är ett modelleringsramverk och en beräkningsmotor som kan användas som stöd av organisatoriska beslutsfattare med avseende på säkerhetsärenden. Sammanfattningsvis kan bidraget användas för att modellera och analysera sårbarheten av organisationsövergripande arkitekturer, samt ge förbättringsförslag baserat på dess uppskattningar. Bidraget har testats i fallstudier och validerats på både komponentnivå och systemnivå; resultaten från dessa studier visar att det är lämpligt för att stödja organisatoriskt beslutsfattande. Avhandlingen är en sammanläggningsavhandling med åtta artiklar. Artikel 1 beskriver en metod och ett dataset som kan användas för att validera avhandlingens bidrag och andra modeller likt detta. Artikel 2 presenterar vilka statistiska fördelningar som är bäst lämpade för att beskriva tiden som krävs för att kompromettera en dator. Artikel 3 beskriver uppskattningar av tiden som krävs för att upptäcka nya sårbarheter i webbapplikationer. Artikel 4 beskriver uppskattningar för möjligheten att kringgå webbapplikationsbrandväggar. Artikel 5 beskriver en studie av den tid som krävs för att en angripare skall kunna anskaffa kritiska sårbarheter och program för att utnyttja dessa för kompilerad programvara. Artikel 6 presenterar effektiviteten av sju vanligt nyttjade verktyg som används för att automatiskt identifiera sårbarheter i nätverk. Artikel 7 beskriver förmågan av det signatur-baserade intrångsdetekteringssystemet Snort att upptäcka attacker som är nyare, eller äldre, än dess regeluppsättning. Slutligen beskriver artikel 8 ett verktyg som kan användas för att uppskatta sårbarheten av organisationsövergripande arkitekturer; grunden för detta verktyg är de resultat som presenteras i artikel 1-7. / <p>QC 20140203</p> Computer security security metrics vulnerability assessment attack graphs risk management architecture modeling Enterprise Architecture Cybersäkerhet säkerhetsmetriker sårbarhetsanalys attackgrafer riskhantering arkitekturmodellering organisationsövergripande arkitektur
62	L'identification des infrastructures critiques : réflexion à partir de l'exemple européen / The Identification of critical infrastructures : reflection about the European case Bouchon, Sara 10 January 2011 (has links) Les méthodes actuelles utilisées pour l'identification des infrastructures critiques, souvent envisagées dans leurs seules dimensions techniques, montrent certaines limites. Notre thèse postule qu'il est nécessaire de tenir compte du contexte territorial dans lequel ces infrastructures s'inscrivent, dans la mesure où les caractéristiques d'un territoire contribuent à leur criticité. En retour, les infrastructures critiques sont susceptibles d'aggraver la vulnérabilité de ces territoires. Nous développons deux hypothèses de recherche: 1. La "criticité territoriale" exprime le fait que les infrastructures critiques ne sont pas critiques en elles-mêmes, mais par rapport à un contexte socio-économique, politique et géographique. Nous proposons ainsi un ensemble de critères, associés à une approche multiscalaire des systèmes d'infrastructures, permettant l'identification des infrastructures critiques. Une étude de cas portant sur les infrastructures critiques d'énergie de l'Union Européenne valide cette approche. 2. La "criticité politique" souligne la dimension géopolitique des infrastructures critiques : celles-ci reflètent les seuils d'acceptabilité des autorités territoriales, au regard des conséquences potentielles de l'interruption de services essentiels. Cette hypothèse est développée et testée dans le cadre de notre participation au processus de concertation entre l'Union Européenne et ses pays membres pour la mise en place de la Directive 2008/114/EC sur l'identification et la protection des infrastructures critiques européennes. Les conclusions soulignent la pertinence d'une approche géographique et territoriale pour l'identification des infrastructures critiques. / The existing methods for identifying critical infrastructures, mainly based on risk analysis, were found to be insufficient. Our PhD states that the existing territorial vulnerability factors contribute to the criticality of the infrastructures; in return, critical infrastructures enhance this vulnerability. As a consequence, the identification process should be based, not only on technical aspects, but also on a geographical approach. Two main research hypothesis are developed: 1. The "territorial criticality" expresses the fact that an infrastructure is not critical in itself, but its criticality is related to the socio-economic, political and geographical context. We propose a set of criteria and related indicators associated to a multilevel model. A case study shows how these criteria can be applied in the case of the European energy critical infrastructures. 