356 resultados para Vulnerabilities
Resumo:
Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.
Resumo:
Distributed Denial-of-Service (DDoS) attacks continue to be one of the most pernicious threats to the delivery of services over the Internet. Not only are DDoS attacks present in many guises, they are also continuously evolving as new vulnerabilities are exploited. Hence accurate detection of these attacks still remains a challenging problem and a necessity for ensuring high-end network security. An intrinsic challenge in addressing this problem is to effectively distinguish these Denial-of-Service attacks from similar looking Flash Events (FEs) created by legitimate clients. A considerable overlap between the general characteristics of FEs and DDoS attacks makes it difficult to precisely separate these two classes of Internet activity. In this paper we propose parameters which can be used to explicitly distinguish FEs from DDoS attacks and analyse two real-world publicly available datasets to validate our proposal. Our analysis shows that even though FEs appear very similar to DDoS attacks, there are several subtle dissimilarities which can be exploited to separate these two classes of events.
Resumo:
With the increase in international mobility, healthcare systems should no longer be ignoring language barriers. In addition to the benefit of reducing long‐term costs, immigrant‐friendly organizations should be concerned with mitigating the way language barriers increase individuals’ social vulnerabilities and inequities in health care and health status. This paper reports the findings of a qualitative, exploratory study of the health literacy of 28 Francophone families living in a linguistic‐minority situation in Canada. Analysis of interviews revealed that participants’ social vulnerability, mainly due to their limited social and informational networks, influenced the construction of family health literacy. Disparities in access to healthcare services could be decreased by having health professionals’ work in alliance with Francophone community groups and by hiring bilingual health professionals. Linguistic isolation and lack of knowledge about local cultural organizations among Francophone immigrants were two important findings of this study
Resumo:
Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.
Resumo:
Medical industries have brought Information Technology (IT) in their systems for both patients and medical staffs due to the numerous benefits of IT we experience at presently. Moreover, the Mobile healthcare (M-health) system has been developed as the first step of Ubiquitous Health Environment (UHE). With the mobility and multi-functions, M-health system will be able to provide more efficient and various services for both doctors and patients. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well implemented. In this paper, user authentication and authorization procedures will applied as a featured component at each level of M-health systems inthe hospital environment. Accordingly, M-health system in the hospital will meet the optimal requirements as a countermeasure to its vulnerabilities.
Resumo:
U-Healthcare means that it provides healthcare services "at anytime and anywhere" using wired, wireless and ubiquitous sensor network technologies. As a main field of U-healthcare, Telehealth has been developed as an enhancement of Telemedicine. This system includes two-way interactive web-video communications, sensor technology, and health informatics. With these components, it will assist patients to receive their first initial diagnosis. Futhermore, Telehealth will help doctors diagnose patient's diseases at early stages and recommend treatments to patients. However, this system has a few limitations such as privacy issues, interruption of real-time service and a wrong ordering from remote diagnosis. To deal with those flaws, security procedures such as authorised access should be applied to as an indispensible component in medical environment. As a consequence, Telehealth system with these protection procedures in clinical services will cope with anticipated vulnerabilities of U-Healthcare services and security issues involved.
Resumo:
Motorcycles are particularly vulnerable in right-angle crashes at signalized intersections. The objective of this study is to explore how variations in roadway characteristics, environmental factors, traffic factors, maneuver types, human factors as well as driver demographics influence the right-angle crash vulnerability of motorcycles at intersections. The problem is modeled using a mixed logit model with a binary choice category formulation to differentiate how an at-fault vehicle collides with a not-at-fault motorcycle in comparison to other collision types. The mixed logit formulation allows randomness in the parameters and hence takes into account the underlying heterogeneities potentially inherent in driver behavior, and other unobserved variables. A likelihood ratio test reveals that the mixed logit model is indeed better than the standard logit model. Night time riding shows a positive association with the vulnerability of motorcyclists. Moreover, motorcyclists are particularly vulnerable on single lane roads, on the curb and median lanes of multi-lane roads, and on one-way and two-way road type relative to divided-highway. Drivers who deliberately run red light as well as those who are careless towards motorcyclists especially when making turns at intersections increase the vulnerability of motorcyclists. Drivers appear more restrained when there is a passenger onboard and this has decreased the crash potential with motorcyclists. The presence of red light cameras also significantly decreases right-angle crash vulnerabilities of motorcyclists. The findings of this study would be helpful in developing more targeted countermeasures for traffic enforcement, driver/rider training and/or education, safety awareness programs to reduce the vulnerability of motorcyclists.
