898 resultados para Security Analysis
Resumo:
A qualitative social and gender analysis was carried out in June 2015 in Luwingu and Mbala Districts in Northern Province, Zambia. The research explored the norms and power relations at various institutional levels that constrain certain social groups from benefiting from programmatic investments aimed at improving livelihoods, health status, and food and nutrition security within the Irish Aid Local Development Programme (IALDP). This technical paper provides a summary of the research findings, lessons learned and suggests options for action the IALDP could consider to help bring about gender transformative change in the lives and livelihoods of poor and vulnerable people.
Resumo:
SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent to compromise the security of an organisation’s confidential data stored at the back-end database. The database is the most valuable data source, and thus, intruders are unrelenting in constantly evolving new techniques to bypass the signature’s solutions currently provided in Web Application Firewalls (WAF) to mitigate SQLIA. There is therefore a need for an automated scalable methodology in the pre-processing of SQLIA features fit for a supervised learning model. However, obtaining a ready-made scalable dataset that is feature engineered with numerical attributes dataset items to train Artificial Neural Network (ANN) and Machine Leaning (ML) models is a known issue in applying artificial intelligence to effectively address ever evolving novel SQLIA signatures. This proposed approach applies numerical attributes encoding ontology to encode features (both legitimate web requests and SQLIA) to numerical data items as to extract scalable dataset for input to a supervised learning model in moving towards a ML SQLIA detection and prevention model. In numerical attributes encoding of features, the proposed model explores a hybrid of static and dynamic pattern matching by implementing a Non-Deterministic Finite Automaton (NFA). This combined with proxy and SQL parser Application Programming Interface (API) to intercept and parse web requests in transition to the back-end database. In developing a solution to address SQLIA, this model allows processed web requests at the proxy deemed to contain injected query string to be excluded from reaching the target back-end database. This paper is intended for evaluating the performance metrics of a dataset obtained by numerical encoding of features ontology in Microsoft Azure Machine Learning (MAML) studio using Two-Class Support Vector Machines (TCSVM) binary classifier. This methodology then forms the subject of the empirical evaluation.
Resumo:
We show a simulation model for capacity analysis in mobile systems using a geographic information system (GIS) based tool, used for coverage calculations and frequency assignment, and MATLAB. The model was developed initially for “narrowband” CDMA and TDMA, but was modified for WCDMA. We show also some results for a specific case in “narrowband” CDMA
Resumo:
This paper applies a stochastic viability approach to a tropical small-scale fishery, offering a theoretical and empirical example of ecosystem-based fishery management approach that accounts for food security. The model integrates multi-species, multi-fleet and uncertainty as well as profitability, food production, and demographic growth. It is calibrated over the period 2006–2010 using monthly catch and effort data from the French Guiana's coastal fishery, involving thirteen species and four fleets. Using projections at the horizon 2040, different management strategies and scenarios are compared from a viability viewpoint, thus accounting for biodiversity preservation, fleet profitability and food security. The analysis shows that under certain conditions, viable options can be identified which allow fishing intensity and production to be increased to respond to food security requirements but with minimum impacts on the marine resources.
Resumo:
International audience
Resumo:
Many existing encrypted Internet protocols leak information through packet sizes and timing. Though seemingly innocuous, prior work has shown that such leakage can be used to recover part or all of the plaintext being encrypted. The prevalence of encrypted protocols as the underpinning of such critical services as e-commerce, remote login, and anonymity networks and the increasing feasibility of attacks on these services represent a considerable risk to communications security. Existing mechanisms for preventing traffic analysis focus on re-routing and padding. These prevention techniques have considerable resource and overhead requirements. Furthermore, padding is easily detectable and, in some cases, can introduce its own vulnerabilities. To address these shortcomings, we propose embedding real traffic in synthetically generated encrypted cover traffic. Novel to our approach is our use of realistic network protocol behavior models to generate cover traffic. The observable traffic we generate also has the benefit of being indistinguishable from other real encrypted traffic further thwarting an adversary's ability to target attacks. In this dissertation, we introduce the design of a proxy system called TrafficMimic that implements realistic cover traffic tunneling and can be used alone or integrated with the Tor anonymity system. We describe the cover traffic generation process including the subtleties of implementing a secure traffic generator. We show that TrafficMimic cover traffic can fool a complex protocol classification attack with 91% of the accuracy of real traffic. TrafficMimic cover traffic is also not detected by a binary classification attack specifically designed to detect TrafficMimic. We evaluate the performance of tunneling with independent cover traffic models and find that they are comparable, and, in some cases, more efficient than generic constant-rate defenses. We then use simulation and analytic modeling to understand the performance of cover traffic tunneling more deeply. We find that we can take measurements from real or simulated traffic with no tunneling and use them to estimate parameters for an accurate analytic model of the performance impact of cover traffic tunneling. Once validated, we use this model to better understand how delay, bandwidth, tunnel slowdown, and stability affect cover traffic tunneling. Finally, we take the insights from our simulation study and develop several biasing techniques that we can use to match the cover traffic to the real traffic while simultaneously bounding external information leakage. We study these bias methods using simulation and evaluate their security using a Bayesian inference attack. We find that we can safely improve performance with biasing while preventing both traffic analysis and defense detection attacks. We then apply these biasing methods to the real TrafficMimic implementation and evaluate it on the Internet. We find that biasing can provide 3-5x improvement in bandwidth for bulk transfers and 2.5-9.5x speedup for Web browsing over tunneling without biasing.
