• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 21
  • 4
  • 3
  • 3
  • 2
  • Tagged with
  • 44
  • 44
  • 11
  • 10
  • 9
  • 8
  • 7
  • 6
  • 6
  • 6
  • 5
  • 5
  • 5
  • 5
  • 5
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Vulnerability Assessment and Risk Mitigation: The Case of Vulcano Island, Italy

Galderisi, Adriana, Bonadonna, Costanza, Delmonaco, Giuseppe, Ferrara, Floriana Federica, Menoni, Scira, Ceudech, Andrea, Biass, Sebastien, Frischknecht, Corine, Manzella, Irene, Minucci, Guido, Gregg, Chris 01 January 2013 (has links)
This paper reports on a comprehensive vulnerability analysis based on a research work developed within the EC ENSURE Project (7FP) dealing with the assessment of different volcanic phenomena and induced mass-movements on Vulcano Island (S Italy) as a key tool for proactive efforts for multi-risk mitigation. The work is mainly focused on tephra sedimentation and lahar hazards and related physical, systemic and mitigation capacities.
2

Vulnerability Assessment and Risk Mitigation: The Case of Vulcano Island, Italy

Galderisi, Adriana, Bonadonna, Costanza, Delmonaco, Giuseppe, Ferrara, Floriana Federica, Menoni, Scira, Ceudech, Andrea, Biass, Sebastien, Frischknecht, Corine, Manzella, Irene, Minucci, Guido, Gregg, Chris 01 January 2013 (has links)
This paper reports on a comprehensive vulnerability analysis based on a research work developed within the EC ENSURE Project (7FP) dealing with the assessment of different volcanic phenomena and induced mass-movements on Vulcano Island (S Italy) as a key tool for proactive efforts for multi-risk mitigation. The work is mainly focused on tephra sedimentation and lahar hazards and related physical, systemic and mitigation capacities.
3

A host-based security assessment architecture for effective leveraging of shared knowledge

Rakshit, Abhishek January 1900 (has links)
Master of Science / Department of Computing and Information Sciences / Xinming (Simon) Ou / Security scanning performed on computer systems is an important step to identify and assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present on a host. Legitimate concerns arise since host-based security scanners typically need to run at administrative privileges, and takes input from external knowledge sources for the analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the whole system if the scanner is susceptible to, or carries one or more vulnerability itself. It is not easy to incorporate new security analysis tools and/or various security knowlege- bases in the conventional approach, since this would entail installing new agents on every host in the enterprise network. This report presents an architecture where a host-based security scanner's code base can be minimized to an extent where its correctness can be verified by adequate vetting. At the same time, the architecture also allows for leveraging third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent in its ability to comprehensively leverage third-party security knowledge, and is flexible to support various higher-level security analysis.
4

A Framework for Software Security Testing and Evaluation

Dutta, Rahul Kumar January 2015 (has links)
Security in automotive industry is a thought of concern these days. As more smart electronic devices are getting connected to each other, the dependency on these devices are urging us to connect them with moving objects such as cars, buses, trucks etc. As such, safety and security issues related to automotive objects are becoming more relevant in the realm of internet connected devices and objects. In this thesis, we emphasize on certain factors that introduces security vulnerabilities in the implementation phase of Software Development Life Cycle (SDLC). Input invalidation is one of them that we address in our work. We implement a security evaluation framework that allows us to improve security in automotive software by identifying and removing software security vulnerabilities that arise due to input invalidation reasons during SDLC. We propose to use this framework in the implementation and testing phase so that the critical deficiencies of software in security by design issues could be easily addressed and mitigated.
5

