427 resultados para VULNERABILITIES
Resumo:
Many coastal communities across the United States are beginning to plan for climate-related sea level rise. While impacts and solutions will vary with local conditions, jurisdictions which have begun this process seem to pass through three common stages when developing policy for local sea level rise adaptation: l) building awareness about local sea level rise threats, 2) undertaking analyses of local vulnerabilities, and 3) developing plans and policies to deal with these vulnerabilities. The purpose of this paper is to help advance community dialogue and further inform local decision-makers about key elements and steps for addressing climate-related sea level rise. It summarizes the results of a project the Marine Policy Institute (MPI) undertook during 2011-12 to review experiences from fourteen U.S. coastal jurisdictions representing a variety of city, county, and state efforts with sea level adaptation. There are many more initiatives underway than those reflected in this sample, but the “focus jurisdictions” were selected because of the extensive information publically available on their experiences and lessons being learned that could provide insights for coastal communities, especially in Southwest Florida.
Resumo:
Conflict management is an intrinsic element of natural resource management, and becomes increasingly important amid growing pressure on natural resources from local uses, as well as from external drivers such as climate change and international investment. If policymakers and practitioners aim to truly improve livelihood resilience and reduce vulnerabilities of poor rural households, issues of resource competition and conflict management cannot be ignored. This synthesis report summarizes outcomes and lessons from three ecoregions: Lake Victoria, with a focus on Uganda; Lake Kariba, with a focus on Zambia; and Tonle Sap Lake in Cambodia. Partners used a common approach to stakeholder engagement and action research that we call “Collaborating for Resilience”. In each region, partners assisted local stakeholders in developing a shared understanding of risks and opportunities, weighing alternative actions, developing action plans, and evaluating and learning from the outcomes. These experiences demonstrate that investing in capacities for conflict management is practical and can contribute to broader improvements in resource governance.
Resumo:
This paper discusses various techniques that may be used to combat counterfeiting in the pharmaceutical supply chain. These include the use of electronic pedigrees (to ensure the integrity of the supply chain), together with mass-serialization (to provide for a unique lifecycle history of each individual package) and authentication of the product (to check for any discrepancies in the various attributes of the product and its packaging are as intended for that individual package). Management of the pedigree process and product authentication is discussed in some detail, together with various other learnings from the Drug Security Network, including identification of some remaining vulnerabilities and suggestions for tightening these loopholes. © 2008 Springer-Verlag Berlin Heidelberg.
Resumo:
针对大规模计算机网络的脆弱性评估,提出了一种基于贝叶斯网络近似推理的评估方法,对网络各组件和影响网络安全的因素进行建模,采用模型检测工具生成攻击状态转移图,描述网络脆弱性的利用过程,通过采用随机采样的方法对网络的攻击状态转移图进行近似推理,经过对采样样本的统计分析得到网络脆弱性评估的量化结果,为提升网络的安全性能提供理论依据。
Resumo:
This paper presents the vulnerabilities of single event effects (SEEs) simulated by heavy ions on ground and observed oil SJ-5 research satellite in space for static random access memories (SRAMs). A single event upset (SEU) prediction code has been used to estimate the proton-induced upset rates based oil the ground test curve of SEU cross-section versus heavy ion linear energy transfer (LET). The result agrees with that of the flight data.
