61 |
Identifying Threat Factors of Vulnerabilities in Ethereum Smart ContractsNoor, Mah, Murad, Syeda Hina January 2023 (has links)
Ethereum is one of the top blockchain platforms that represents this second generation of blockchain technology. However, the security vulnerabilities associated with smart contracts pose significant risks to confidentiality, integrity, and availability of applications supported by Ethereum. While several studies have enumerated various security issues in smart contracts, only a handful have identified the factors that determine the severity and potential of these issues to pose significant risks in practice. As its first contribution, this thesis presents a framework that identifies such factors and highlights the most critical security threats and vulnerabilities of Ethereum smart contracts. To achieve this, we conduct a comprehensive literature review to identify and categorize the vulnerabilities, assess their potential impact, and evaluate the likelihood of exploitation in real-life contracts. We classify the identified vulnerabilities based on their nature and severity and proposed mitigation recommendations. Our theoretical contribution is to establish a correlation between the security vulnerabilities of smart contracts and their potential impact on the security of smart contracts by identifying factors that pose a (practical) threat. Our practical contribution involves developing a tool based on staticanalysis that can automatically detect at least one critical securityissue with the highest threat factor. For the target vulnerability, wechoose the usage of input from external users without any validation.This vulnerability, as we call it, Missing Input Validation (MIV), actsas a root cause for further (well-known and well-researched) issues,for instance, the flow of tainted values into sensitive operations suchas the transfer of cryptocurrencies and self destruct instruction. Weimplement the tool MIV Checker and evaluate its efficacy on a test setof 36 smart contracts. Our evaluation results show that MIV Checkercorrectly detects 87.6 % of instances of MIV in the dataset.
|
62 |
Pharmaceutical supply chain resilience. An exploratory analysis of vulnerabilities and resilience strategies in the face of dynamic disruptions in the UK pharmaceutical supply chainYaroson, Emilia V. January 2019 (has links)
Pharmaceutical supply chains are susceptible to disruptions which impact on the operational and financial performance of firms as well as patient safety. This study aimed to explore why the Pharmaceutical Supply Chain (PSC) in the UK is susceptible to the impact of dynamic disruptions and examine how resilience strategies have were employed to reduce the effects of these disruptions. The Complex Adaptive System (CAS) theory was used as a framework in an exploratory research design using mixed-methods. The qualitative data were gathered through 23 semi-structured interviews with key supply chain actors across the PSC in the UK to explore their experiences. The findings from these semi-structured interviews were used to develop a survey which was distributed to a broader spectrum of supply chain actors where the final sample from the survey was (n=106). The data were triangulated to discuss the research findings. The initial results revealed power, conflict and complexities as drivers of vulnerabilities in the PSC. Antecedents for building resilience strategies included visibility, flexibility and joint decision making as recovery strategies and resource sharing as the resistance strategy. CAS provided a systemic approach to understanding PSC resilience rather than in parts. In doing so, it took into consideration the various elements that make up the entire system. Thus, vulnerabilities and resilience strategies were outcomes of the interactions between supply chain actors. The findings demonstrated that CAS, as a theory, provided a framework that was beneficial in exploring and gaining insights into PSC resilience. Also, by combining the two datasets (interviews and survey), an original output was proposed -the Pharmaceutical Supply Chain Resilience Framework (PSCRF)- which was used to recommend resilience strategies suitable for mitigating disruptions in the PSC.
|
63 |
Case Study: Assessing the Security of a ZigBee Smart HomeNetworkSaker, Robal, Abu Issa, Obaida January 2024 (has links)
Utilizing the ZigBee protocol is pervasive in the context of smart homes, offering substantial convenience to individuals. However, smart home devices commonly handle significant quantities of real-world information, potentially giving rise to concerns related to information leakage. Therefore, in this study, we assess the security of a ZigBee smart homenetworkbyidentifying potential vulnerabilities and conducting a penetration test on the network. In addition, this study compared the potential damage inflicted on the ZigBee network bytechnical and non-technical users. Identifying the potential vulnerabilities was carried out by following a systematic literature review approach, while the penetration testing method was conducted with the help of a case study. The smart home network consisted of a gateway, a smart light bulb, a temperature and humidity sensor, and a motion sensor. The results show a vulnerability in the ZigBee protocol where the technical user could compromise all the security keys. However, the non-technical user was not able to compromise the ZigBee network. Consequently, the security of ZigBee-based smart devices still needs to be further investigated and strengthened. Finally, we discussed the future of the ZigBee network and the optimal scenarios for deploying it.