Resumo:
The traditional process of filling the medicine trays and dispensing the medicines to the patients in the hospitals is manually done by reading the printed paper medicinechart. This process can be very strenuous and error-prone, given the number of sub-tasksinvolved in the entire workflow and the dynamic nature of the work environment.Therefore, efforts are being made to digitalise the medication dispensation process byintroducing a mobile application called Smart Dosing application. The introduction ofthe Smart Dosing application into hospital workflow raises security concerns and callsfor security requirement analysis. This thesis is written as a part of the smart medication management project at EmbeddedSystems Laboratory, A˚bo Akademi University. The project aims at digitising the medicine dispensation process by integrating information from various health systems, and making them available through the Smart Dosing application. This application is intended to be used on a tablet computer which will be incorporated on the medicine tray. The smart medication management system include the medicine tray, the tablet device, and the medicine cups with the cup holders. Introducing the Smart Dosing application should not interfere with the existing process carried out by the nurses, and it should result in minimum modifications to the tray design and the workflow. The re-designing of the tray would include integrating the device running the application into the tray in a manner that the users find it convenient and make less errors while using it. The main objective of this thesis is to enhance the security of the hospital medicine dispensation process by ensuring the security of the Smart Dosing application at various levels. The methods used for writing this thesis was to analyse how the tray design, and the application user interface design can help prevent errors and what secure technology choices have to be made before starting the development of the next prototype of the Smart Dosing application. The thesis first understands the context of the use of the application, the end-users and their needs, and the errors made in everyday medication dispensation workflow by continuous discussions with the nursing researchers. The thesis then gains insight to the vulnerabilities, threats and risks of using mobile application in hospital medication dispensation process. The resulting list of security requirements was made by analysing the previously built prototype of the Smart Dosing application, continuous interactive discussions with the nursing researchers, and an exhaustive state-of-the-art study on security risks of using mobile applications in hospital context. The thesis also uses Octave Allegro method to make the readers understand the likelihood and impact of threats, and what steps should be taken to prevent or fix them. The security requirements obtained, as a result, are a starting point for the developers of the next iteration of the prototype for the Smart Dosing application.
Resumo:
Synthetic cannabinoid receptor agonists or more commonly known as synthetic cannabinoids (SCs) were originally created to obtain the medicinal value of THC but they are an emerging social problem. SCs are mostly produced coated on herbal materials or in powder form and marketed under a variety of brand names, e.g. “Spice”, “K2”. Despite many SCs becoming controlled under drug legislation, many of them remain legal in some countries around the world. In Scotland, SCs are controlled under the Misuse of Drugs Act 1971 and Psychoactive Substances Act 2016 that only cover a few early SCs. In Saudi Arabia, even fewer are controlled. The picture of the SCs-problem in Scotland is vague due to insufficient prevalence data, particularly that using biological samples. Whilst there is evidence of increasing use of SCs throughout the world, in Saudi Arabia, there is currently no data regarding the use of products containing SCs among Saudi people. Several studies indicate that SCs may cause serious toxicity and impairment to health therefore it is important to understand the scale of use within society. A simple and sensitive method was developed for the simultaneous analysis of 10 parent SCs (JWH-018, JWH-073, JWH-250, JWH-200, AM-1248, UR-144, A-796260, AB-FUBINACA, 5F-AKB-48 and 5F-PB-22) in whole blood and 8 corresponding metabolites (JWH-018 4-OH pentyl, JWH-073 3-OH butyl, JWH-250 4-OH pentyl, AM-2201 4-OH pentyl, JWH-122 5-OH pentyl, JWH-210 5-OH pentyl, 5F-AKB-48 (N-4 OH pentyl), 5F-PB-22 3-carboxyindole)in urine using LLE and LC-MS/MS. The method was validated according to the standard practices for method validation in forensic toxicology (SWGTOX, May 2013). All analytes gave acceptable precision, linearity and recovery for analysing blood and urine samples. The method was applied to 1,496 biological samples, a mixture of whole blood and urine. Blood and/or urine samples were analysed from 114 patients presenting at Accident and Emergency in Glasgow Royal Infirmary, in spring 2014 and JuneDecember 2015. 5F-AKB-48, 5F-PB-22 and MDMB-CHMICA were detected in 9, 7 and 9 cases respectively. 