Resumo:
Ill-health prevails in the workplace. A key problem encountered in the area of stress management is a lack of research into the way job burnout turns into mental problems, especially depressive symptoms, the most prevalent and costly psychiatric condition in the workplace. This research belongs to a cross-discipline area of industrial psychiatry and organizational behavior, which has seldom been investigated before. This research will contribute to the theoretical development of organizational behavior, especially to stress management and industrial psychiatry. This study aims to explore etiological factors and mechanisms of depressive symptoms of workers in the financial industry. By using literature review, semi-structured interviews and surveys as the major research methods, this Ph.D. study systematically investigated the risk factors of workers’ depressive symptoms within and outside of the work area. These risk factors are worker-work environment fits, work family conflicts, and workers’ psychological vulnerabilities to depression. A thorough literature review and 20 semi-structured interviews of brokers in different kinds of financial markets show the feasibility and necessity of this Ph.D. study when it comes to the issue of financial workers’ depressive symptoms. Two surveys of workplace-etiological factors of depressive symptoms were conducted among 244 financial workers and 1024 financial workers. This cross-sample verification showed that worker-work environment fit was a good framework to study risk factors of workers’ depressive symptoms. Results revealed that job demands-abilities misfit could lead to job burnout which in turn contributed to worker’s depressive symptoms; besides this, work effort-reward imbalance could directly cause workers’ depressive symptoms. Emotional labor enhanced the positive effect of job burnout on workers’ depressive symptoms. In the third study, a prominent risk factor outside of the work area, namely work family conflict, and workers’ psychological vulnerabilities of depression were included with workplace etiological factors to investigate the overall predictive model of depressive symptoms of financial workers. The survey was conducted among the same 1024 financial workers. Results indicated that work effort-reward imbalance, job burnout and work interfering in family life were three external etiological factors of workers’ depressive symptoms. Neuroticism, autonomy and low emotional intelligence were three individual etiological factors which had a positive effect on workers’ depressive symptoms. Moreover, neuroticism enhanced the relationship between job burnout and depressive symptoms as well as between work interfering in family life and depressive symptoms. Autonomy aggravated the relationship between job burnout and depressive symptoms. However, emotional intelligence attenuated the relationship between job burnout and depressive symptoms as well as between work effort-reward imbalance and depressive symptoms. Besides, workers’ dysfunctional attitudes played a partial mediating role in the relationships between above etiological factors and depressive symptoms. In the same sample, research evidence of impairments of workers’ depressive symptoms to their work-life quality was also obtained. Specifically, depressive symptoms could predict workers’ presenteeism, absenteeism and turnover intention. Their subjective well-being was also lowered when suffering more severe depressive symptoms. This research provides a theoretical basis to management practices targeted to set up the Employee Assistance Program or even more specilised rehabilitation programs for workers with depressive symptoms so as to improve their work-life quality and and establish a harmonious enterprise.
Resumo:
Malicious software (malware) have significantly increased in terms of number and effectiveness during the past years. Until 2006, such software were mostly used to disrupt network infrastructures or to show coders’ skills. Nowadays, malware constitute a very important source of economical profit, and are very difficult to detect. Thousands of novel variants are released every day, and modern obfuscation techniques are used to ensure that signature-based anti-malware systems are not able to detect such threats. This tendency has also appeared on mobile devices, with Android being the most targeted platform. To counteract this phenomenon, a lot of approaches have been developed by the scientific community that attempt to increase the resilience of anti-malware systems. Most of these approaches rely on machine learning, and have become very popular also in commercial applications. However, attackers are now knowledgeable about these systems, and have started preparing their countermeasures. This has lead to an arms race between attackers and developers. Novel systems are progressively built to tackle the attacks that get more and more sophisticated. For this reason, a necessity grows for the developers to anticipate the attackers’ moves. This means that defense systems should be built proactively, i.e., by introducing some security design principles in their development. The main goal of this work is showing that such proactive approach can be employed on a number