|
64 |
The Everyday Internet, a Minefield in Disguise : Characterization of different types of domains including malicious and popularity / Internet, ett minfält i förklädnad.Petersson, Linn, Lindkvist, Rebecka January 2022 (has links)
Today, security has become a growing concern for all internet users, where technology is developing faster than its security is implemented, which leads to insecure domains. In this thesis, we look at the reality of today’s domains and research if some categories of domains are safer than others and the reason behind it. The total amount of researched domains was 8080 divided into four categories; popular, categories, continents, and malicious. The analysis was made by looking closer at default protocols, cipher suites, certificate authorities (CAs), certificate classifications, page loading times, and vulnerabilities. Our result indicated that TLS 1.2 and TLS 1.3 are the most commonly used protocol. The largest difference between the domains could be seen among the CAs, even though no definite reason for this could be found. The most popular cipher suite for popular, categories, and malicious belonged to TLS 1.3 meanwhile, continents had a cipher suite belonging to TLS 1.2. All four categories were vulnerable to at least five out of eight different types of attacks. The least commonly used certificate classification is EV certificates, while DV is the most commonly used. Through our data collection and analysis, we could conclude that all domains are not as safe as one might think, while the underlying security infrastructure of malicious domains might be better than anyone expects.
|
65 |
Intrusion Detection for 0-Day VulnerabilitiesTruhan, Nathan D. 19 July 2011 (has links)
No description available.
|
66 |
Data-Driven Cyber Vulnerability Maintenance of Network Vulnerabilities with Markov Decision ProcessesJiang, Tianyu 23 October 2017 (has links)
No description available.
|
67 |
Social Disaster Vulnerabilities: a Study of Gender and Foreign Residents in Japan / 災害における社会的な脆弱性―日本におけるジェンダーと外国人居住者に関する研究―Petraroli, Irene 23 March 2022 (has links)
京都大学 / 新制・課程博士 / 博士(地球環境学) / 甲第24062号 / 地環博第225号 / 新制||地環||43(附属図書館) / 京都大学大学院地球環境学舎地球環境学専攻 / (主査)講師 BAARS ROGER CLOUD, 教授 宇佐美 誠, 准教授 落合 知帆, 准教授 TRENCHER Gregory / 学位規則第4条第1項該当 / Doctor of Global Environmental Studies / Kyoto University / DFAM
|
68 |
Gender-responsive peacebuilding in a changing climate : A qualitative content analysis of strengths and weaknesses in National Action Plans.Jangbrand, Amanda January 2022 (has links)
Climate change can exacerbate violent conflict, create risks to human security, and prevent conflict recovery and peacebuilding in different contexts. Climate change nor conflict is rarely fair and have been argued to have different impacts on gender.In 2000, the UN Security Council adopted resolution 1325 on ‘Women, Peace and Security’ which promoted the advancement of women’s position in national agendas of peace and security. It has become increasingly clear that the climate-gender-conflict nexus is critical to both peacebuilding efforts and developing strong communities resilient to climate change impacts. While previous research on the nexus has been dominated by statistical quantitative studies, this seeks to contribute to qualitative research by adopting a qualitative content analysis. Of concern for this study is the implication of vulnerabilities and capacities in National Action Plans that support the Women, Peace, and Security Agenda. Leaning on the CAV Analytical Framework by March et al. 1999, vulnerabilities and capacities have been identified along different categories that focus on different dimensions of power dynamics. The study finds that climate change has primarily been recognized as contributing to the intensification and exacerbation of conflicts over access to natural resources, which in turn has caused vulnerabilities to become greater within all categories of the analysis. Other findings point to a major focus on women's vulnerabilities above those of men, and lastly how implementing bodies have developed promising methods for successful implementation.
