Your search keyword '"vulnerabilities"' showing total 685 results

1. Security Analysis of Simpel Desa using Mobile Security Framework and ISO 27002:2013

Author

Khairunnisak Nur Isnaini and Didit Suhartono

Subjects

Information Security, MobSF, Vulnerabilities, General Economics, Econometrics and Finance, ISO 27002:2013

Abstract

The Personal Identification Number or KTP is prone to be stolen and used by unwanted parties, this is also a possibility for the Simpel Desa, a village administration application that also contain and use the Personal Identification Number. This study aims to detect information security vulnerabilities. This study aims to analyze security vulnerabilities in applications using MobSF and ISO 27002:2013. MobSF is used for penetration testing for malware in applications. In MobSF the Simpel Desa application is analyzed in two ways, namely static and dynamic. ISO 27002:2013 is used to map the findings of vulnerabilities and potential misuse of information so that they get accurate analysis results. The control used is domain 9 (access control) and 10 (cryptography). The results obtained in the static analysis found the existence of vulnerabilities in aspects of cryptography and permission access. The dynamic analysis found that Root Detection and Debugger Check Bypass had not been implemented. Overall, based on ISO 27002:2013 information security has not been maximally implemented. The recommendations given focus on the aspects of application permissions and access rights, user authentication, and the implementation of information security.

Published

2023

2. Vulnerabilities, ethical responsibility and acceptance of otherness during the first Covid lockdown: A case study of a French Care Centre for Support and Prevention in Addictology

Author

Marcucci, L, Nutini, S, Centre Atlantique de Philosophie (CAPHI), Université de Rennes (UR)-Université de Brest (UBO)-Institut Brestois des Sciences de l'Homme et de la Société (IBSHS), Université de Brest (UBO)-Nantes Université - UFR Lettres et Langages (Nantes Univ - UFR LL), Nantes Université - pôle Humanités, Nantes Université (Nantes Univ)-Nantes Université (Nantes Univ)-Nantes Université - pôle Humanités, Nantes Université (Nantes Univ)-Nantes Université (Nantes Univ), Centre de recherche en histoire des idées (CRHI), Université Nice Sophia Antipolis (1965 - 2019) (UNS), COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA), Anthropologie bio-culturelle, Droit, Ethique et Santé (ADES), Aix Marseille Université (AMU)-EFS ALPES MEDITERRANEE-Centre National de la Recherche Scientifique (CNRS), and CH Grasse

Subjects

Issues, ethics and legal aspects, Health (social science), Health crisis, [SDV]Life Sciences [q-bio], Health Policy, Masks, Vulnerabilities, Addictions, Levinas

Abstract

National audience; Le premier confinement de la crise sanitaire Covid 19 a bouleversé les pratiques médicales et soignantes, avec une priorisation des patients positifs à la Covid et une focalisation sur les flux en réanimation. Or, dans les Centres de Soin d’Accompagnement et de Prévention en Addictologie (CSAPA), la dimension relationnelle du soin est centrale. Les professionnels de santé ont été impactés par les protocoles contraignants en matière d’asepsie, avec un risque de rupture de suivi accru chez des patients déjà vulnérables. À partir du cas du CSAPA de Grasse, l’article vise premièrement à analyser rétrospectivement les tensions éthiques rencontrées autour de l’accueil de l’altérité de ces patients aux problématiques complexes et deuxièmement à mettre en lumière l’inventivité des soignants dans leurs pratiques quotidiennes. L’approche développée est philosophique et conceptuelle, centrée sur la philosophie d’E. Levinas et son éthique du « visage » car la crise a exacerbé des tensions éthiques préexistantes autour de l’intersubjectivité. Les soignants ont dû faire face à une « responsabilité pour autrui », elle aussi renforcée. Mais la crise a pu aussi être l’occasion de réinvestir le soin relationnel, en se détachant du primat de la vue: le masque a tantôt aidé tantôt entravé le soin relationnel, mettant au jour la vulnérabilité partagée des soignants et des soignés. La crise sanitaire nous rappelle que la vigilance est toujours de mise vis-à-vis des risques de déshumanisation de la relation de soin.

Published

2022

3. Mujeres «solas» en el exilio. Vulnerabilidades, violencias y resistencias de las refugiadas españolas en Francia (1939-1978)

Author

Martínez Martínez, Alba

Subjects

Cultural Studies, History, Resistances, Sociology and Political Science, Agencia femenina, Resistencias, Refugee women, Vulnerabilities, Violencias, Female agency, Violence, Mujeres refugiadas, Vulnerabilidades

