51 |
Assessment Of Social Vulnerability Using Geographic Information Systems: Pendik, Istanbul Case StudyGungor Haki, Zeynep 01 December 2003 (has links) (PDF)
Natural hazards are the reality of today& / #8217 / s world, which considerably affect
people& / #8217 / s living conditions. As they cannot be prevented, the basic
precautions should be taken before the occurrence to protect people. At
this point, the preparedness for any threat is really important, which does
decrease destructive effects of the hazard for communities and shorten
recovery interventions. In terms of preparedness, identification of
vulnerable people in the community gives an important contribution for
better planning in disaster management.
In this respect, this thesis aims to develop a methodology in order to
define vulnerable groups in terms of their social conditions for any possible
hazard, with Geographic Information Systems (GIS) technology. Moreover,
the thesis aims to find out an interrelation between hazards and
vulnerability, to build awareness about identification of socially
vulnerable groups in the pre- and post-disaster planning.
A case study area is selected in earthquake-prone Pendik, Istanbul, in
order to find the contribution of the assessment. A study is carried out to
describe social vulnerability levels in the study area using GIS. Criterion
standardization, weighting and combining are accomplished by multi
criteria evaluation methods. These calculations are supported with five
explorative spatial data analyses to understand global trends and spatial
interactions of the study data. The objectivity of the assessment and the
complicated structure of the study data are also discussed. The main
outcomes of the methodology and its applications in the case study area
show that, the southeast part of Pendik is socially vulnerable to any
possible hazard.
|
52 |
Vulnerabilities of municipal drinking water systems in tourist regions under a changing climate : A case study of Åre ski resort, northern SwedenLeidermark, Ida January 2018 (has links)
Drinking water is a crucial provision for our survival and well-being. However, it is often taken for granted. The environmental objectives in Sweden appear insufficient to ensure drinking water with good quality, because the objectives lack clear protective descriptions, which allow municipalities to determine how to interpret and ensure drinking water. The purpose of this study is to investigate barriers and opportunities for sustainable management of drinking water sources in a tourist region. In order to fulfil the purpose, the study identifies vulnerabilities in the municipal drinking water system with the help from scenario analysis of climate change and tourism development. The study also presents relevant adaptation solutions. The DPSIR framework was used as a tool to categorize and describe the studied problem and was based on a literature study and a mapping of the study area. Åre ski resort was used as a case, and it is supplied with drinking water from two groundwater beds infiltrated by Åresjön (a lake, part of a river). Åresjön is included in an objective to keep drinking water quality standards. The results show that climate change and tourism development reduces surface and groundwater quality, primarily by increasing microbiological particles. Increases in the number of tourists combined with insufficient monitoring of groundwater levels and infiltration capacity knowledge are unsustainable and are expected to reduce the amount of water in the large groundwater beds. The identified most vulnerable parts of the drinking water system are within the municipal planning process, water production and wastewater treatment. Therefore, the various adaptation solutions address these issues. Direct and indirect adaptations are necessary to ensure sufficient drinking water of good quality until 2100. Tourism development is the main driver for affecting drinking water (if no adaptation measures are implemented). / <p>20180623</p>
|
53 |
Automated Event-driven Security AssessmentJanuary 2014 (has links)
abstract: With the growth of IT products and sophisticated software in various operating systems, I observe that security risks in systems are skyrocketing constantly. Consequently, Security Assessment is now considered as one of primary security mechanisms to measure assurance of systems since systems that are not compliant with security requirements may lead adversaries to access critical information by circumventing security practices. In order to ensure security, considerable efforts have been spent to develop security regulations by facilitating security best-practices. Applying shared security standards to the system is critical to understand vulnerabilities and prevent well-known threats from exploiting vulnerabilities. However, many end users tend to change configurations of their systems without paying attention to the security. Hence, it is not straightforward to protect systems from being changed by unconscious users in a timely manner. Detecting the installation of harmful applications is not sufficient since attackers may exploit risky software as well as commonly used software. In addition, checking the assurance of security configurations periodically is disadvantageous in terms of time and cost due to zero-day attacks and the timing attacks that can leverage the window between each security checks. Therefore, event-driven monitoring approach is critical to continuously assess security of a target system without ignoring a particular window between security checks and lessen the burden of exhausted task to inspect the entire configurations in the system. Furthermore, the system should be able to generate a vulnerability report for any change initiated by a user if such changes refer to the requirements in the standards and turn out to be vulnerable. Assessing various systems in distributed environments also requires to consistently applying standards to each environment. Such a uniformed consistent assessment is important because the way of assessment approach for detecting security vulnerabilities may vary across applications and operating systems. In this thesis, I introduce an automated event-driven security assessment framework to overcome and accommodate the aforementioned issues. I also discuss the implementation details that are based on the commercial-off-the-self technologies and testbed being established to evaluate approach. Besides, I describe evaluation results that demonstrate the effectiveness and practicality of the approaches. / Dissertation/Thesis / M.S. Computer Science 2014