2. The "political criticality" means that the designation of an infrastructure as critical reflects the level of consequences decision-makers are ready to accept. These acceptability thresholds are related to the potential consequences the disruption of such infrastructure could trigger. If the potential consequences go beyond a given threshold, then the infrastructure is considered as critical. We developed and tested this hypothesis in the context of our participation to the preparatory work carried out by the European Commission Joint Research Center to support the European Commission and its member states on the definition of criteria for identifying European Critical Infrastructures (ECI). Conclusions highlight the benefits of a geographical approach to identify critical infrastructures. Infrastructures critiques Protection des infrastructures critiques Vulnérabilité territoriale Union européenne Infrastructures d'énergie Critical infrastructures Critical infrastructure protection Vulnerability assessment European Union Energy infrastructures
63	Vulnerability of Forests to Climatic and Non-Climatic Stressors : A Multi-Scale Assessment for Indian Forests Sharma, Jagmohan January 2015 (has links) (PDF) During the 21st century, climatic change and non-climatic stressors are likely to impact forests leading to large-scale forest and biodiversity loss, and diminished ecological benefits. Assessing the vulnerability of forests and addressing the sources of vulnerability is an important risk management strategy. The overall goal of this research work is to develop methodological approaches at different scales and apply them to assess the vulnerability of forests in India for developing strategies for forest adaptation. Indicator-based methodological approaches have been developed for vulnerability assessment at local, landscape and national scales under current climate scenario, and at national scale under future climate scenario. Under current climate scenario, the concept of inherent vulnerability of forests has emerged by treating vulnerability as a characteristic internal property of a forest ecosystem independent of exposure. This approach to assess vulnerability is consistent with the framework presented in the latest report of Intergovernmental Panel on Climate Change (IPCC AR5 2014). Assessment of vulnerability under future climate scenario is presented only at national scale due to challenges associated with model-based climate projections and impact assessment at finer scales. The framework to assess inherent vulnerability of forests at local scale involves selection of vulnerability indicators and pair wise comparison method (PCM) to assign the indicator weights. The methodology is applied in the field to a 300-ha moist deciduous case study forest (Aduvalli Protected Forest, Chikmagalur district) in the Western Ghats area, where a vulnerability index value of 0.248 is estimated. Results of the study indicate that two indicators - ‘preponderance of invasive species’ and ‘forest dependence of community’ - are the major drivers of inherent vulnerability at present. The methodology developed to assess the inherent vulnerability at landscape scale involves use of vulnerability indicators, the pair wise comparison method, and geographic information system (GIS) tools. Using the methodology, assessment of inherent vulnerability of Western Ghats Karnataka (WGK) landscape forests is carried out. Four vulnerability indicators namely, biological richness, disturbance index, canopy cover and slope having weights 0.552, 0.266, 0.123 and 0.059, respectively are used. The study shows that forests at one-third of the grid points in the landscape have high and very high inherent vulnerability, and natural forests are inherently less vulnerable than plantation forests. The methodology used for assessment of forest inherent vulnerability at the national scale was same as used at landscape scale. 40% of forest grid points in India are assessed with high and very high inherent vulnerability. Except in pockets, the forests in the three biodiversity hotspots in India i.e., the Western Ghats in peninsular India, northeastern India, and the northern Himalayan region are assessed to have low to medium inherent vulnerability. Vulnerability of forests under future climate scenario at national scale is estimated by combining the results of assessment of climate change impact and inherent vulnerability. In the present study, ensemble climatology from five CMIP5 (Coupled Model Intercomparison Project phase 5) climate models for RCP (Representative Concentration Pathways) 4.5 and 8.5 in short (2030s) and long term (2080s) is used as input to IBIS (Integrated Biosphere Simulator) dynamic vegetation model. Forest grid points projected to experience vegetation-shift to a new plant functional type (PFT) under future climate are categorized under ‘extremely high’ vulnerability category. Such