Geological geophysical and seismological investigations for earthquake hazard estimation in western Crete

Moisidi, Margarita

January 2009

The purpose of the thesis is the determination of potentially seismic active sources and of the dynamic response evaluation of surface and subsurface structure at sites where the geometric and dynamic properties of the ground can strongly amplify seismic motions. A combination of methods involving the study of geology, geophysics and seismology disciplines permitting cross-comparison of techniques in a robust approach is applied to address these issues. The study area is focused in Kastelli-Kissamou and Paleohora half graben basins in northwestern and southwestern Crete that is located in one of the most seismically active parts of the Africa-Eurasia collision zone. Ground truthed geological field survey, 2D Electrical Resistivity Tomography (ERT), Horizontal to Vertical Spectra Ratio (HVSR) technique using microtremors and microseismicity study are conducted. Microseismicity study involves two different earthquake dataset acquired from a regional permanent network installed on Crete and local temporal network installed on Paleohora. 2D Electrical resistivity tomography (ERT) reveals seven faults in the territory of Kastelli-Kissamou and three faults large scale faults in the territory of Paleohora basin. HVSR technique using microtremors is applied only in the populated area of Kastelli and Paleohora basins and reveals five fault zones in Kastelli and four major fault zones in Paleohora crosscutting the densely populated areas. The effects of the surface and subsurface structure are well patterned in the horizontal to vertical spectra ratios. One amplified clear frequency, two high amplified clear frequencies, broad and flat or low amplitude HVSR peaks attributes the effects of surface and subsurface structure on seismic ground motion. The effects of soft rocks, stiff soils, thick and thin alluvial deposits, fault zones, lateral heterogeneities and discontinuities on seismic ground motion are determined. The higher ground amplification level is observed in Paleohora (A=5.7) compared to Kastelli (A=3.4). Three case studies of building vulnerability evaluation in Paleohora half-graben basin using HVSR technique and microtremors are presented. Temporal seismological network is installed in the territory of Paleohora to study the seismotectonic setting of southwestern Crete. Microseismicity using data from the permanent seismological regional network of Crete is used to compare the seismicity of the study areas.

551.22

Systematic Vulnerability Evaluation of Interoperable Medical Device System using Attack Trees

Xu, Jian

10 December 2015

"Security for medical devices has gained some attractions in the recent years following some well- publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. Medical devices are however becoming increasingly interconnected and interoperable as a way to improve patient safety, decrease false alarms, and reduce clinician cognitive workload. Given the nature of interoperable medical devices (IMDs), attacks on IMDs can have devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. A useful way of performing threat analysis of any system is to use attack trees. Attack trees are conceptual, multi-leveled diagrams showing how an asset, or target, might be attacked. They provide a formal, methodical way of describing the threats to a system. Developing attack trees for any system is however non-trivial and requires considerable expertise in identifying the various attack vectors. IMDs are typically deployed in hospitals by clinicians and clinical engineers who may not posses such expertise. We therefore develop a methodology that will enable the automated generation of attack trees for IMDs based on a description of the IMD operational workflow and list of safety hazards that need to be avoided during its operation. Additionally, we use the generated attack trees to quantify the security condition of the IMD instance being analyzed. Both these pieces of information can be provided by the users of IMDs in a care facility. The contributions of this paper are: (1) a methodology for automated generation of attack trees for IMDs using process modeling and hazard analysis, and (2) a demonstration of the viability of the methodology for a specific IMD setup called Patient Controlled Analgesia (PCA- IMD), which is used for delivering pain medication to patients in hospitals."

Attack Trees

Interoperable Medical Device System

Vulnerability Evaluation

Security evaluation of ten Swedish mobile applications

Ekenblad, Jens, Andres Garrido Valenzuela, Stefan

January 2022

The widespread usage of smartphones and mobile applications in Sweden exposes the users to potential risks if not adequate security standards are implemented. An insecure application that is exploited by an adversary could potentially compromise the users private data and integrity. As such, this report aims to examine and evaluate the security of ten commonly used mobile applications in Sweden. Using the OWASP Mobile Security Testing Guide (MSTG) and conducting penetration testing, the applications were assessed in regards of strengths and weaknesses. The results presents nine potential vulnerabilities of which three were successfully exploited with the use of brute-force and session hijack attacks. Even though all examined applications adopt industry security standards of various degrees, our findings shows that a few applications are susceptible to vulnerabilities. / Det breda användadet av smarta telefoner och mobila applikationer i Sverige utsätter användare för potentiella risker om inte tillräckliga nivåer av säkerhetsstandarder implementeras. En osäker applikation som utnyttjas av en person med onda avsikter skulle kunna leda till dataintrång hos en användare. Därav siktar denna rapport på att utvärdera säkerheten hos tio vanligt förekommande mobila applikationer i Sverige. Med hjälp av OWASP Mobile Security Testing Guide (MSTG) och utförandet av penetrationstester så har applikationernas styrkor och svagheter utvärderats. Resultatet som presenteras visar på nio potentiella sårbarheter varav tre kunde verifieras genom lyckade brute-force och session hijack attacker. Även om de utvärderade applikationerna implementerar en viss nivå av säkerhetsstandarder, så visar vårt resultat att vissa av applikationerna är utsatta för sårbarheter.

Black-box testing

Penetration testing

Mobile applications

Android

Exploit

Vulnerability Evaluation

OWASP

MSTG

Black-box testning

Penetrations testning

Mobila applikationer

Android

Exploatering

Sårbarhetsutvärdering

OWASP

MSTG

Computer and Information Sciences

Data- och informationsvetenskap