|
69 |
Is local climate change adaptation [CCA] inclusive for/adapted to everybody? : A qualitative study and intersectional analysis of local CCA within Stockholm County / Är klimatanpassning anpassad för alla? : En kvalitativ studie och intersektionell analys av klimatanpassning i Stockholms länMattsson, Sara January 2020 (has links)
Stockholm County is currently implementing climate change adaptation, making it essential to distinguish the priorities being made. Previous research has suggested that social dimensions of climate change adaptation in cities, especially in the Global North, are largely ignored. Therefore, this thesis aims to identify how social dimension issues of current local Climate Change Adaptation [CCA] in Stockholm County is perceived by CCA-practitioners and provide an overall understanding of how current local Climate Change Adaptation [CCA] materializes in Stockholm County. Five civil servants working as environmental planners/strategists were interviewed and part of a semi-structured interview study, which was analyzed through thematic analysis and an intersectional framework. The results suggest that current local CCA prioritizes specific climate hazards (Floods and different erosion- related hazards), certain buildings (new developments), and certain evaluations (technical). In addition, heatwaves, existing built environments, and social dimension assessments were shown to be of less focus in current local CCA. The results from the intersectional franmework showed that specific identity categories are considered in certain climate hazards, specifically in heatwaves that have clear health outcomes compared to the other hazards. It also shows that gender seems to be the least explored identity category of vulnerability in current local CCA-practice. / Stockholms län genomför för närvarande klimatanpassnings-åtgärder, vilket gör det viktigt att urskilja hur det tar sig i uttryck. Tidigare forskning har signalerat att sociala dimensioner klimatanpassning av städer, särskilt i det globala Nord, i stort sett har ignorerats. Därför syftar denna uppsats till att ge en övergripande förståelse för hur klimatanpassning inom Stockholms län tar sig i uttryck och vilka sociala perspektiv bedöms relevanta verksamma tjänstemän inom klimatanpassning. Uppsatsen hade två forskningsfrågor: 1) Enligt tjänstemän som arbetar med klimatanpassning inom Stockholms län, vad prioriteras och vad prioriteras inte inom nuvarande klimatanpassnings-praxis för en klimatrisk, och varför? 2)Enligt tjänstemän som arbetar med klimatanpassning inom Stockholms län, vem anses vara sårbar inom klimatanpassning, och var inom nuvarande klimatanpassnings-praxis tas det i åtanke? Uppsatsen har förlitats sig i stort på intersektionalitet som ett analytiskt verktyg och som vägledning i en litteraturstudie. Eftersom klimatanpassning utförs inom fysisk planering av kommunen, har fem tjänstemän som arbetar som miljöplanerare eller miljö-strateger intervjuats i en semistrukturerad intervjustudie. Materialet har analyserades genom tematisk analys. Den tematiska analysen gav tre typer av teman, där en viss prioritering kunde urskiljas. Resultaten tyder på att nuvarande klimatanpassning prioriterar specifika klimatrisker (översvämningar, ras och skred), vissa byggnader (ny bebyggelse) och vissa utvärderingar (tekniska). Dessutom visade resultatet på att värmeböljor, befintliga miljöer och bedömningar av sociala dimensioner är av mindre vikt och fokus inom klimatanpassning. Den tematiska analysen gav även ett fjärde tema kallat Sårbarheter. Under detta tema, presenterades hur sårbarheter inför klimatförändringar uppfattas av de intervjuade tjänstemännen och de angivna sårbarheterna analyserades med ett befintligt intersektionellt ramverk. Resultaten från den intersektionella analysen visar att specifika identitetskategorier beaktas mer i vissa klimatrisker, till exempel vid värmeböljor som har tydliga hälsokonsekvenser jämfört med andra extrema väderhändelser. Den visar också att kön är den minst utforskade i dagens klimatanpassnings- praxis i Stockholms Län.
|
70 |
Visualizing Memory Utilization for the Purpose of Vulnerability AnalysisMcConnell, William Charles 02 July 2008 (has links)
The expansion of the internet over recent years has resulted in an increase in digital attacks on computers. Most attacks, including the more dangerous ones, directly target program vulnerabilities. The increase in attacks has prompted a need to develop new ways to classify, detect, and avoid vulnerabilities. The effectiveness of these goals relies on the development of new methods and tools that facilitate the process of detecting vulnerabilities and exploits.
This thesis presents the development of a tool that provides a visual representation of main memory for the purpose of security analysis. The tool provides new insight into memory utilization by software; users are able to see memory utilization as execution time progression, visually distinguish between memory behaviors (allocations, writes, etc), and visually observe special relationships between memory locations. The insight enables users to search for visual evidence that software is vulnerable, violated, or utilizing memory incorrectly.
The development process for our visual tool has three stages: (1) identifying the memory utilization policies of the Windows 32-bit operating system; (2) identifying the data required for visual representations of memory and then implementing one possible method to capture the data; and (3) enumerating and implementing requirements for a memory tool that generates visual representations of memory for the purpose of vulnerability and exploit analysis. / Master of Science
|
Page generated in 0.0705 seconds