427 resultados para VULNERABILITIES
Resumo:
Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.
Resumo:
Many software applications extend their functionality by dynamically loading executable components into their allocated address space. Such components, exemplified by browser plugins and other software add-ons, not only enable reusability, but also promote programming simplicity, as they reside in the same address space as their host application, supporting easy sharing of complex data structures and pointers. However, such components are also often of unknown provenance and quality and may be riddled with accidental bugs or, in some cases, deliberately malicious code. Statistics show that such component failures account for a high percentage of software crashes and vulnerabilities. Enabling isolation of such fine-grained components is therefore necessary to increase the stability, security and resilience of computer programs. This thesis addresses this issue by showing how host applications can create isolation domains for individual components, while preserving the benefits of a single address space, via a new architecture for software isolation called LibVM. Towards this end, we define a specification which outlines the functional requirements for LibVM, identify the conditions under which these functional requirements can be met, define an abstract Application Programming Interface (API) that encompasses the general problem of isolating shared libraries, thus separating policy from mechanism, and prove its practicality with two concrete implementations based on hardware virtualization and system call interpositioning, respectively. The results demonstrate that hardware isolation minimises the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution’s correctness. This thesis concludes that, not only is it feasible to create such isolation domains for individual components, but that it should also be a fundamental operating system supported abstraction, which would lead to more stable and secure applications.
Resumo:
The Oceania region is an area particularly prone to natural disasters such as cyclones, tsunamis, floods, droughts, earthquakes and volcanic eruptions. Many of the nations in the region are Small Island Developing States (SIDS), yet even within wealthy states such as Australia and New Zealand there are groups which are vulnerable to disaster. Vulnerability to natural disaster can be understood in human rights terms, as natural disasters threaten the enjoyment of a number of rights which are guaranteed under international law, including rights to health, housing, food, water and even the right to life itself. The impacts of climate change threaten to exacerbate these vulnerabilities, yet, despite the foreseeability of further natural disasters as a result of climate change, there currently exists no comprehensive international framework for disaster response offering practical and/or legally reliable mechanisms to assist at‐risk states and communities. This paper sets out to explore the human rights issues presented by natural disasters and examine the extent to which these issues can be addressed by disaster response frameworks at the international, regional and national levels.
Resumo:
Climate change is predicted to increase the frequency and severity of extreme weather events which pose significant challenges to the ability of government and other relief agencies to plan for, cope with and respond to disasters. Consequently, it is important that communities in climate sensitive and potential disaster prone areas strengthen their resilience to natural disasters in order to expeditiously recover from potential disruptions and damage caused by disasters. Building self reliance and, particularly in the immediate aftermath of a disaster, can facilitate short-term and long-term community recovery. To build stronger and more resilient communities, it is essential to have a better understanding of their current resilience capabilities by assessing areas of strength, risks and vulnerabilities so that their strengths can be enhanced and the risks and vulnerability can be appropriately addressed and mitigated through capacity building programs. While a number of conceptual frameworks currently exist to assess the resilience level of communities to disasters, they have tended to differ on their emphasis, scope and definition of what constitutes community resilience and how community resilience can be most effectively and accurately assessed. These limitations are attributed to the common approach of viewing community resilience through a mono-disciplinary lens. To overcome this, this paper proposes an integrated conceptual framework that takes into account the complex interplay of environmental, social, governance, infrastructure and economic attributes associated with community resilience. The framework can be operationalised using a range of resilience indicators to suit the nature of a disaster and the specific characteristics of a study region.
Resumo:
In this paper, we present three counterfeiting attacks on the block-wise dependent fragile watermarking schemes. We consider vulnerabilities such as the exploitation of a weak correlation among block-wise dependent watermarks to modify valid watermarked %(medical or other digital) images, where they could still be verified as authentic, though they are actually not. Experimental results successfully demonstrate the practicability and consequences of the proposed attacks for some relevant schemes. The development of the proposed attack models can be used as a means to systematically examine the security levels of similar watermarking schemes.