|
54 |
Penetration Testing in a Web Application EnvironmentVernersson, Susanne January 2010 (has links)
As the use of web applications is increasing among a number of different industries, many companies turn to online applications to promote their services. Companies see the great advantages with web applications such as convenience, low costs and little need of additional hardware or software configuration. Meanwhile, the threats against web applications are scaling up where the attacker is not in need of much experience or knowledge to hack a poorly secured web application as the service easily can be accessed over the Internet. While common attacks such as cross-site scripting and SQL injection are still around and very much in use since a number of years, the hacker community constantly discovers new exploits making businesses in need of higher security. Penetration testing is a method used to estimate the security of a computer system, network or web application. The aim is to reveal possible vulnerabilities that could be exploited by a malicious attacker and suggest solutions to the given problem at hand. With the right security fixes, a business system can go from being a threat to its users’ sensitive data to a secure and functional platform with just a few adjustments. This thesis aims to help the IT security consultants at Combitech AB with detecting and securing the most common web application exploits that companies suffer from today. By providing Combitech with safe and easy methods to discover and fix the top security deficiencies, the restricted time spent at a client due to budget concerns can be made more efficient thanks to improvements in the internal testing methodology. The project can additionally be of interest to teachers, students and developers who want to know more about web application testing and security as well as common exploit scenarios.
|
55 |
EzMole: A new prototype for securing public Wi-Fi connectionsKarlsson, Rickard January 2017 (has links)
When public Wi-Fi networks are being used, it can be hard to know who else that is using the same network or is monitoring the traffic that is traveling across the network. If the network is public and unencrypted anyone can monitor the traffic and to use these networks for work can be very risky. This is a big problem that needs a solution because the information that travels across the public network might have organizational secrets or sensitive personal information that shouldn’t be read by outsiders. One way to significantly increase the security while using these public networks is by configuring and setting up a VPN-tunnel, all traffic will then be sent encrypted. But nowadays many computers and mobile phones runs applications in the background that are actively asking for updates. It can for example be news apps, mail clients or instant messaging services like WhatsApp or Telegram. Since the apps is pushing for updates in the background there is a big risk that these programs are asking for updates and therefore transmit and receives information unencrypted over the public network before they have been able to set up their VPN-tunnel. People might be unaware about this problem and this research can be used to explain the problem and offer a solution to it and that is the reason why this research is important. This research tries to solve the problem and find answers to the research questions, “How to design and implement an affordable intermediate device that offers the user secure access to Internet on public Wi-Fi networks?" and “What are the design principles of that method?”. The proposed solution to solve this problem was to design and implement a new intermediate device, which was called EzMole, in between the public Wi-Fi and the users’ personal devices. The new device will operate and secure the users’ devices from potential malicious users on the public Wi-Fi while the VPN-tunnel is being established. It will also create a new encrypted wireless network that will be used to connect the personal devices to EzMole, for example mobile phone or laptop. The methodology that was used to design and develop the new EzMole-device was the Design Science Research Methodology. It includes six steps that was used during three phases of the project that worked in an iterative process with development, testing and evaluation until the device met the initial requirements of a successful device. There were tests for both functionality and security to make sure that it worked in the right way and that it didn’t have any known security weaknesses or flaws. This was very important since EzMole will be and represent an Internet-of-Things(IoT)-device and therefore the security had a big focus. After the tests, it was time to evaluate it against the initial requirements and the new device lived up to 9/12 requirements and was therefore classified as successful. The research contributes with a universal solution for the research problem and it gives answers to the research questions and in the meantime, reduces the gap in the literature. It also contributes with providing a new piece of hardware that will can help people to connect to the Internet in a more secure way when they are using public Wi-Fi networks.
|
56 |
The Vulnerability of the Great Lakes Region to Waterborne Diseases in the Wake of Climate Change : A Literature ReviewTällö, Emma January 2017 (has links)
Clean drinking and recreational water is essential for human survival and contaminated water cause 1.4 million deaths worldwide every year. Both developing and developed countries suffer as a consequence of unsafe water that cause waterborne diseases. The Great Lakes region, located in the United States is no exception. Climate change is predicted to cause an increase in waterborne disease outbreaks, worldwide, in the future. To adapt to this public health threat, vulnerability assessments are necessary. This literature study includes a vulnerability assessment that describes the main factors that affect the spreading of waterborne diseases in the Great Lakes region. Future climate scenarios in the region, and previous outbreaks are also described. The study also includes a statistical analysis where mean temperature and precipitation is plotted against waterborne disease cases. The main conclusion drawn is that the Great Lakes region is at risk of becoming more vulnerable to waterborne diseases in the future, if it does not adapt to climate change.