of case studies. To do so, I adopted a global methodology that can be divided in two steps. First, understanding what are the vulnerabilities of current state-of-the-art systems (this anticipates the attacker’s moves). Then, developing novel systems that are robust to these attacks, or suggesting research guidelines with which current systems can be improved. This work presents two main case studies, concerning the detection of PDF and Android malware. The idea is showing that a proactive approach can be applied both on the X86 and mobile world. The contributions provided on this two case studies are multifolded. With respect to PDF files, I first develop novel attacks that can empirically and optimally evade current state-of-the-art detectors. Then, I propose possible solutions with which it is possible to increase the robustness of such detectors against known and novel attacks. With respect to the Android case study, I first show how current signature-based tools and academically developed systems are weak against empirical obfuscation attacks, which can be easily employed without particular knowledge of the targeted systems. Then, I examine a possible strategy to build a machine learning detector that is robust against both empirical obfuscation and optimal attacks. Finally, I will show how proactive approaches can be also employed to develop systems that are not aimed at detecting malware, such as mobile fingerprinting systems. In particular, I propose a methodology to build a powerful mobile fingerprinting system, and examine possible attacks with which users might be able to evade it, thus preserving their privacy. To provide the aforementioned contributions, I co-developed (with the cooperation of the researchers at PRALab and Ruhr-Universität Bochum) various systems: a library to perform optimal attacks against machine learning systems (AdversariaLib), a framework for automatically obfuscating Android applications, a system to the robust detection of Javascript malware inside PDF files (LuxOR), a robust machine learning system to the detection of Android malware, and a system to fingerprint mobile devices. I also contributed to develop Android PRAGuard, a dataset containing a lot of empirical obfuscation attacks against the Android platform. Finally, I entirely developed Slayer NEO, an evolution of a previous system to the detection of PDF malware. The results attained by using the aforementioned tools show that it is possible to proactively build systems that predict possible evasion attacks. This suggests that a proactive approach is crucial to build systems that provide concrete security against general and evasion attacks.
Resumo:
In this paper, we expose an unorthodox adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. We show that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity. This type of attack stands in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings such as TCP timeouts. We exemplify what we term as Reduction of Quality (RoQ) attacks by exposing the vulnerabilities of common adaptation mechanisms. We develop control-theoretic models and associated metrics to quantify these vulnerabilities. We present numerical and simulation results, which we validate with observations from real Internet experiments. Our findings motivate the need for the development of adaptation mechanisms that are resilient to these new forms of attacks.
Resumo:
The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the component known as the Bytecode Verifier. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of a real-world malicious applet is given to demonstrate the efficacy of the approach.
Resumo:
The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the Bytecode Verifier, a critical component used to verify class semantics before loading is complete. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of the approach in the context of known security exploits is provided. This type of analysis represents a significant departure from standard malware analysis methods based on signatures or anomaly detection.
Resumo:
We examine the effects of education on financial decision-making skills by identifying an interesting source of variation in pertinent training. During the 1990s, an increasing number of individuals were exposed to programs of financial education provided by their employers. If, as some have argued, low saving frequently results from a failure to appreciate economic vulnerabilities, then education of this form could prove to have a powerful effect on behavior. The current article undertakes an analysis of these programs using a previously unexploited survey of employers. We find that both participation in and contributions to voluntary savings plans are significantly higher when employers offer retirement seminars. The effect is typically much stronger for nonhighly compensated employees than for highly compensated employees. The frequency of seminars emerges as a particularly important correlate of behavior. We are unable to detect any effects of written materials, such as newsletters and summary plan descriptions, regardless of frequency. We also present evidence on other determinants of plan activity. © 2008 Western Economic Association International.