Abstract

Este artículo analiza los contextos que hicieron de las refugiadas españolas en Francia sujetos vulnerables, identifica los perfiles susceptibles de sufrir las consecuencias de la vulnerabilidad con mayor intensidad y desentraña las resistencias femeninas para hacer frente a esta. Identificamos que hubo tres contextos tendentes a intensificar su vulnerabilidad: el cruce de la frontera-internamiento, el espacio laboral y el proceso de consecución del estatuto de refugiada. Observamos que las mujeres «solas» estuvieron más expuestas a violencias tanto directas como simbólicas. Pese a todo, no fueron meros cuerpos sufrientes, sino sujetos con agencia para dignificar su nueva condición de refugiadas., This article analyses the contexts that made Spanish refugee women in France vulnerable. It identifies the profiles of those who were likely to suffer the consequences of such vulnerability with a high degree of intensity. It unravels the resistance of some women to cope with this situation. We identify three contexts that tended to intensify this vulnerability: the border-crossing, the workplace, and the process of obtaining refugee status. We observe that women who were «alone» were more exposed to both direct and symbolic violence. Never the less, they were not mere suffering bodies but subjects with agency to dignify their new refugee condition., FPU, Margarita Salas

Published

2022

4. Conhecimentos sociotécnicos e comunitários para uma nova relação do saber-fazer no enfrentamento a desastres

Author

Oliveira, Simone Santos and Portella, Sergio

Subjects

territoire, cartografia social, vulnerabilities, vulnerabilidades, desastres, território, vulnerabilidad, ergologie, territory, cartografía social, catastrophes, disasters, ergología, ergology, ergologia, vulnérabilités, social cartography, territorio, cartographie sociale

Abstract

Descrevemos a experiência de uma Comunidade Ampliada de Pesquisa como um potencial agregador de outros dispositivos que buscam romper com a herança colonial de vulnerabilidade e apostam na tessitura de um saber aderente, territorial, comunitário de grupos humanos que vivenciaram desastres. Os cenários de mudanças climáticas apontados pelos relatórios do Painel Intergovernamental para a Mudança de Clima alertam para o aumento do número de eventos críticos. Desastres como processos reveladores das vulnerabilidades dos territórios, resultantes do modelo de desenvolvimento. A experiência relatada se desenvolve nas cidades serranas do Rio de Janeiro que vivenciaram a catástrofe de 2011, a partir de um conjunto de dispositivos como a cartografia social, produção de memória comunitária e índices comparativos de vulnerabilidades socioambientais, para compreender o grau de aderência e desaderência dos conhecimentos territorializados e promover o encontro de saberes entre redes sociotécnicas, de gestão e comunitárias. Describimos la experiencia de una Comunidad de Investigación Ampliada como un potencial agregador de otros dispositivos que buscan romper con la herencia colonial de la vulnerabilidad y apostar por el tejido de un conocimiento comunitario adherente, territorial, de grupos humanos que han vivido desastres. Los escenarios de cambio climático señalados por los informes del Panel Intergubernamental de Cambio Climático advierten un incremento en el número de eventos críticos. Los desastres como procesos reveladores de las vulnerabilidades de los territorios, producto del modelo de desarrollo. La experiencia relatada tiene lugar en las cuidades de montaña de Río de Janeiro que vivieron la catástrofe de 2011, que se basó en un conjunto de dispositivos como cartografía social, producción de memoria comunitaria e índices comparativos de vulnerabilidades socioambientales para comprender el grado de adhesión y la no adhesión de saberes territorializados y promover el encuentro de saberes entre redes sociotécnicas, gerenciales y comunitarias. Nous décrivons l’expérience d’une Communauté de Recherche Élargie en tant qu’intégrateur potentiel d’autres dispositifs qui cherchent à rompre avec l’héritage colonial de la vulnérabilité et misent sur la trame d’un savoir communautaire solide, ancré dans le territoire, de groupes humains qui ont vécu des catastrophes. Les scénarios de changement climatique, pointés par les rapports du Groupe d’experts intergouvernemental sur l’évolution du climat, mettent en garde contre une augmentation du nombre d’événements critiques. Les catastrophes révèlent les vulnérabilités des territoires, issues d’un modèle de développement. L’expérience rapportée se déroule dans les villes montagneuses de Rio de Janeiro où a eu lieu la catastrophe de 2011. Elle s’est appuyée sur un ensemble de dispositifs tels que la cartographie sociale, la production de mémoire communautaire et des indices comparatifs de vulnérabilités socio-environnementales. La finalité a été de comprendre le degré d’adhérence/désadhérence des savoirs territorialisés et de favoriser la rencontre des savoirs entre les réseaux sociotechniques, de gestion et associatifs.