|
57 |
Robust Seismic Vulnerability Assessment Procedure for Improvement of Bridge Network PerformanceCorey M Beck (9178259) 28 July 2020 (has links)
<div>Ensuring the resilience of a state’s transportation network is necessary to guarantee an acceptable quality of life for the people the network serves. A lack of resilience in the wake of a seismic event directly impacts the states’ overall safety and economic vitality. With the recent identification of the Wabash Valley Seismic Zone (WBSV), Department of Transportations (DOTs) like Indiana’s have increased awareness for the vulnerability of their bridge network. The Indiana Department of Transportation (INDOT) has been steadily working to reduce the seismic vulnerability of bridges in the state in particular in the southwest Vincennes District. In the corridor formed by I-69 built in the early 2000s the bridge design is required to consider seismic actions. However, with less recent bridges and those outside the Vincennes District being built without consideration for seismic effects, the potential for vulnerability exists. As such, the objective of this thesis is to develop a robust seismic vulnerability assessment methodology which can assess the overall vulnerability of Indiana’s critical bridge network. </div><div><br></div><div>A representative sample of structures in Indiana’s bridge inventory, which prioritized the higher seismic risk areas, covered the entire state geographically, and ensured robust superstructure details, was chosen. The sample was used to carry a deterministic seismic vulnerability assessment, applicable to all superstructure-substructure combinations. Analysis considerations, such as the calculation of critical capacity measures like moment-curvature and a pushover analysis, are leveraged to accurately account for non-linear effects like force redistribution. This effect is a result of non-simultaneous structural softening in multi-span bridges that maintain piers of varying heights and stiffnesses. These analysis components are incorporated into a dynamic analysis to allow for the more precise identification of vulnerable details in Indiana’s bridge inventory.</div><div><br></div><div>The results of this deterministic seismic assessment procedure are also leveraged to identify trends in the structural response of the sample set. These trends are used to identify limit state thresholds for the development of fragility functions. This conditional probabilistic representation of bridge damage is coupled with the probability of earthquake occurrence to predict the performance of the structure for a given return period. This probabilistic approach alongside a Monte Carlo simulation is applied to assess the vulnerability of linked bridges along key-access corridors throughout the state. With this robust seismic vulnerability methodology, DOTs will have the capability of identifying vulnerable corridors throughout the state allowing for the proactive prioritization of retrofits resulting in the improved seismic performance and resiliency of their transportation network.</div>
|
58 |
Analyse de vulnérabilités de systèmes avioniques embarqués : classification et expérimentation / Vulnerabilities analysis of embedded avionic systems : classification and experimentDessiatnikoff, Anthony 17 July 2014 (has links)
L’évolution actuelle des systèmes embarqués à bord des systèmes complexes (avions,satellites, navires, automobiles, etc.) les rend de plus en plus vulnérables à des attaques,en raison de : (1) la complexité croissante des applications ; (2) l’ouverture des systèmes vers des réseaux et systèmes qui ne sont pas totalement contrôlés ; (3) l’utilisation de composants sur étagère qui ne sont pas développés selon les méthodes exigées pour les systèmes embarqués critiques ; (4) le partage de ressources informatiques entre applications, qui va de pair avec l’accroissement de puissance des processeurs. Pour faire face aux risques de malveillances ciblant les systèmes embarqués, il est nécessaire d’appliquer ou d’adapter les méthodes et techniques de sécurité qui ont fait leurs preuves dans d’autres contextes : Méthodes formelles de spécification, développement et vérification ;Mécanismes et outils de sécurité (pare-feux, VPNs, etc.) ; Analyse de vulnérabilités et contre-mesures. C’est sur ce dernier point que portent nos travaux de thèse.En effet, cet aspect de la sécurité a peu fait l’objet de recherche, contrairement aux méthodes formelles. Cependant, il n’existe pas actuellement de modèle formel capable de couvrir à la fois des niveaux d’abstraction suffisamment élevés pour permettre d’exprimer les propriétés de sécurité désirées, et les détails d’implémentation où se situent la plupart des vulnérabilités susceptibles d’être exploitées par des attaquants : fonctions des noyaux d’OS dédiées à la protection des espaces d’adressage, à la gestion des interruptions et au changement de contextes, etc. ; implémentation matérielle des mécanismes de protection et d’autres fonctions ancillaires. C’est sur ces vulnérabilités de bas niveau que se focalise notre étude.Nos contributions sont résumées par la suite. Nous avons proposé une classification des attaques possibles sur un système temps-réel. En nous basant sur cette classification,nous avons effectué une analyse de vulnérabilité sur un système réaliste : une plateforme avionique expérimentale fournie par Airbus. Il s’agit d’un noyau temps-réel critique ordonnancé avec plusieurs autres applications, le tout exécuté sur une plateforme Freescale QorIQ P4080. C’est à travers une application dite « malveillante », présente parmi l’en-semble des applications, que