Global ETD Search

681	Security Analysis of Volvo’s Infotainment System Ismail, Dana, Aslan, Porsev January 2022 (has links) Today’s car development is progressing rapidly, and new car models are constantly being produced. These new vehicles are adapted to today’s digital society and all its needs. An important issue is how well security is involved in this technological development. With all these successes, there are also possible vulnerabilities. Thus, the cybersecurity aspect is a crucial part in the development of modern vehicles due to possible exploitation that have taken place and can take place in the future. The main problem researched within this thesis was to investigate the safety of Volvo’s Vehicle Infotainment System (IV). To analyze such a complex system, a threat model was created by gathering necessary data, inspecting a physical rig sent by the manufacturer, and receiving feedback from industry experts. Furthermore, several attack simulations were performed on the threat model, generating several attack paths and probabilistic graphs that were analyzed. This work resulted in a threat model that represented the physical IV. The model included identifications of interesting entry points from which an attacker can start different attacks. After investigation, the Bluetooth network and the operating system of the Infotainment Head Unit (IHU) were both chosen as entry points for the attack simulations. The attack simulations made on the model were tested in different scenarios because this resulted in a more comprehensive outcome. The results of the attack simulations were that in comparison to a low- security scenario, the high-security cases decreased the success rate of compromising the targeted asset. However, enabling every possible defenses, there were no attack paths generated, but the results showed that an attacker still can perform other sorts of attacks. It is concluded that if one assumes that the threat model within this work is somewhat identical to the physical IV, there is a possibility of exploiting vulnerabilities if not all defenses are enabled for all components. These results are sought to increase the relevancy of the cybersecurity aspects within the vehicle industry, especially on infotainment systems. / Dagens bilutveckling går snabbt framåt och nya bilmodeller produceras ständigt. Dessa nya fordon är anpassade till dagens digitala samhälle och alla dess behov. En viktig fråga är hur väl säkerheten är involverad i denna tekniska utveckling. Med alla dessa framgångar finns det också möjliga sårbarheter. Därför är cybersäkerhetsaspekten en viktig del i utvecklingen av moderna fordon på grund av möjliga utnyttjanden som har skett och kan ske i framtiden. Huvudproblemet som undersöktes inom ramen för denna avhandling var att undersöka säkerheten hos Volvos infotainmentsystem. För att analysera ett så komplext system skapades en hotmodell genom att samla in nödvändig data, inspektera en fysisk rigg som skickats av tillverkaren och få feedback från branschexperter. Dessutom utfördes flera attacksimuleringar på hotmodellen, vilket genererade flera attackvägar och probabilistiska grafer som analyserades. Detta arbete resulterade i en hotmodell som representerade det fysiska infotainmentsystemet. Modellen innehöll identifieringar av intressanta ingångspunkter från vilka en angripare kan starta olika attacker. Efter undersökning valdes Bluetooth-nätverket och operativsystemet för IHU som ingångspunkter för attacksimuleringarna. De angreppssimuleringar som gjordes på modellen testades i olika scenarier eftersom detta gav ett mer omfattande resultat. Resultaten av angreppssimuleringarna var att i jämförelse med ett scenario med låg säkerhet, minskade högsäkerhetsfallet framgångsfrekvensen för att lyckas med attacken. Om alla tänkbara försvarsmekanismer aktiverades genererades inga angreppsvägar, men resultaten visade att en angripare fortfarande kan utföra andra typer av angrepp. Slutsatsen är att om man antar att hotmodellen inom detta arbete är något identisk med den fysiska infotainmentsystemet, finns det en möjlighet att utnyttja sårbarheter om inte alla försvar är aktiverade för alla komponenter. Dessa resultat syftar till att öka relevansen av cybersäkerhetsaspekterna inom fordonsindustrin, särskilt när det gäller infotainmentsystem. Threat Modeling Attack Simulations Risk Analysis Cybersecurity Infotainment System Vehicle Security Hotmodeller Attacksimuleringar Riskanalys Cybersäkerhet Infotainmentsystem Fordonssäkerhet Computer Engineering Datorteknik