Consequences of False Data Injection on Power System State Estimation

January 2015 (has links)
abstract: The electric power system is one of the largest, most complicated, and most important cyber-physical systems in the world. The link between the cyber and physical level is the Supervisory Control and Data Acquisition (SCADA) systems and Energy Management Systems (EMS). Their functions include monitoring the real-time system operation through state estimation (SE), controlling the system to operate reliably, and optimizing the system operation efficiency. The SCADA acquires the noisy measurements, such as voltage angle and magnitude, line power flows, and line current magnitude, from the remote terminal units (RTUs). These raw data are firstly sent to the SE, which filters all the noisy data and derives the best estimate of the system state. Then the estimated states are used for other EMS functions, such as contingency analysis, optimal power flow, etc. In the existing state estimation process, there is no defense mechanism for any malicious attacks. Once the communication channel between the SCADA and RTUs is hijacked by the attacker, the attacker can perform a man-in-middle attack and send data of its choice. The only step that can possibly detect the attack during the state estimation process is the bad data detector. Unfortunately, even the bad data detector is unable to detect a certain type of attack, known as the false data injection (FDI) attacks. Diagnosing the physical consequences of such attacks, therefore, is very important to understand system stability. In this thesis, theoretical general attack models for AC and DC attacks are given and an optimization problem for the worst-case overload attack is formulated. Furthermore, physical consequences of FDI attacks, based on both DC and AC model, are addressed. Various scenarios with different attack targets and system configurations are simulated. The details of the research, results obtained and conclusions drawn are presented in this document. / Dissertation/Thesis / Masters Thesis Electrical Engineering 2015
6

Static Vulnerability Analysis of Docker Images

Henriksson, Oscar, Falk, Michael January 2017 (has links)
Docker is a popular tool for virtualization that allows for fast and easy deployment of applications and has been growing increasingly popular among companies. Docker also include a large library of images from the repository Docker Hub which mainly is user created and uncontrolled. This leads to low frequency of updates which results in vulnerabilities in the images. In this thesis we are developing a tool for determining what vulnerabilities that exists inside Docker images with a Linux distribution. This is done by using our own tool for downloading and retrieving the necessary data from the images and then utilizing Outpost24's scanner for finding vulnerabilities in Linux packages. With the help of this tool we also publish statistics of vulnerabilities from the top downloaded images of Docker Hub. The result is a tool that can successfully scan a Docker image for vulnerabilities in certain Linux distributions. From a survey over the top 1000 Docker images it has also been shown that the amount of vulnerabilities have increased in comparison to earlier surveys of Docker images.
7

A quantitative measure of the security risk level of enterprise networks

Munir, Rashid, Pagna Disso, Jules F., Awan, Irfan U., Mufti, Muhammad R. January 2013 (has links)
No / Along with the tremendous expansion of information technology and networking, the number of malicious attacks which cause disruption to business processes has concurrently increased. Despite such attacks, the aim for network administrators is to enable these systems to continue delivering the services they are intended for. Currently, many research efforts are directed towards securing network further whereas, little attention has been given to the quantification of network security which involves assessing the vulnerability of these systems to attacks. In this paper, a method is devised to quantify the security level of IT networks. This is achieved by electronically scanning the network using the vulnerability scanning tool (Nexpose) to identify the vulnerability level at each node classified according to the common vulnerability scoring system standards (critical, severe and moderate). Probabilistic approach is then applied to calculate an overall security risk level of sub networks and entire network. It is hoped that these metrics will be valuable for any network administrator to acquire an absolute risk assessment value of the network. The suggested methodology has been applied to a computer network of an existing UK organization with 16 nodes and a switch.
8

Community vulnerability and capacity in post-disaster recovery: the cases of Mano and Mikura neighbourhoods in the wake of the 1995 Kobe earthquake

Yasui, Etsuko 05 1900 (has links)
This is a study of how two small neighbourhoods, Mano and Mikura, recovered from the 1995 Kobe (Japan) earthquake, with a particular focus on the relationship between community vulnerability and capacity. Few studies have examined these interactions, even though vulnerability reduction is recognized to be a vital component of community recovery. Drawing from literature on disaster recovery, community development, vulnerability analysis, community capacity building and the Kobe earthquake, a community vulnerability and capacity model is elaborated from Blaikie et al.’s Pressure and Release Model (1994) to analyze the interactions. The Mano and Mikura cases are analyzed by applying this model and relating outcomes to the community’s improved safety and quality of community lives. Based on the experience of Mano, appropriate long-term community development practices as well as community capacity building efforts in the past can contribute to the reduction of overall community vulnerability in the post-disaster period, while it is recovering. On the other hand, the Mikura case suggests that even though the community experiences high physical and social vulnerability in the pre-disaster period, if the community is able to foster certain conditions, including active CBOs, adequate availability and accessibility to resources, and a collaborative working relationship with governments, the community can make progress on recovery. Although both Mano and Mikura communities achieved vulnerability reduction as well as capacity building, the long-term sustainability of the two communities remains uncertain, as issues and challenges, such as residual and newly emerging physical vulnerability, negative or slow population growth and aging, remained to create vulnerability to future disasters. The case studies reveal the interactions of community vulnerability and capacity to be highly complex and contingent on many contextual considerations.
9