forest grid points in India are 22 and 23% in the short term under RCP4.5 and 8.5 respectively, and these percentages increase to 31 and 37% in the long term. IBIS simulated vegetation projections are also compared with LPJ (Lund-Potsdam-Jena) simulated projections. Both the vegetation models agree that forests at about one-third of the grid points could be impacted by future climate but the spatial distribution of impacted grid points differs between the models. Vulnerability assessment is a powerful tool for building long-term resilience in the forest sector in the context of projected climate change. From this study, three forest scenarios emerge in India for developing adaptation strategies namely: (a) less disturbed primary forests; (b) degraded and fragmented primary forests; and (c) secondary (plantation) forests. Minimizing anthropogenic disturbance and conserving biodiversity are critical to reduce forest vulnerability of less disturbed primary forests. For disturbed forests and plantations, adaptive management aimed at forest restoration is necessary to build resilience. Mainstreaming forest adaptation in India through Forest Working Plans and realignment of the forestry programs is necessary to manage the risk to forests under climate change. Indian Forests Climate Stressors Climate Change Impact Assessment Vulnerability of Forests Forest-Climate Interaction Indian Forests - Impact Assessment Forest Vulnerability Assessment Inherent Vulnerability - Western Ghats Sustainable Technologies
64	Kartläggning av internetbaserad tunn klient Ek, Ida, Hornebrant, Erik January 2014 (has links) Då datorer i alla dess former har kommit att bära betydande mängder relevant information för diverse forensiska utredningar så krävs en ingående kunskap gällande hur denna data lämpligast infångas. En typ av klient som nyligen har gjort sitt kommersiella intåg på marknaden är den internetbaserade tunna klienten. Det existerar i dagsläget begränsat med underlag gällande huruvida en sådan klient bär information som är relevant för en IT-forensisk utredning. Inom denna uppsats har därför en internetbaserad tunn klient av typen Chromebook varit mål för undersökning. Syftet har varit att kartlägga vilka sårbarheter som existerar, samt om möjligt huruvida dessa kan brukas som underlag vid en forensisk utredning. För detta ändamål har klientens lagrings- samt kommunikationsmönster analyserats. För genomförandet av detta brukades experimentella metodiker i form av penetrationstest samt IT-forensisk undersökning. Det har även kartlagts huruvida programvaror avsedda för operativsystemet Linux kan exekveras på klienten. Ändamålet med detta var att fastställa om klientens volatila minne kan utvinnas med hjälp av verktyg för just Linux. Rapportens resultat påvisar att det inom en klient av denna typ finns forensiskt värdefull information att inhämta. Det påvisas även att Chrome OS från en användares perspektiv kan anses som säkert. / Computers in various forms have come to carry a significant amount of relevant information for various forensic investigations. Therefore, detailed knowledge is required regarding how this data is best acquired. One type of client that has recently made its entry onto the commercial market is the Web Thin Client. As it is today, only a limited amount of relevant information can be found regarding in what capacity such a client contains data that is relevant to an IT-forensic investigation. For this reason, a Web thin client of the model Google Chromebook has been evaluated in this paper. The purpose of this examination has been to identify the vulnerabilities that currently exist, and if possible whether these can be used as a basis for a forensic investigation. To achieve this, the client's storage and communication patterns have been analyzed by implementation of experimental methodologies. The methods used for the purpose are penetration testing and an IT forensic investigation. Tests have also been performed to evaluate whether software for the Linux operating system can be executed on the client. The purpose of this was to determine whether the client's volatile memory can be extracted using tools created for Linux. The results presented in this paper demonstrate the fact that within a client of this type, valuable forensic information can be located. It is also established that Chrome OS from a user's perspective can be considered as safe. Computer forensics Chrome OS Chromebook Web thin client Vulnerability Assessment Linux IT-forensik Chrome OS Chromebook Internetbaserad tunn klient Sårbarhetsanalys Linux Computer Systems Datorsystem Computer Engineering Datorteknik
65	Návrh metody pro hodnocení bezpečnostních zranitelností systémů / Design of methodology for vulnerability assesment Pecl, David January 2020 (has links) The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.