Resumo:
Suicide is a serious public health issue that results from an interaction between multiple risk factors including individual vulnerabilities to complex feelings of hopelessness, fear, and stress. Although kinase genes have been implicated in fear and stress, including the consolidation and extinction of fearful memories, expression profiles of those genes in the brain of suicide victims are less clear. Using gene expression microarray data from the Online Stanley Genomics Database 1 and a quantitative PCR, we investigated the expression profiles of multiple kinase genes including the calcium calmodulin-dependent kinase (CAMK), the cyclin-dependent kinase, the mitogen-activated protein kinase (MAPK), and the protein kinase C (PKC) in the prefrontal cortex (PFC) of mood disorder patients died with suicide (N = 45) and without suicide (N = 38). We also investigated the expression pattern of the same genes in the PFC of developing humans ranging in age from birth to 49 year (N = 46). The expression levels of CAMK2B, CDK5, MAPK9, and PRKCI were increased in the PFC of suicide victims as compared to non-suicide controls (false discovery rate, FDR-adjusted p < 0.05, fold change >1.1). Those genes also showed changes in expression pattern during the postnatal development (FDR-adjusted p < 0.05). These results suggest that multiple kinase genes undergo age-dependent changes in normal brains as well as pathological changes in suicide brains. These findings may provide an important link to protein kinases known to be important for the development of fear memory, stress associated neural plasticity, and up-regulation in the PFC of suicide victims. More research is needed to better understand the functional role of these kinase genes that may be associated with the pathophysiology of suicide
Resumo:
Background: Young motherhood is commonly associated with vulnerabilities, stereotyping of young women’s behaviour and poor outcomes for them and their children. The objective was to understand how maternity care is experienced for this group in the transition to parenthood. Methods: Data from a large-scale 2010 survey of women’s experience of maternity care were analysed using qualitative methods with open text responses. Results: 7,193 women responded to the survey: 237 were aged 20 years or less. Most (83%) of these young women provided open text responses. The main themes were: ‘being a consumer’, ‘the quality of care’, ‘needing support’ and ‘pride in parenthood’ while subthemes included ‘being young’ and ‘how staff made me feel’, ‘testimonials for staff’, ‘not being left’ and ‘it’s all worthwhile’. Conclusion: Many young women responding described a positive experience. For many first time mothers this marked a positive change in their identity. Nevertheless staff perceptions and attitudes affected how they saw themselves and what they took away from their experience of maternity care. A key message for other women supported and reinforced their role as active and involved consumers who, in engaging with services, have to stand up for themselves and make their needs and wishes known.
Resumo:
For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems' vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.
Resumo:
Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
Mosquito-borne diseases pose some of the greatest challenges in public health, especially in tropical and sub-tropical regions of theworld. Efforts to control these diseases have been underpinned by a theoretical framework developed for malaria by Ross and Macdonald, including models, metrics for measuring transmission, and theory of control that identifies key vulnerabilities in the transmission cycle. That framework, especially Macdonald’s formula for R0 and its entomological derivative, vectorial capacity, are nowused to study dynamics and design interventions for many mosquito-borne diseases. A systematic review of 388 models published between 1970 and 2010 found that the vast majority adopted the Ross–Macdonald assumption of homogeneous transmission in a well-mixed population. Studies comparing models and data question these assumptions and point to the capacity to model heterogeneous, focal transmission as the most important but relatively unexplored component in current theory. Fine-scale heterogeneity causes transmission dynamics to be nonlinear, and poses problems for modeling, epidemiology and measurement. Novel mathematical approaches show how heterogeneity arises from the biology and the landscape on which the processes of mosquito biting and pathogen transmission unfold. Emerging theory focuses attention on the ecological and social context formosquito blood feeding, themovement of both hosts and mosquitoes, and the relevant spatial scales for measuring transmission and for modeling dynamics and control.
Resumo:
Small and medium firms (SMEs) that operate in global markets are vulnerable to external shocks in uncertain, hostile and volatile business environments given their limited resources and inexperience. In such environments entrepreneurial firms respond by making strategic choices to mitigate such vulnerabilities. This research examines one such important strategic choice – entrepreneurial posturing and its link to financial performance in Finnish SMEs during the global financial crisis. Findings suggest that the dimensions of entrepreneurial posturing have a differential effect on firm performance depending upon the severity of the business environment as well as the firm’s degree of internationalization. Implications for theory and practice are discussed and directions for future research provided.