682	Mitigating CI/CD threats through an extended access control model / Motverka hot CI/CD-hot genom en utökad åtkomstkontrollmodell Siberov, Arvid January 2024 (has links) Continuous integration and continuous deployment (CI/CD) are automated processes that form a vital part of the software development lifecycle. However, CI/CD entails unique security challenges, as demonstrated by cyber attacks in recent years. This thesis presents a method for diminishing the risks of CI/CD through the dynamic access control patterns of zero trust. The impact of the method is evaluated by threat modeling popular open-source CI/CD pipelines on GitHub using STRIDE and examining the effect on the found threats. This evaluation shows that a significant subset of the found threats are impacted by the method, which suggests that monitoring dynamic CI/CD attributes have the potential to improve the security of CI/CD systems. Furthermore, the current use of existing mitigations against threats by popular GitHub repositories is investigated. / En allt viktigare del av utveckling av mjukvara utgörs av så kallade CI/CDpipelines, vilka möjliggör kontinuerlig integration och leverans av mjukvara. Dessa medför stora förtjänster i utvecklingseffektivitet, men även unika säkerhetsutmaningar, vilket har poängterats av cyberattacker mot pipelines under senare år. Denna uppsats uppsats syftar till att minska riskerna i CI/CD-pipelines. Detta görs genom att presentera en ny modell för åtkomstkontroll i CI/CD-pipelines på webbplattformet GitHub. Modellens prestanda evalueras genom att undersöka dess effekt på pipeline-hot som hittas genom hotmodellering av populära projekt på GitHub. Evalueringen visar att en betydande delmängd av de funna hoten påverkas av modellen, vilket antyder att övervakning av dynamiska attribut i CI/CD-system kan förbättra säkerheten i dessa. Dessutom så undersöks hur existerande GitHub-projekt jobbar med lindringar av hot mot säkerheten i pipelines. CI/CD threat modeling STRIDE GitHub Actions CI/CD hotmodellering STRIDE GitHub Actions Computer Sciences Datavetenskap (datalogi)
683	Restoration of the endangered Cumberland elktoe (Alasmidonta atropurpurea) and Cumberland bean (Villosa trabalis) (Bivalvia: Unionidae) in the Big South Fork National River and Recreation Area, Tennessee and Kentucky Guyot, Jennifer Ann 04 April 2006 (has links) The Big South Fork National River and Recreation Area (NRRA), located in Tennessee and Kentucky, has prepared a management plan to include restoration of its mussel fauna to historic levels. Restoration activities include propagation of juvenile mussels and relocation of adults to suitable sites in the Big South Fork of the Cumberland River (BSF) and its tributaries. This study was conducted to identify host fish for Cumberland elktoe (Alasmidonta atropurpurea) and Cumberland bean (Villosa trabalis), to determine suitable juvenile culture conditions for Epioblasma brevidens and V. trabalis, and to locate sites important to future mussel restoration efforts in the NRRA. Host fish identifications and propagation techniques were determined for two of the endangered species in the NRRA, Cumberland elktoe (Alasmidonta atropurpurea) and Cumberland bean (Villosa trabalis). Of seven host species tested, banded sculpin (Cottus carolinae) was the most suitable host fish for propagation of A. atropurpurea. Of five host species tested, fantail darters (Etheostoma flabellare) were the most suitable host fish for propagation of V. trabalis. Culture techniques to raise juvenile mussels in captivity were evaluated, using newly metamorphosed juveniles of V. trabalis and E. brevidens in recirculating systems. No differences in juvenile growth or survival were detected among substrates used (fine sediment, coarse sand, and a mixture of the two). Recirculating system design seemed to affect juvenile growth and survival; however, variable condition of juveniles also seemed to affect results, making it difficult to determine effects from trial treatments. Finally, an assessment of potential sites in the NRRA for restoration activities was conducted using spatial analysis in a geographic information system (GIS) and several measures of conservation value. Mussel restoration sites were assessed for potential threats from adjacent land uses that may negatively affect mussels, including coal mines, oil and gas wells, transportation corridors, agriculture and urban development. Sites were also evaluated on their current conservation value to designate which sites are most important to long-term maintenance of mussel fauna. Several sites were identified that contain relatively few land-use threats, and are appropriate for mussel restoration activities, including Big Island, Station Camp Creek, and Parchcorn Creek sites on the mainstem BSF, as well as sites on Clear Fork and North White Oak Creek. Many of these sites also have high conservation values. Other sites had relatively high land-use threats that need to be addressed before restoration activities take place. Such sites include Leatherwood Ford, Rough Shoals Branch, Blue Heron, and Yamacraw on the mainstem BSF. The dominant threat to most sites came from transportation corridors, whereas some sites in southern and eastern portions of the watershed also were threatened by coal mines, and oil and gas wells. / Master of Science threat assessment freshwater mussels host fish Cumberland elktoe Cumberland bean juvenile culture