nous essayons de modifier le comportement des autres applications ou du système global pour détecter des vulnérabilités. Cette méthode d’analyse de vulnérabilités a permis de détecter plusieurs problèmes concernant les accès mémoire,la communication entre applications, la gestion du temps et la gestion des erreurs qui pouvaient conduire à la défaillance du système global. Enfin, nous avons proposé des contre-mesures spécifiques à certaines attaques et des contre-mesures génériques pour le noyau temps-réel qui permet d’empêcher une application d’obtenir des accès privilégiés ou encore de perturber le comportement du système. / Security is becoming a major concern for embedded computing systems in variouscritical industrial sectors (aerospace, satellites, automotive, etc.). Indeed, recent trendsin the development and operation of such systems, have made them more and morevulnerable to potential attacks, for the following reasons : 1) increasing complexity of theapplications ; 2) openness to applications and networks that are note completely undercontrol ; 3) Use Commercial-Off-The-Shelf (COTS) hardware and software components ;4) Resource sharing among different applications, driven by the increase of processorscapabilities.To improve the security of such systems, it is necessary to apply or adapt methodsand techniques that have proven their efficiency in other contexts : Formal methods forspecification, development and verification ; Security mechanisms and tools (firewalls,VPNs, etc.) ; Vulnerability assessment and countermeasure provision.The research carried out in this thesis adresses the latter technique. This aspect ofsecurity analysis cannot be easily covered by current formal methods, since no exist-ing model is able to cover both high-level abstractions, where security properties canbe defined, and low-level implementation details, where most vulnerabilities that couldbe exploited by attackers lie : OS kernel implementation of address space protection,interrupt management, context switching, etc. ; hardware implementation of protectionmechanisms and other ancillary functions. Very few research projects are addressing thisaspect of security, which is the main objective of this thesis. In particular, our researchfocuses on low-level vulnerabilities, but contrarily with common practice, we aim todiscover and analyze them during the development process.Our contributions are summarized as follows. We elaborated a classification of low-level vulnerabilities for different implementations of real-time embedded systems. Basedon this classification, we carried out a vulnerability analysis study on a realistic system :An experimental avionic platform provided by Airbus. It consists of a critical real-timekernel scheduling the execution of different applications on a freescale QorIQ P4080platform. The identification and analysis of vulnerabilities is carried out based on a“malicious” application hosted on the platform that attempts to corrupt the behavior ofthe other applications or the global system considering different types of low level attacks.Such experiments allowed us to identify some problems related to the management ofmemory accesses, the communication between applications, time management and errorhandling that could lead to the global system failure.We have also proposed genericcounter measures to protect the real-time kernel against specific attacks, and to preventa given application from escalating its privileges or trying to compromise the systembehavior
|
59 |
Mission-aware Vulnerability Assessment for Cyber-Physical SystemWang, Xiaotian 31 August 2015 (has links)
No description available.
|
60 |
Penetration Testing and PrivacyAssessment of Top-RankedHealth and Fitness Apps : An Empirical Study / Penetrationstestning och Integritetsbedömning av Toppklassade Hälso-och Fitnessappar : En Empirisk StudieForsberg, Albin January 2024 (has links)
Mobile health applications (mHealth apps), particularly in the health and fitness category, have experienced an increase in popularity due to their convenience and availability. However, this widespread adoption has raised concerns regarding the security and privacy of user data within these apps. This study investigates the security and privacy risks associated with ten top-ranked Android health and fitness apps, a set which accounts for 237 million downloads. By utilizing tools such as MobSF, Qualys SSL, and CLAUDETTE, we performed a static, dynamic, server-side, and privacy policy analysis in order to gain comprehensive insights into the security and privacy posture of the investigated mobile health and fitness apps. The results from the analysis revealed vulnerabilities in coding practices, hardcoded sensitive information, insecure encryption configurations, misconfiguration, and extensive domain communication. For instance, our analysis revealed that all apps stored their database API key directly in the code, with eight apps additionally exposing the database URL. Furthermore, six apps employed insecure encryption methods, such as CBC mode with PKCS5/PKCS7 padding (five apps) and ECB mode (two apps).In total, the apps interacted with 404 distinct domains. Notably, two apps communicated with more than 230 domains each, while a third app connected with over 100 domains. Despite these findings, developers demonstrated improved awareness and proficiency in addressing privacy and security risks compared to previous studies in the field. The study underscores the importance of continuous research to comprehensively understand the security and privacy landscape of health and fitness apps.
|
Page generated in 0.1263 seconds