Resumo:
Introduction and Aim: Sexual assaults commonly involve alcohol use by the perpetrator, victim, or both. Beliefs about alcohol’s effects may impact on people’s perceptions of and responses to men and women who have had such experiences while intoxicated from alcohol. This study aimed to develop an alcohol expectancy scale that captures young adults’ beliefs about alcohol’s role in sexual aggression and victimisation. Design and Methods: Based on pilot focus groups, an initial pool of 135 alcohol expectancy items was developed, checked for readability and face validity, and administered via a cross-sectional survey to 201 male and female university students (18-25 years). Items were specified in terms of three target drinkers: self, men, and women. In addition, a social desirability measure was included. Results: Principal Axis Factoring revealed a 4-factor solution for the targets men and women and a 5-factor solution for the target self with 72 items retained. Factors related to sexual coercion, sexual vulnerability, confidence, self-centredness, and negative cognitive and behavioural effects. Social desirability issues were evident for the target self, but not for the targets men and women. Discussion and Conclusions: Young adults link alcohol’s effects with sexual vulnerabilities via perceived risky cognitions and behaviours. Due to social desirability, these expectancies may be difficult to explicate for the self but may be accessible instead via other-oriented assessment. The Sexual Coercion and Vulnerability Alcohol Expectancy Scale has potential as a tool to elucidate the established tendency for observers to excuse intoxicated sexual perpetrators while blaming intoxicated victims.
Resumo:
Regional and remote communities in tropical Queensland are among Australia’s most vulnerable in the face of climate change. At the same time, these socially and economically vulnerable regions house some of Australia’s most significant biodiversity values. Past approaches to terrestrial biodiversity management have focused on tackling biophysical interventions through the use of biophysical knowledge. An equally important focus should be placed on building regional-scale community resilience if some of the worst biodiversity impacts of climate change are to be avoided or mitigated. Despite its critical need, more systemic or holistic approaches to natural resource management have been rarely trialed and tested in a structured way. Currently, most strategic interventions in improving regional community resilience are ad hoc, not theory-based and short term. Past planning approaches have not been durable, nor have they been well informed by clear indicators. Research into indicators for community resilience has been poorly integrated within adaptive planning and management cycles. This project has aimed to resolve this problem by: * Reviewing the community and social resilience and adaptive planning literature to reconceptualise an improved framework for applying community resilience concepts; * Harvesting and extending work undertaken in MTSRF Phase 1 to identifying the learnings emerging from past MTSRF research; * Distilling these findings to identify new theoretical and practical approaches to the application of community resilience in natural resource use and management; * Reconsidering the potential interplay between a region’s biophysical and social planning processes, with a focus on exploring spatial tools to communicate climate change risk and its consequent environmental, economic and social impacts, and; * Trialling new approaches to indicator development and adaptive planning to improve community resilience, using a sub-regional pilot in the Wet Tropics. In doing so, we also looked at ways to improve the use and application of relevant spatial information. Our theoretical review drew upon the community development, psychology and emergency management literature to better frame the concept of community resilience relative to aligned concepts of social resilience, vulnerability and adaptive capacity. Firstly, we consider community resilience as a concept that can be considered at a range of scales (e.g. regional, locality, communities of interest, etc.). We also consider that overall resilience at higher scales will be influenced by resilience levels at lesser scales (inclusive of the resilience of constituent institutions, families and individuals). We illustrate that, at any scale, resilience and vulnerability are not necessarily polar opposites, and that some understanding of vulnerability is important in determining resilience. We position social resilience (a concept focused on the social characteristics of communities and individuals) as an important attribute of community resilience, but one that needs to be considered alongside economic, natural resource, capacity-based and governance attributes. The findings from the review of theory and MTSRF Phase 1 projects were synthesized and refined by the wider project team. Five predominant themes were distilled from this literature, research review and an expert analysis. They include the findings that: 1. Indicators have most value within an integrated and adaptive planning context, requiring an active co-research relationship between community resilience planners, managers and researchers if real change is to be secured; 2. Indicators of community resilience form the basis for planning for social assets and the resilience of social assets is directly related the longer term resilience of natural assets. This encourages and indeed requires the explicit development and integration of social planning within a broader natural resource planning and management framework; 3. Past indicator research and application has not provided a