684	'No hard feelings': Resolving and Redefining Threatened Masculinity Scaptura, Maria Nicole 26 May 2023 (has links) This project sheds light on men's choice in the face of threats to their masculinity: to compensate to appear more masculine or to revise their definitions of manhood. Research has demonstrated that men overcompensate in their displays of masculinities when faced with challenges to their dominant status. However, not all men pursue dominant displays of masculinity through heterosexuality: Older men (85+) may abandon ideals of masculinity tied to sexual dominance as they once did in middle age. This dissertation weaves together men's three distinct pursuits of dominant manhood: approval of violence against women (AVAW), changes to sexual function in old age (i.e., flaccidity or erectile dysfunction), and sugar dating (i.e., dating between younger women and an older man, in which money is exchanged for intimacy). I show that men's use of compensatory heterosexuality offers them a way to do gender when confronted with threatened masculinity in the form(s) of subordination to women, sexual dysfunction, and older age. In each project, men rely on displays of heterosexual dominance and objectification of women as a compensatory means to do masculinity. However, their reliance on heterosexuality is subject to change under such conditions as older age, which can lead to revisions of manhood. / Doctor of Philosophy / This project sheds light on men's choices in the face of gender threats: to compensate to appear more masculine or to revise or change their definitions of manhood. Research has demonstrated that men overdo their displays of masculinity when faced with challenges. However, not all men do this: Older men (85+) may move away from a masculinity tied to sexual displays as they once did in middle age. This dissertation weaves together three displays of masculinity: approval of violence against women (AVAW), changes to sexual function in old age (i.e., flaccidity or erectile dysfunction), and sugar dating (i.e., dating between a younger woman and an older man in which money is exchanged for emotional and physical relationships). These avenues offer men a way to perform their masculinities when confronted with threats in the form(s) of subordination to women (i.e., women in power over you), sexual dysfunction, and older age. In each project, men rely on displays of sexual dominance and objectification of women to perform masculinity (when compensating). However, their reliance on these displays is subject to change under certain conditions (when revising manhood). masculinity manhood masculinity threat violence against women erectile dysfunction flaccidity sex anxiety aging aging manhood sugar dating
685	Secure electronic tendering Du, Rong January 2007 (has links) Tendering is a method for entering into a sales contract. Numerous electronic tendering systems have been established with the intent of improving the efficiency of the tendering process. Although providing adequate security services is a desired feature in an e-tendering system, current e-tendering systems are usually designed with little consideration of security and legal compliance. This research focuses on designing secure protocols for e-tendering systems. It involves developing methodologies for establishing security requirements, constructing security protocols and using formal methods in protocol security verification. The implication is that it may prove suitable for developing secure protocols in other electronic business domains. In depth investigations are conducted into a range of issues in relation to establishing generic security requirements for e-tendering systems. The outcomes are presented in a form of basic and advanced security requirements for e-tendering process. This analysis shows that advanced security services are required to secure e-tender negotiation integrity and the submission process. Two generic issues discovered in the course of this research, functional difference and functional limitations, are fundamental in constructing secure protocols for tender negotiation and submission processes. Functional difference identification derives advanced security requirements. Functional limitation assessment defines how the logic of generic security mechanisms should be constructed. These principles form a proactive analysis applied prior to the construction of security protocols. Security protocols have been successfully constructed using generic cryptographic security mechanisms. These protocols are secure e-tender negotiation integrity protocol suite, and secure e-tender submission protocols. Their security has been verified progressively during the design. Verification results show that protocols are secure against common threat scenarios. The primary contribution of this stage are the procedures developed for the complex e-business protocol analysis using formal methods. The research shows that proactive analysis has made this formal security verification possible and practical for complex protocols. These primary outcomes have raised awareness of security issues in e-tendering. The security solutions proposed in the protocol format are the first in e-tendering with verifiable security against common threat scenarios, and which are also practical for implementation. The procedures developed for securing the e-tendering process are generic and can be applied to other business domains. The study has made improvements in: establishing adequate security for a business process; applying proactive analysis prior to secure protocol construction; and verifying security of complex e-business protocols using tool aided formal methods. e-tendering e-procurement e-auction e-commerce e-business business process e-tender negotiation e-tender submission security security requirements secure protocol security functions integrity confidentiality threat threat scenario cryptology cryptography generic securitymechanism cryptographic hash function digital signature commitment scheme identity based encryption formal method shvt model checking threat modeling verification elements verification process