66	Including a Vulnerability Centred Adaptation Perspective in Urban Climate Assessment : The Case of International Women in the Malmö Lund Region Renard, Severine January 2022 (has links) The topic of climate adaptation has gained momentum in the last decade as a response to the increasing rate at which global climate is changing. There are two leading discourses to climate adaptation, Climate Change Adaptation (CCA) perspectives, which focuses on adapting to specific climate hazards and scenarios, and Vulnerability Centred Adaptation (VCA), which focuses on the socio-economic and environmental factors that compound climate impacts. However, despite global inclusivity efforts to adaptation, the CCA approach is predominant in developing economies. This empirical study attempts to close this gap by using the VCA approach to a climate risk, impact, and vulnerability assessment of the Malmö Lund Region, Sweden, and to showcase the relevance of including a VCA approach within developing economies. The primary data comes from using a semi-structured interview method of twelve international women who have moved to the region in the last decade. Simultaneously, semi-structured interviews were also conducted with a secondary sample group which consisted of six urban professionals who either worked with environmental issues, planning, or social vulnerability. The latter climate and vulnerability conversations were used to situate the IW’s perspective in the discussion. The results demonstrated that: 1. Climate risk depended on the duration, intensity of temperature, wind, light levels, and precipitation, or climate barriers, and the women’s ability to protect themselves. 2. The barriers negatively impacted them socially, physically, and emotionally, but also allowed them to experience new climate-related experiences and activities. 3. Finally, their adaptive capacity depended on the socio-economic and cultural circumstances which enhanced their vulnerability, while their adaptive capacity relied on their ability to apply micro-adaptations, reach out to community support, and use their previous climate experience. The findings confirm the need for an intersectional and bottom-up approach to climate adaptation, as it showcased how climate did impact the women and influenced their adaptation process in region despite it not being a primary cause of concern for these women. Secondly, it raises awareness of the non-climate predispositions of these women to climate vulnerability. Thirdly, the findings also show that variations in climate assessments do not only depend on long-term climate data in relation to climate hazards and risks, but also the women’s past climate experience, their current life circumstances, and the time spent in the host country. Finally, this research calls for urban climate adaptation strategies to account for a vulnerability perspective within their initial risk, vulnerability, and impact assessment and use these valuable insights to inform the planning stages of climate adaptation process for urban citizen. climate climate adaptation climate change climate analysis hazard impact assessment international women Malmö Lund Region risk assessment vulnerability assessment Social Sciences Interdisciplinary
67	Anticipating Urban Evacuations: A Planning Support System for Impact Reduction Belhadj, Joshua S. 23 April 2008 (has links) No description available. Area planning &amp development Engineering Geography Information Systems Transportation Urban Planning Man-made disaster Planning Support System GIS Model Terrorism Urban Planning Vulnerability Assessment, Evacuation
68	A Risk Based Approach to Intelligent Transportation Systems Security Bakhsh Kelarestaghi, Kaveh 11 July 2019 (has links) Security threats to cyber-physical systems are targeting institutions and infrastructure around the world, and the frequency and severity of attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Wireless Sensors Networks, Vehicle-to-everything communication (V2X), Dynamic Message Signs (DMS), and Traffic Signal Controllers are among major Intelligent Transportation Systems (ITS) infrastructure that has already been attacked or remain vulnerable to hacking. ITS has been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in travel demand. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices such as DMS are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is due to their location. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. There may be room for improvement by policymakers and program managers when considering critical infrastructure vulnerabilities. With cybersecurity issues escalating every day, road users' safety has been neglected. This dissertation overcomes these challenges and contributes to the nascent but growing literature of Intelligent Transportation System (ITS) security impact-oriented risk assessment in threefold. • First, I employ a risk-based approach to conduct a threat assessment. This threat assessment performs a qualitative vulnerability-oriented threat analysis. The objective is to scrutinize safety, security, reliability, and operation issues that are prompted by a compromised Dynamic Message Signs (DMS). • Second, I examine the impact of drivers' attitudes and behaviors on compliance, route diversion behavior, and speed change behavior, under a compromised DMS. We aim to assess the determinants that are likely to contribute to drivers' compliance with forged information. To this extent, this dissertation evaluates drivers' behavior under different unauthentic messages to assess in-depth the impact of an adversarial attack on the transportation network. • Third, I evaluate distracted driving under different scenarios to assess the in-depth impact of an adversarial attack on the transportation network. To this extent, this dissertation examines factors that are contributing to the manual, visual, and cognitive distractions when drivers encountering fabricated advisory information at a compromised DMS. The results of this dissertation support the original hypothesis and indicate that with respect to the forged information drivers tend to (1) change their planned route, (2) become involved in distracting activities, and (3) change their choice speed at the presence of a compromised DMS. The main findings of this dissertation are outlined below: 1. The DMS security vulnerabilities and predisposing conditions allow adversaries to compromise ITS functionality. The risk-based approach of this study delivers the impact-likelihood matrix, which maps the adverse impacts of the threat events onto a meaningful, visual, matrix. DMS hacking adverse impacts can be categorized mainly as high-risk and medium-risk clusters. The safety, operational (i.e., monetary losses) and behavioral impacts are associated with a high-risk cluster. While the security, reliability, efficiency, and operational (i.e., congestion) impacts are associated with the medium-risk cluster. 2. Tech friendly drivers are more likely to change their route under a compromised DMS. At the same time, while they are acquiring new information, they need to lowering their speed to respond to the higher information load. Under realistic-fabricated information, about 65% of the subjects would depart from their current route. The results indicate that females and subjects with a higher driving experience are more likely to change their route. In addition, those subjects who are more sensitive to the DMS's traffic-related messages and those who use DMS under congested traffic condition are more likely to divert. Interestingly, individuals with lower education level, Asians, those who live in urban areas, and those with trouble finding their direction in new routes are less likely to pick another route rather the one they planned for. 3. Regardless of the DMS hacking scenarios, drivers would engage in at least one of the distractive activities. Among the distractive activities, cognitive distraction has the highest impact on the distracted driving likelihood. Meaning, there is a high chance that drivers think of something other than driving, look at surrounding traffic and scenery, or talk to other passengers regarding the forged information they saw on the DMS. Drivers who rely and trust in technology, and those who check traffic condition before starting their trips tend to become distracted. In addition, the result identified that at the presence of bogus information, drivers tend to slow down or stop in order to react to the DMS. That is, they would either (1) become involved in activities through the means of their phone, (2) they would mind wander, look around, and talk to a passenger about the sign, and (3) search for extra information by means of their vehicle's radio or internet. 4. Females, black individuals, subjects with a disability, older, and those with high trust in DMS are less likely to ignore the fabricated messages. In contrary, white, those who drive long hours, and those who see driving as a tedious task are more likely to ignore the bogus messages. Drivers who comply with traffic regulations and have a good driving record are likely to slow down under the tampered messages. Furthermore, female drivers and those who live in rural areas are more likely to slow down under fabricated advisory information. Furthermore, this dissertation identifies that planning for alternative route and involvement in distractive activities cause speed variation behaviors under the compromised DMS. This dissertation is the first to investigate the adverse impact of a compromised DMS on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities. Broader impacts of this study include (1) to systematically raising awareness among policy-makers and engineers, (2) motivating further simulations and real-world experiments to investigate this matter further, (3) to systematically assessing the adverse impact of a security breach on transportation reliability and safety, and drivers' behavior, and (4) providing insights for system operators and decision-makers to prioritize the risk of a compromised DMS. Additionally, the outcome can be integrated with the nationwide connected vehicle and V2X implementations and security design. / Doctor of Philosophy / Security threats are targeting institutions and infrastructure around the world, and the frequency and severity of security attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Intelligent Transportation Systems have been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in traffic volume. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices, such as dynamic message signs, are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is that of their location in public. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. This study is the first to investigate the adversarial impact of a compromised message sign on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities. Intelligent Transportation Systems Cyber Security Cyber-Physical Systems Vulnerability Assessment Attack Tree Dynamic Message Sign Risk Assessment Impact Assessment Travelers Behavior Distracted Driving Speed Variation Route Divergence
69	Desarrollo, aplicación y validación de procedimientos y modelos para la evaluación de amenazas, vulnerabilidad y riesgo debidos a procesos geomorfológicos Bonachea Pico, Jaime 30 October 2006 (has links) Se presenta un procedimiento para evaluar de forma cuantitativa el riesgo por deslizamientos teniendo en cuenta la peligrosidad, los elementos expuestos y su vulnerabilidad. El método utiliza los modelos de susceptibilidad obtenidos previamente a partir de las relaciones estadísticas existentes entre los deslizamientos ocurridos en el pasado (últimos 50 años) y una serie de parámetros del terreno relacionados con la inestabilidad. La frecuencia de deslizamientos en el pasado se ha utilizado para estimar frecuencias futuras. También se ha realizado un inventario y cartografía de los elementos afectados por deslizamientos en el pasado, y se han estimado los daños para cada tipo de elemento teniendo en cuenta la magnitud del tipo de deslizamiento analizado. Posteriormente se estimó la vulnerabilidad, que se expresa en valores de 0 a 1, a partir de la comparación entre pérdidas y valor del elemento afectado.La integración de la peligrosidad, vulnerabilidad y valor del elemento ha permitido obtener modelos de riesgo directo por deslizamiento para cada tipo de elemento. Además se han analizado las pérdidas indirectas ocasionadas sobre las actividades económicas por este proceso. El resultado final es un mapa de riesgo donde cada píxel muestra las pérdidas esperables por deslizamientos en los próximos 50 años / A quantitative procedure for landslide risk mapping has been developed considering hazard, vulnerability and exposed elements. The method is based on a susceptibility model previously developed from statistical relationships between past landslides occurred in the study area (last 50 years) and terrain parameters related to instability. Past landslide behaviour has been used to calculate landslide frequency for the future. An inventory of direct damage due to landslides during the study period was carried out and the main elements at risk in the area identified and mapped. Past monetary losses per type of element have been estimated and expressed as an average 'specific loss' for events of a given magnitude (corresponding to a specified scenario). Vulnerability has been assessed by comparing losses with the actual value of the elements affected and expressed as a fraction of that value (0-1).By integrating hazard, vulnerability and monetary value, direct landslide risk ( /pixel) has been computed for each element considered. Indirect losses from the disruption of economic activities due to landsliding have also been assessed. The final result is a risk map combining all losses per pixel for a 50-year period. sinkhole susceptibility quantitative landslide risk assessment landslide hazard vulnerability assessment susceptibilidad a la subsidencia natural hazards evaluación de la vulnerabilidad peligrosidad de desplazamientos desastres naturales Geodinámica externa 504 55
70	Landslide Risk Assessment using Digital Elevation Models McLean, Amanda 22 March 2011 (has links) Regional landslide risk, as it is most commonly defined, is a product of the following: hazard, vulnerability and exposed population. The first objective of this research project is to estimate the regional landslide hazard level by calculating its probability of slope failure based on maximum slope angles, as estimated using data provided by digital elevation models (DEM). Furthermore, it addresses the impact of DEM resolution on perceived slope angles, using local averaging theory, by comparing the results predicted from DEM datasets of differing resolutions. Although the likelihood that a landslide will occur can be predicted with a hazard assessment model, the extent of the damage inflicted upon a region is a function of vulnerability. This introduces the second objective of this research project: vulnerability assessment. The third and final objective concerns the impact of urbanization and population growth on landslide risk levels. Landslide Risk Assessment Landslide Hazard Assessment Landslide Vulnerability Assessment Digital Elevation Model (DEM) Local Averaging Theory DEM Resolution Maximum Slope Angles Regional Probability of Slope Failure

Search results