broad picture of the key attributes of community resilience and there have been many attempts to elicit lists of “perfect” indicators that may never be useful within the time and resource limitations of real world regional planning and management. We consider that modeling resilience for proactive planning and prediction purposes requires the consideration of simple but integrated clusters of attributes; 4. Depending on time and resources available for planning and management, the combined use of well suited indicators and/or other lesser “lines of evidence” is more flexible than the pursuit of perfect indicators, and that; 5. Index-based, collaborative and participatory approaches need to be applied to the development, refinement and reporting of indicators over longer time frames. We trialed the practical application of these concepts via the establishment of a collaborative regional alliance of planners and managers involved in the development of climate change adaptation strategies across tropical Queensland (the Gulf, Wet Tropics, Cape York and Torres Strait sub-regions). A focus on the Wet Tropics as a pilot sub-region enabled other Far North Queensland sub-region’s to participate and explore the potential extension of this approach. The pilot activities included: * Further exploring ways to innovatively communicate the region’s likely climate change scenarios and possible environmental, economic and social impacts. We particularly looked at using spatial tools to overlay climate change risks to geographic communities and social vulnerabilities within those communities; * Developing a cohesive first pass of a State of the Region-style approach to reporting community resilience, inclusive of regional economic viability, community vitality, capacitybased and governance attributes. This framework integrated a literature review, expert (academic and community) and alliance-based contributions; and * Early consideration of critical strategies that need to be included in unfolding regional planning activities with Far North Queensland. The pilot assessment finds that rural, indigenous and some urban populations in the Wet Tropics are highly vulnerable and sensitive to climate change and may require substantial support to adapt and become more resilient. This assessment finds that under current conditions (i.e. if significant adaptation actions are not taken) the Wet Tropics as a whole may be seriously impacted by the most significant features of climate change and extreme climatic events. Without early and substantive action, this could result in declining social and economic wellbeing and natural resource health. Of the four attributes we consider important to understanding community resilience, the Wet Tropics region is particularly vulnerable in two areas; specifically its economic vitality and knowledge, aspirations and capacity. The third and fourth attributes, community vitality and institutional governance are relatively resilient but are vulnerable in some key respects. In regard to all four of these attributes, however, there is some emerging capacity to manage the possible shocks that may be associated with the impacts of climate change and extreme climatic events. This capacity needs to be carefully fostered and further developed to achieve broader community resilience outcomes. There is an immediate need to build individual, household, community and sectoral resilience across all four attribute groups to enable populations and communities in the Wet Tropics region to adapt in the face of climate change. Preliminary strategies of importance to improve regional community resilience have been identified. These emerging strategies also have been integrated into the emerging Regional Development Australia Roadmap, and this will ensure that effective implementation will be progressed and coordinated. They will also inform emerging strategy development to secure implementation of the FNQ 2031 Regional Plan. Of most significance in our view, this project has taken a co-research approach from the outset with explicit and direct importance and influence within the region’s formal planning and management arrangements. As such, the research: * Now forms the foundations of the first attempt at “Social Asset” planning within the Wet Tropics Regional NRM Plan review; * Is assisting Local government at regional scale to consider aspects of climate change adaptation in emerging planning scheme/community planning processes; * Has partnered the State government (via the Department of Infrastructure and Planning and Regional Managers Coordination Network Chair) in progressing the Climate Change adaptation agenda set down within the FNQ 2031 Regional Plan; * Is informing new approaches to report on community resilience within the GBRMPA Outlook reporting framework; and * Now forms the foundation for the region’s wider climate change adaptation priorities in the Regional Roadmap developed by Regional Development Australia. Through the auspices of Regional Development Australia, the outcomes of the research will now inform emerging negotiations concerning a wider package of climate change adaptation priorities with State and Federal governments. Next stage research priorities are also being developed to enable an ongoing alliance between researchers and the region’s climate change response.
Resumo:
Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying. Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks. However, the literature shows a lack of information about what types of social engineering threats exist on SNSs. This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors. In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions. A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs.