686	Threat Awareness in Agile Environments : Creating a Developer-Driven Threat Modeling Process for Agile Software Development Teams / Hotmedvetenhet i agila miljöer : En utvecklardriven hotmodelleringsmetod för agila mjukvaruutvecklingsteam NYMAN, NICK January 2020 (has links) Agile principles for software development are now the industry standard for innovative projects. Agile is often hailed for being flexible, but there is also a commonly held 'truth' that agile principles and software security do not work well together. For this reason it is not uncommon to place all security responsibilities with a separate team, which goes against the agile principles of being team-centered and may affect flexibility or timeframe of a project. Additionally, software security is difficult and requires extensive experience and knowledge, something that varies a lot among software developers. This study presents a threat modeling process tailored for the specific needs and capabilities of the agile developer team. The process combines features of attack trees and abuser stories with other supplementary techniques in a pedagogical instruction manual to create an accessible and easy-to-get-started method intended to be driven by the developers themselves. The process has been developed through extensive review of extant threat modeling methods and the circumstances of the agile team, and trialed through user tests at an agile ITorganization in the financial services. / Agila principer för mjukvaruutveckling är nu industristandard för innovativa projekt. Agila metoder hyllas ofta för sin flexibilitet men det finns också en vidspridd uppfattning att agila metoder och mjukvarusäkerhet inte går bra ihop. Av den anledningen är det inte ovanligt att säkerhetsansvar och -uppgifter drivs av en separat säkerhetsgrupp, vilket går emot de agila principerna om fokus på utvecklarteamet. Detta kan få effekter både för projektets flexibilitet och dess tidsram. Dessutom är IT-säkerhet ett svårt ämne som kräver både erfarenhet och avsevärd kunskap, något som funnits variera mycket bland mjukvaruutvecklare. Den här studien presenterar en hotmodelleringsprocess som skräddarsytts för utvecklarteamets specifika behov och styrkor. Processen kombinerar funktioner från attackträd och abuser stories med andra, komplementära tekniker i en pedagogisk instruktionsmanual för att leverera en lättillgänglig och snabbstartad metod menad att drivas av utvecklarna själva. Processen har utvecklats genom omfattande studier av etablerade hotmodelleringsprocesser, samt den agila teammiljön, och testats och vidareutvecklats genom användartester hos en agil IT-organisation inom finansbranschen. Security Software security Security processes Threat awareness Agile development Agile methodologies Agile teams Developer-driven processes Threat modeling Threat modeling methods Attack trees Abuser stories IT-säkerhet Mjukvarusäkerhet Hotmedvetenhet Agil mjukvaruutveckling Agila metoder Agila team Utvecklardrivna processer Hotmodellering Hotmodelleringsmetoder Attackträd Engineering and Technology Teknik och teknologier
687	制衡「中國威脅論」--中國國際形象行銷研究 / Marketing against the “China Threat”:A Study of China’s International Image Promotion 高琳恩, Kao, Leanne Unknown Date (has links) 中國於1971年加入聯合國，藉此重返國際社會；但在毛澤東主政下，中國仍自我封鎖。鄧小平於1976年接替毛澤東後，終於在1979年開啟中國的大門；此時國際環境中現有的規則、制度及價值，大多為西方國家所主導。中國做為後來者，在二十年間成為亞洲經濟的動力來源，世界各國無不密切觀察其快速的崛起；對於中國在國際體系中扮演的角色，以及該如何面對中國竄升的實力，國際間出現兩種看法。第一種看法將中國視為必須加以防堵的威脅，第二種則將中國視為可透過交往加以運用的機會。「中國威脅論」之說，在1989年的六四天安門鎮壓事件發生後到達顛峰，中國面臨遭到國際孤立的局面，中國政府因此深刻體認到國際聲譽及形象受損的嚴重後果。而當中國共產黨執政的正當性日益仰賴經濟改革成果之際，中國政府更急於塑造友善的國際環境，使其經濟改革得以前進。中國政府開始啟動了全面的國際形象改造，以緩和將中國視為威脅的國際氛圍。中國領導人自此大力宣傳其「和平崛起」，並在其傳統文化中尋找「軟實力」元素，做為推展多面向公眾外交的後盾。本文內容主要檢視中國擁有的軟實力資源，及其推動高層官員出訪、積極參與國際論壇、主辦北京奧運及上海博覽會等公眾外交作為，結論認為中國的國際形象改造計畫，在全球不同的區域獲致不同的成效。 / China reentered the international community in 1971 when it joined the United Nations, but it remained a closed country under Mao’s watch. Deng Xiaoping succeeded Mao in 1976 and he opened China’s door in 1979 to a global environment where existing rules, institutions, and values had been largely shaped by western countries. In two decades the latecomer has become the economic powerhouse in Asia and has had other states watching its rapid rise in the global community. Two rival views have since emerged as to China’s role in the international order and how to deal with its rising power. The first deems China as a threat to be contained. The second projects China as an opportunity that can be employed through engagement. The “China threat” argument reached its height after the crackdown on student protest at the Tiananmen Square on June 4, 1989. The aftermath of international isolation seriously alerted the Chinese government to the effect of severe damage to its reputation and image internationally. As the Chinese