Community vulnerability and capacity in post-disaster recovery: the cases of Mano and Mikura neighbourhoods in the wake of the 1995 Kobe earthquake

Yasui, Etsuko 05 1900 (has links)
This is a study of how two small neighbourhoods, Mano and Mikura, recovered from the 1995 Kobe (Japan) earthquake, with a particular focus on the relationship between community vulnerability and capacity. Few studies have examined these interactions, even though vulnerability reduction is recognized to be a vital component of community recovery. Drawing from literature on disaster recovery, community development, vulnerability analysis, community capacity building and the Kobe earthquake, a community vulnerability and capacity model is elaborated from Blaikie et al.’s Pressure and Release Model (1994) to analyze the interactions. The Mano and Mikura cases are analyzed by applying this model and relating outcomes to the community’s improved safety and quality of community lives. Based on the experience of Mano, appropriate long-term community development practices as well as community capacity building efforts in the past can contribute to the reduction of overall community vulnerability in the post-disaster period, while it is recovering. On the other hand, the Mikura case suggests that even though the community experiences high physical and social vulnerability in the pre-disaster period, if the community is able to foster certain conditions, including active CBOs, adequate availability and accessibility to resources, and a collaborative working relationship with governments, the community can make progress on recovery. Although both Mano and Mikura communities achieved vulnerability reduction as well as capacity building, the long-term sustainability of the two communities remains uncertain, as issues and challenges, such as residual and newly emerging physical vulnerability, negative or slow population growth and aging, remained to create vulnerability to future disasters. The case studies reveal the interactions of community vulnerability and capacity to be highly complex and contingent on many contextual considerations.
10

Probabilistic basis and assessment methodology for effectiveness of protecting nuclear materials

Durán, Felicia Angélica 09 February 2011 (has links)
Safeguards and security (S&S) systems for nuclear facilities include material control and accounting (MC&A) and a physical protection system (PPS) to protect nuclear materials from theft, sabotage and other malevolent human acts. The PPS for a facility is evaluated using probabilistic analysis of adversary paths on the basis of detection, delay, and response timelines to determine timely detection. The path analysis methodology focuses on systematic, quantitative evaluation of the physical protection component for potential external threats, and often calculates the probability that the PPS is effective (PE) in defeating an adversary who uses that attack path. By monitoring and tracking critical materials, MC&A activities provide additional protection against inside adversaries, but have been difficult to characterize in ways that are compatible with the existing path analysis methods that are used to systematically evaluate the effectiveness of a site’s protection system. This research describes and demonstrates a new method to incorporate MC&A protection elements explicitly within the existing probabilistic path analysis methodology. MC&A activities, from monitoring to inventory measurements, provide many, often recurring opportunities to determine the status of critical items, including detection of missing materials. Human reliability analysis methods are applied to determine human error probabilities to characterize the detection capabilities of MC&A activities. An object-based state machine paradigm was developed to characterize the path elements and timing of an insider theft scenario as a race against MC&A activities that can move a facility from a normal state to a heightened alert state having additional detection opportunities. This paradigm is coupled with nuclear power plant probabilistic risk assessment techniques to incorporate the evaluation of MC&A activities in the existing path analysis methodology. Event sequence diagrams describe insider paths through the PPS and also incorporate MC&A activities as path elements. This work establishes a probabilistic basis for incorporating MC&A activities explicitly within the existing path analysis methodology to extend it to address insider threats. The analysis results for this new method provide an integrated effectiveness measure for a safeguards and security system that addresses threats from both outside and inside adversaries. / text

Page generated in 0.1155 seconds