Resumo:
In recent years, increased focus has been placed on the role of intrauterine infection and inflammation in the pathogenesis of fetal brain injury leading to neurodevelopmental disorders such as cerebral palsy. At present, the mechanisms by which inflammatory processes during pregnancy cause this effect on the fetus are poorly understood. Our previous work has indicated an association between experimentally-induced intrauterine infection, increased proinflammatory cytokines, and increased white matter injury in the guinea pig fetus. In order to further elucidate the pathways by which inflammation in the maternal system or the fetal membranes leads to fetal impairment, a number of studies investigating aspects of the disease process have been performed. These studies represent a body of work encompassing novel research and results in a number of human and animal studies. Using a guinea pig model of inflammation, increased amniotic fluid proinflammatory cytokines and fetal brain injury were found after a maternal inflammatory response was initiated using endotoxin. In order to more closely monitor the fetal response to chorioamnionitis, a model using the chronically catheterized fetal ovine was carried out. This study demonstrated the adverse effects on fetal white matter after intrauterine exposure to bacterial inoculation, though the physiological parameters of the fetus were relatively stable throughout the experimental protocol, even when challenged with intermittent hypoxic episodes. The placenta is an important mediator between mother and fetus during gestation, though its role in the inflammatory process is largely undefined. Studies on the placental role in the inflammatory process were undertaken, and the limited ability of proinflammatory cytokines and endotoxin to cross the placenta are detailed herein. Neurodevelopmental disorders can be monitored in animal models in order to determine effective disease models for characterization of injury and use in therapeutic strategies. Our characterizations of postnatal behaviour in the guinea pig model using motility monitoring and spatial memory testing have shown small but significant differences in pups exposed to inflammatory processes in utero. The data presented herein contributes a breadth of knowledge to the ongoing elucidation of the pathways by which fetal brain injury occurs. Determining the pathway of damage will lead to discovery of diagnostic criteria, while determining the vulnerabilities of the developing fetus is essential in formulating therapeutic options.
Resumo:
Advances in stem cell science and tissue engineering are being turned into applications and products through a novel medical paradigm known as regenerative medicine. This paper begins by examining the vulnerabilities and risks encountered by the regenerative medicine industry during a pivotal moment in its scientific infancy: the 2000s. Under the auspices of New Labour, British medical scientists and life science innovation firms associated with regenerative medicine, received demonstrative rhetorical pledges of support, aligned with the publication of a number of government initiated reports presaged by Bioscience 2015: Improving National Health, Increasing National Wealth. The Department of Health and the Department of Trade and Industry (and its successors) held industry consultations to determine the best means by which innovative bioscience cultures might be promoted and sustained in Britain. Bioscience 2015 encapsulates the first chapter of this sustainability narrative. By 2009, the tone of this storyline had changed to one of survivability. In the second part of the paper, we explore the ministerial interpretation of the ‘bioscience discussion cycle’ that embodies this narrative of expectation, using a computer-aided content analysis programme. Our analysis notes that the ministerial interpretation of these reports has continued to place key emphasis upon the distinctive and exceptional characteristics of the life science industries, such as their ability to perpetuate innovations in regenerative medicine and the optimism this portends – even though many of the economic expectations associated with this industry have remained unfulfilled.
Resumo:
1. Freshwater unionoids are one of the most threatened animal groups worldwide and the freshwater pearl mussel Margaritifera margaritifera is currently listed as critically endangered in Europe. The ‘EC Habitats & Species Directive’ requires that EU member states monitor the distribution and abundance of this species and report regularly on its conservation status.
2. The pearl mussel meta-population in Northern Ireland was surveyed to assess temporal population trends in Special Areas of Conservation (SACs) and mussel reproduction throughout its range.
3. Mussels occurred in six rivers and numbers within three SAC designated sites remained stable between 2004-07 and 2011. The discovery of >8,000 previously unknown individuals in the Owenreagh River contributed to an overall increase (+56.8%) in the total known population. All populations actively reproduced during 2010 with approximately half of all individuals gravid. Moreover, suitable salmonid hosts occurred at all sites with 10.7% of salmon and 22.8% of trout carrying encysted glochidia. Populations were composed entirely of aged individuals with little evidence of recent recruitment.
4. We infer that the break in the life cycle must occur during the juvenile stage when glochidia metamorphose and settle into the interstitial spaces within the substrate. Water quality parameters, most notably levels of suspended solids, exceeded the recommended maximum thresholds in all rivers.
5. We posit that the deposition of silt may be the main cause of juvenile mortality contributing to a lack of recruitment. Consequently, all populations were judged to be in ‘unfavourable’ conservation status. Catchment-level management plans are urgently needed to reduce siltation with the aim of improving recruitment. Our results have implications for the success of ex-situ conservation programmes; specifically, the size at which captive bred juveniles are released into the wild. Further research is required to assess the vulnerabilities of early life stages of M. margaritifera to siltation.