Communist Party’s power legitimacy increasingly relies on delivering economic success, the Chinese government became ever more eager to create a friendly international environment where its economic development may be furthered. The Chinese government has since launched a sweeping reform of its global image to smooth away the perception of China as a threat. Chinese leaders have since touted its “peaceful rise” and turned to its traditional culture for soft power resources to better support its public diplomacy on all possible fronts. Examining China’s soft power resources and its efforts in staging high-level official visits, actively participating in international forums, and hosting the Beijing Olympics and the Shanghai World Exposition, this thesis finds that China’s global image promotion has reaped various degree of success in different regions. 中國威脅論公眾外交軟實力國際形象 China threat Public diplomacy Soft power Global image
688	The impact of US-China relations on Taiwan's military spending (1966-1992). Yu, Tsung-Chi Max 05 1900 (has links) Previous research has shown that Taiwan's military spending is affected either by China's military buildup or the US's military pipeline. This study investigates whether it is also true an ongoing US-China relationship has dynamic effects. Three major findings are obtained from the statistical analyses. First and foremost, the level of US-China conflict has a contemporaneous positive effect on Taiwan's military spending. Second, the analyses also indicate that the volatility of US-China relations has negative effects on Taiwan's military spending. This finding suggests that instability in US-China relations will prompt Taiwan to decrease its military spending due to a higher amount of perceived security on the one hand, and Taiwan wants to avoid further provoking China on the other. Third, analyses indicate that an error correction model fares better than a simple budgetary incremental model in explaining the re-equilibrating effects of GNP growth on Taiwan's military spending. Overall, the results demonstrate the interplay of domestic and international constraints and may help to predict what will be the expected military spending when Taiwan's economy changes. I suggest that Taiwan's military spending is likely to be influenced by US-China relations as well as by foreign investment and domestic economic constraints as long as the United States policy toward the Taiwan problem remains unchanged. US-China relations. military spending external threat arms race security ECM
689	Face Threat Mitigation in Feedback: An Examination of Student Apprehension, Self-Efficacy, and Perceived Emotional Support Hadden, Alexis A. 01 January 2017 (has links) This experimental study examined the effects of an instructor’s face threat mitigation tactics on student self-efficacy for learning and perceived emotional support from the instructor in a written feedback setting. Participants (N = 401) were randomly assigned to one of four feedback scenarios in which level of face threat mitigation and instructor age and status were manipulated. Student grade orientation and state feedback apprehension were measured prior to being exposed to the feedback scenario. Results indicate that high face threat mitigation is positively associated with student self-efficacy for learning and perceived emotional support from the instructor. Results also revealed that state feedback apprehension predicts self-efficacy for learning and perceived emotional support from the instructor. Grade orientation predicted self-efficacy for learning but did not significantly predict perceived emotional support from the instructor providing feedback. Finally, scenarios manipulated for instructor age and status did not significantly differ in self-efficacy for learning or perceived emotional support from the instructor. Implications regarding theory, the measurement of feedback apprehension, and student-instructor communication are discussed. face threat mitigation instructional feedback emotional support feedback apprehension grade orientation self-efficacy for learning Curriculum and Instruction
690	Stereotype Threat Eckert, Christine 25 April 2017 (has links) (PDF) Stereotype Threat wird definiert als ein Gefühl der Bedrohung, das Personen in einer Situation erleben, in der sie befürchten, aufgrund eines negativen Stereotyps über ihre Gruppe beurteilt zu werden bzw. durch ihr Verhalten das Stereotyp unbeabsichtigterweise zu bestätigen. Der Begriff geht auf Claude M. Steele und Joshua Aronson zurück. Stereotype Threat kann als ein situatives Dilemma bezeichnet werden, das bei Mitgliedern stigmatisierter Gruppen in Testsituationen kurzfristig zu signifikanten Leistungseinbußen führen kann. Es kann auch bei anderen Wahlentscheidungen auftreten. Empirisch gesicherte Befunde für die längerfristigen Auswirkungen liegen bisher kaum vor. Auch die auslösenden Bedingungen sind nicht abschließend geklärt. Geschlecht Geschlechterrolle Geschlechterstereotyp Stereotype Threat Stereotyp Psychologie Diskriminierung Stigmatisierung Einstellungen Überzeugungen Selbstkonzept Claude M. Steele Joshua Aronson gender gender role psychology discrimination stigmatization attitude sense of self ddc:301

Search results