904 urine samples from individuals admitted to/liberated from Scottish prisons over November 2013 were tested for the presence of SCs. 5F-AKB-48 (N-4 OH pentyl) was detected in 10 cases and 5F-PB-22 3-carboxyindole in 3 cases. Blood and urine samples from two post-mortem cases in Scotland with suspected ingestion of SCs were analysed. Both cases were confirmed positive for 5F-AKB-48. A total of 463 urine samples were collected from personnel who presented to the Security Forces Hospital in Ryiadh for workplace drug testing as a requirement for their job during July 2014. The results of the analysis found 2 samples to be positive for 5F-PB-22 3carboxyindole. A further study in Saudi Arabia using a questionnaire was carried out among 3 subpopulations: medical professionals, members of the public in and around smoking cafes and known drug users. With regards to general awareness of Spice products, 16%, 11% and 22% of those participants of medical professionals, members of the public in and around smoking cafes and known drug users, respectively, were aware of the existence of SCs or Spice products. The respondents had an overall average of 4.5% who had a friend who used these Spice products. It is clear from the results obtained in both blood and urine testing and surveys that SCs are being used in both Scotland and Saudi Arabia. The extent of their use is not clear and the data presented here is an initial look into their prevalence. Blood and urine findings suggest changing trends in SC use, moving away from JWH and AM SCs to the newer 5F-AKB-48, 5-F-PB-22 and MDMBCHMICA compounds worldwide. In both countries 5F-PB-22 was detected. These findings clarify how the SCs phenomenon is a worldwide problem and how the information of every country regarding what SCs are seized can help and is not specific for that country. The analytes included in the method were selected due to their apparent availability in both countries, however it is possible that some newer analytes have been used and these would not have been detected. For this reason it is important that methods for testing SCs are updated regularly and evolve with the ever-changing availability of these drugs worldwide. In addition, there is little published literature regarding the concentrations of these drugs found in blood and urine samples and this work goes some way towards understanding these.
Resumo:
Wind energy is one of the most promising and fast growing sector of energy production. Wind is ecologically friendly and relatively cheap energy resource available for development in practically all corners of the world (where only the wind blows). Today wind power gained broad development in the Scandinavian countries. Three important challenges concerning sustainable development, i.e. energy security, climate change and energy access make a compelling case for large-scale utilization of wind energy. In Finland, according to the climate and energy strategy, accepted in 2008, the total consumption of electricity generated by means of wind farms by 2020, should reach 6 - 7% of total consumption in the country [1]. The main challenges associated with wind energy production are harsh operational conditions that often accompany the turbine operation in the climatic conditions of the north and poor accessibility for maintenance and service. One of the major problems that require a solution is the icing of turbine structures. Icing reduces the performance of wind turbines, which in the conditions of a long cold period, can significantly affect the reliability of power supply. In order to predict and control power performance, the process of ice accretion has to be carefully tracked. There are two ways to detect icing – directly or indirectly. The first way applies to the special ice detection instruments. The second one is using indirect characteristics of turbine performance. One of such indirect methods for ice detection and power loss estimation has been proposed and used in this paper. The results were compared to the results directly gained from the ice sensors. The data used was measured in Muukko wind farm, southeast Finland during a project 'Wind power in cold climate and complex terrain'. The project was carried out in 9/2013 - 8/2015 with the partners Lappeenranta university of technology, Alstom renovables España S.L., TuuliMuukko, and TuuliSaimaa.
Resumo:
The past several years have seen the surprising and rapid rise of Bitcoin and other “cryptocurrencies.” These are decentralized peer-to-peer networks that allow users to transmit money, tocompose financial instruments, and to enforce contracts between mutually distrusting peers, andthat show great promise as a foundation for financial infrastructure that is more robust, efficientand equitable than ours today. However, it is difficult to reason about the security of cryptocurrencies. Bitcoin is a complex system, comprising many intricate and subtly-interacting protocol layers. At each layer it features design innovations that (prior to our work) have not undergone any rigorous analysis. Compounding the challenge, Bitcoin is but one of hundreds of competing cryptocurrencies in an ecosystem that is constantly evolving. The goal of this thesis is to formally reason about the security of cryptocurrencies, reining in their complexity, and providing well-defined and justified statements of their guarantees. We provide a formal specification and construction for each layer of an abstract cryptocurrency protocol, and prove that our constructions satisfy their specifications. The contributions of this thesis are centered around two new abstractions: “scratch-off puzzles,” and the “blockchain functionality” model. Scratch-off puzzles are a generalization of the Bitcoin “mining” algorithm, its most iconic and novel design feature. We show how to provide secure upgrades to a cryptocurrency by instantiating the protocol with alternative puzzle schemes. We construct secure puzzles that address important and well-known challenges facing Bitcoin today, including wasted energy and dangerous coalitions. The blockchain functionality is a general-purpose model of a cryptocurrency rooted in the “Universal Composability” cryptography theory. We use this model to express a wide range of applications, including transparent “smart contracts” (like those featured in Bitcoin and Ethereum), and also privacy-preserving applications like sealed-bid auctions. We also construct a new protocol compiler, called Hawk, which translates user-provided specifications into privacy-preserving protocols based on zero-knowledge proofs.