Resumo:
Background: Mass migration to Asian cities is a defining phenomenon of the present age, as hundreds of millions of people move from rural areas or between cities in search of economic prosperity. Although many do prosper, large numbers of people experience significant social disadvantage. This is especially the case among poorly educated, migrant unskilled unregistered male laborers who do much of the manual work throughout the cities. These men are at significant risk for many health problems, including HIV infection. However, to date there has been little research in developing countries to explain the determinants of this risk, and thereby to suggest feasible preventive strategies. Objectives and Methodology: Using combined qualitative and quantitative methods, the aim of this study was to explore the social contexts that affect health vulnerabilities and to develop conceptual models to predict risk behaviors for HIV [illicit drug use, unsafe sex, and non-testing for HIV] among male street laborers in Hanoi, Vietnam. Qualitative Research: Sixteen qualitative interviews revealed a complex variety of life experiences, beliefs and knowledge deficits that render these mostly poor and minimally educated men vulnerable to health problems including HIV infection. This study formed a conceptual model of numerous stressors related to migrants’ life experiences in urban space, including physical, financial and social factors. A wide range of coping strategies were adopted to deal with stressors – including problem-focused coping (PFC) and emotion-focused coping (EFC), pro-social and anti-social, active and passive. These men reported difficulty in coping with stressors because they had weak social networks and lacked support from formal systems. A second conceptual model emerged that highlighted equivalent influences of individual psychological factors, social integration, social barriers, and accessibility regarding drug use and sexual risk behavior. Psychological dimensions such as tedium, distress, fatalism and revenge, were important. There were strong effects of collective decision-making and fear of social isolation on shaping risk behaviors. These exploratory qualitative interviews helped to develop a culturally appropriate instrument for the quantitative survey and informed theoretical models of the factors that affect risk behaviors for HIV infection. Quantitative Research: The Information-Motivation-Behavioral Skills (IMB) model was adopted as the theoretical framework for a large-scale survey. It was modified to suit the contexts of these Vietnamese men. By doing a social mapping technique, 450 male street laborers were interviewed in Hanoi, Vietnam. The survey revealed that the risk of acquiring and transmitting HIV was high among these men. One in every 12 men reported homosexual or bisexual behavior. These men on average had 3 partners within the preceding year, and condom use was inconsistent. One third had had sex with commercial sex workers (CSW) and only 30% of them reported condom use; 17% used illicit drugs sometimes, with 66.7% of them frequently sharing injecting equipment with peers. Despite the risks, only 19.8% of men had been tested for HIV during the previous 12 months. These men have limited HIV knowledge and only moderate motivation and perceived behavioral skills for protective behavior. Although rural-to-urban migration was not associated with sexual risk behavior, three elements of the IMB model and depression associated with the process of mobility were significant determinants of sexual behavior. A modified model that incorporated IMB elements and psychosocial stress was found to be a better fit than the original IMB model alone in predicting protected sex behavior among the men. Men who were less psychologically and socially stressed, better informed and motivated for HIV prevention were more likely to demonstrate behavioral skills, and in turn were more likely to engage in safer sexual behavior. With regard to drug use, although the conventional model accounted for slightly less variance than the modified IMB model, data were of better fit for the conventional model. Multivariate analyses revealed that men who originated from urban areas, those who were homo- or bi-sexually identified and had better knowledge and skills for HIV prevention were more likely to access HIV testing, while men who had more sexual partners and those who did not use a condom for sex with CSW were least likely to take a test. The modified IMB model provided a better fit than the conventional model, as it explained a greater variance in HIV testing. Conclusions and Implications: This research helps to highlight a potential hidden HIV epidemic among street male, unskilled, unregistered laborers. This group has multiple vulnerabilities to HIV infection through both their partners and peers. However, most do not know their HIV status and have limited knowledge about preventing infection. This is the first application of a modified IMB model of risk behaviors for HIV such as drug use, condom use, and uptake of HIV testing to research with male street laborers in urban settings. The study demonstrated that while the extended IMB model had better fit than the conventional version in explaining the behaviors of safe sex and HIV testing, it was not so for drug use. The results provide interesting directions for future research and suggest ways to effectively design intervention strategies. The findings should shed light on culturally appropriate HIV preventive education and support programs for these men. As Vietnam has much in common with other developing countries in Southeast Asia, this research provides evidence for policy and practice that may be useful for public health systems in similar countries.
Resumo:
Due to increased complexity, scale, and functionality of information and telecommunication (IT) infrastructures, every day new exploits and vulnerabilities are discovered. These vulnerabilities are most of the time used by ma¬licious people to penetrate these IT infrastructures for mainly disrupting business or stealing intellectual pro¬perties. Current incidents prove that it is not sufficient anymore to perform manual security tests of the IT infra¬structure based on sporadic security audits. Instead net¬works should be continuously tested against possible attacks. In this paper we present current results and challenges towards realizing automated and scalable solutions to identify possible attack scenarios in an IT in¬frastructure. Namely, we define an extensible frame¬work which uses public vulnerability databases to identify pro¬bable multi-step attacks in an IT infrastructure, and pro¬vide recommendations in the form of patching strategies, topology changes, and configuration updates.
Resumo:
Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.