Resumo:
Each year the Medical University of South Carolina produces an annual accountability report for the South Carolina General Assembly and the Budget and Control Board. Included is an executive summary, agency discussion and analysis, and strategic planning documents.
Resumo:
The Hungarian Revolution is often analysed in a national context or from the angle of Hungarian-Soviet relations. From this perspective, the Eastern European satellites seem mere puppets and the Soviet bloc a monolith. Archival evidence nevertheless shows that the Kremlin actually attempted to build a new kind of international relations after Stalin’s death in 1953, in which the Eastern European leaders would gain more scope for manoeuvre. This attempt at liberalisation even facilitated the uprisings in Hungary in 1956. Avoiding a teleological approach to the Hungarian Revolution, this article argues that the Soviet invasion was neither inevitable, nor wholly unilateral. Khrushchev even sought to legitimise the invasion in bilateral and multilateral consultations. There was a mutual interest in sacrificing Hungary’s sovereignty to safeguard the communist monopoly on power. This multilateralisation of Soviet bloc security is an important explanatory factor in an analysis of the Revolution and its repercussions in Eastern Europe.
Resumo:
To explore the relationship between caregiver characteristics and the adequacy of domestic swimming pool fencing.A typical metropolitan area of a large Australian capital city, Brisbane.From a reanalysis of the dataset of the 1989 Brisbane Home Safety Survey of 1050 householders, associations between 10 caregiver factors, pool ownership, and quality of pool fencing, were analysed. Household characteristics relating to toddlers (children < or = 4 years), and socioeconomic measures were also included in the analyses. Pool fencing quality was measured on an ordinal scale derived from Australian Standards Association guidelines, confirmed through home visits by trained inspectors.Caregiver factors did not distinguish households with a swimming pool from those without, nor were they associated with adequacy of pool fencing among pool owners. Pool owners, with or without children, were less likely to perceive having a childproof fence as being important. Strongest correlates of adequacy of pool fencing were socioeconomic indicators of surrounding districts.These results do not support the arguments of opponents of compulsory pool fencing that caregiver factors are adequate to prevent toddler drownings and obviate the need for a pool fence. Pool owners do not appear to perceive their pool as a hazard for young children, and complacency about the adequacy of pool fencing needs to be replaced by increased caregiver health beliefs, skills, and perceptions. Article in Injury Prevention 3(4):257-61 · December 1997
Resumo:
Japan is an important ally of the United States–the world’s third biggest economy, and one of the regional great powers in Asia. Making sense of Japan’s foreign and security policies is crucial for the future of peace and stability in Northeast Asia, where the possible sources of conflict such as territorial disputes or the disputes over Japan’s war legacy issues are observed.^ This dissertation explored Japan’s foreign and security policies based on Japan’s identities and unconscious ideologies. It employed an analysis of selected Japanese films from the late 1940s to the late 1950s, as well as from the late 1990s to the mid-2000s. The analysis demonstrated that Japan’s foreign and security policies could be understood in terms of a broader social narrative that was visible in Japanese popular cultural products, including films and literatures. Narratives of Japanese families from the patriarch’s point of view, for example, had constantly shaped Japan’s foreign and security policies. As a result, the world was ordered hierarchically in the eyes of the Japan Self. In the 1950s, Japan tenaciously constructed close but asymmetrical security relations with the U.S. in which Japan willingly subjugated itself to the U.S. In the 2000s, Japan again constructed close relations with the U.S. by doing its best to support American responses to the 9/11 terrorist attacks by mobilizing Japan’s SDFs in the way Japan had never done in the past.^ The concepts of identity and unconscious ideology are helpful in understanding how Japan’s own understanding of self, of others, and of the world have shaped its own behaviors. These concepts also enable Japan to reevaluate its own behaviors reflexively, which departs from existing alternative approaches. This study provided a critical analytical explanation of the dynamics at work in Japan’s sense of identity, particularly with regard to its foreign and security policies.^