Resumo:
Many software applications extend their functionality by dynamically loading executable components into their allocated address space. Such components, exemplified by browser plugins and other software add-ons, not only enable reusability, but also promote programming simplicity, as they reside in the same address space as their host application, supporting easy sharing of complex data structures and pointers. However, such components are also often of unknown provenance and quality and may be riddled with accidental bugs or, in some cases, deliberately malicious code. Statistics show that such component failures account for a high percentage of software crashes and vulnerabilities. Enabling isolation of such fine-grained components is therefore necessary to increase the stability, security and resilience of computer programs. This thesis addresses this issue by showing how host applications can create isolation domains for individual components, while preserving the benefits of a single address space, via a new architecture for software isolation called LibVM. Towards this end, we define a specification which outlines the functional requirements for LibVM, identify the conditions under which these functional requirements can be met, define an abstract Application Programming Interface (API) that encompasses the general problem of isolating shared libraries, thus separating policy from mechanism, and prove its practicality with two concrete implementations based on hardware virtualization and system call interpositioning, respectively. The results demonstrate that hardware isolation minimises the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution’s correctness. This thesis concludes that, not only is it feasible to create such isolation domains for individual components, but that it should also be a fundamental operating system supported abstraction, which would lead to more stable and secure applications.
Resumo:
The Oceania region is an area particularly prone to natural disasters such as cyclones, tsunamis, floods, droughts, earthquakes and volcanic eruptions. Many of the nations in the region are Small Island Developing States (SIDS), yet even within wealthy states such as Australia and New Zealand there are groups which are vulnerable to disaster. Vulnerability to natural disaster can be understood in human rights terms, as natural disasters threaten the enjoyment of a number of rights which are guaranteed under international law, including rights to health, housing, food, water and even the right to life itself. The impacts of climate change threaten to exacerbate these vulnerabilities, yet, despite the foreseeability of further natural disasters as a result of climate change, there currently exists no comprehensive international framework for disaster response offering practical and/or legally reliable mechanisms to assist at‐risk states and communities. This paper sets out to explore the human rights issues presented by natural disasters and examine the extent to which these issues can be addressed by disaster response frameworks at the international, regional and national levels.
Resumo:
Climate change is predicted to increase the frequency and severity of extreme weather events which pose significant challenges to the ability of government and other relief agencies to plan for, cope with and respond to disasters. Consequently, it is important that communities in climate sensitive and potential disaster prone areas strengthen their resilience to natural disasters in order to expeditiously recover from potential disruptions and damage caused by disasters. Building self reliance and, particularly in the immediate aftermath of a disaster, can facilitate short-term and long-term community recovery. To build stronger and more resilient communities, it is essential to have a better understanding of their current resilience capabilities by assessing areas of strength, risks and vulnerabilities so that their strengths can be enhanced and the risks and vulnerability can be appropriately addressed and mitigated through capacity building programs. While a number of conceptual frameworks currently exist to assess the resilience level of communities to disasters, they have tended to differ on their emphasis, scope and definition of what constitutes community resilience and how community resilience can be most effectively and accurately assessed. These limitations are attributed to the common approach of viewing community resilience through a mono-disciplinary lens. To overcome this, this paper proposes an integrated conceptual framework that takes into account the complex interplay of environmental, social, governance, infrastructure and economic attributes associated with community resilience. The framework can be operationalised using a range of resilience indicators to suit the nature of a disaster and the specific characteristics of a study region.
Resumo:
In this paper, we present three counterfeiting attacks on the block-wise dependent fragile watermarking schemes. We consider vulnerabilities such as the exploitation of a weak correlation among block-wise dependent watermarks to modify valid watermarked %(medical or other digital) images, where they could still be verified as authentic, though they are actually not. Experimental results successfully demonstrate the practicability and consequences of the proposed attacks for some relevant schemes. The development of the proposed attack models can be used as a means to systematically examine the security levels of similar watermarking schemes.
Resumo:
Suicide is a serious public health issue that results from an interaction between multiple risk factors including individual vulnerabilities to complex feelings of hopelessness, fear, and stress. Although kinase genes have been implicated in fear and stress, including the consolidation and extinction of fearful memories, expression profiles of those genes in the brain of suicide victims are less clear. Using gene expression microarray data from the Online Stanley Genomics Database 1 and a quantitative PCR, we investigated the expression profiles of multiple kinase genes including the calcium calmodulin-dependent kinase (CAMK), the cyclin-dependent kinase, the mitogen-activated protein kinase (MAPK), and the protein kinase C (PKC) in the prefrontal cortex (PFC) of mood disorder patients died with suicide (N = 45) and without suicide (N = 38). We also investigated the expression pattern of the same genes in the PFC of developing humans ranging in age from birth to 49 year (N = 46). The expression levels of CAMK2B, CDK5, MAPK9, and PRKCI were increased in the PFC of suicide victims as compared to non-suicide controls (false discovery rate, FDR-adjusted p < 0.05, fold change >1.1). Those genes also showed changes in expression pattern during the postnatal development (FDR-adjusted p < 0.05). These results suggest that multiple kinase genes undergo age-dependent changes in normal brains as well as pathological changes in suicide brains. These findings may provide an important link to protein kinases known to be important for the development of fear memory, stress associated neural plasticity, and up-regulation in the PFC of suicide victims. More research is needed to better understand the functional role of these kinase genes that may be associated with the pathophysiology of suicide