Published

2023

5. Analyse du processus de renforcement des vulnérabilités dans les situations complexes d’autisme

Author

Barreyre, Jean-Yves, Gibey, Lydie, and Fiacre, Patricia

Subjects

autisme, Process, communication, Autism, processus, vulnérabilités, Vulnerabilities, situations complexes, Complex Situations, comportements problématiques, Problem Behaviors

Abstract

L’article concerne les parcours de vie et les situations complexes d’autisme en Île-de-France. Il repose sur une recherche participative avec les professionnels et les bénéficiaires du dispositif SCATED (Situations Complexes d’Autisme et Troubles Envahissant du Développement, dispositif crée en 2010). La méthode s’organise en trois phases: 1°- l’analyse du contexte de l’autisme en Île-de-France par l’exploitation de l’enquête nationale dite “ES 2014”; 2°- la co-construction entre l’équipe de recherche et les professionnels du dispositif d’une base de données actualisée spécifique au dispositif, à partir des 2 100 situations complexes d’autisme suivies de 2010 à 2018, et l’exploitation par les chercheur·e·s de 452 situations extraites de cette base; 3°- l’analyse de 11 situations diversifiées (32 entretiens). La recherche propose une lecture critique des troubles du comportement et analyse les sept dimensions qui participent d’un processus de renforcement des vulnérabilités dans les situations complexes d’autisme. Elle émet un certain nombre de préconisations qui sont reprises par l’Agence régionale d’Île-de-France dans le cadre de son plan stratégique de santé. The article concerns the life paths and the complex situations of autism in Île-de-France (France). It is based on a participative research with professionals and beneficiaries of the Complex Situations of Autism Device (SCATED). The method is organized in 3 phases: 1°- analysis of the context of autism in Île-de-France through the exploitation of the national survey called “ES 2014”; 2°- co-construction between the research team and the professionals of the device of an updated database specific to the device, based on the 2 100 complex autism situations monitored from 2010 to 2018, and the exploitation by the researchers of 452 situations extracted from this database; 3°- analysis of 11 diversified situations (32 interviews). The research offers a critical reading of behavioral disorders and analyzes the seven dimensions that participate in a process of reinforcing vulnerabilities in complex situations of autism. It makes a certain number of recommendations which are taken up by the Île-de-France Regional Agency as part of its strategic health plan.

Published

2023

6. Transmission Mechanisms of Economic Shocks in the Eurasian Economic Union

Author

Galoyan, Diana and Hovsepyan, Meri

Subjects

Panel Vector Autoregression Model, Transmission Mechanisms, Debt Burden, Vulnerabilities, Economic Shocks, Eurasian Economic Union

Abstract

Purpose: The goal of the article is to identify the transmission mechanisms of economic shocks in the EAEU, and determine the impact of external shocks on the key macroeconomic indicators. Theoretical framework: While there is a considerable body of literature on the transmission channels of economic shocks, there remains a need for empirical studies to identify the precise impact of these channels on crucial macroeconomic indicators, including but not limited to GDP, public debt, and exchange rates. Design/methodology/approach: In this article, we have identified three primary sources of transmission channels of shocks that affect the EAEU: global economic growth, instability of the international stock market, and volatility in raw material markets. To analyze the impact of these channels on macroeconomic indicators, we developed a panel vector autoregression model using 29 indicators for five countries. The model uses quarterly data from 2010 to 2022. Findings: The study revealed that shocks are transmitted to EAEU economies through several channels, including the exchange rate, foreign trade, foreign investments, budget indicators, and inflation. The impacts of changes in raw asset prices and global financial market conditions are observable across all these channels. Ultimately, all shocks have an impact on the rate of economic growth, as well as the government's debt burden. Research, Practical & Social implications: We are proposing a new research agenda and direction, emphasizing the need for empirical studies that align with the economic policy of integration. Such studies will be essential in advancing our understanding of the transmission mechanisms of economic shocks and their impact on the EAEU. Originality/value: Although there are analyses of how economic shocks are transmitted within specific countries, the significance of this research is emphasized by its examination of the EAEU as a cohesive entity.

Published

2023

7. Implementació d'un ecosistema de compartició de ciberintel·ligència en un entorn domèstic

Author

Fernandez I Robuste, Adrià, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, Ernst & Young, Serral Gracià, René, and Vidal Reverte, Jaume

Subjects

vulnerabilities, vulnerabilitats, Seguretat informàtica, TLP, CVE, SOAR, cyber threats, ciberamenaces, Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Computer security, MISP, TTPs, ELK Stack, Indicators of Compromise, SOC, OpenCTI, Indicadors de Compromís, SIEM

Abstract

Gràcies a l'empresa que em va contractar, Ernst & Young, tinc la possibilitat de desenvolupar algunes parts d'un ecosistema de compartició de ciberintel·ligència, que servirà per a un dels seus clients, l'Agència de Ciberseguretat de Catalunya. Aquest projecte té com a principal objectiu realitzar la implementació d'un ecosistema semblant, en un entorn domèstic mitjançant l'ús de diferents solucions, i per tant, aconseguir l'objectiu de tenir un entorn on poder monitorar les ciberamenaces que ocorrin. Dins de l'empresa, es tracta d'un projecte nou que està dirigit pel director Jaume Vidal Reverte i que està al càrrec de supervisar el projecte. És un projecte el qual, ni en l'empresa ni en el client pel qual va dirigit, s'havia realitzat i per tant, serà el primer cop que es treballi en un entorn tan desenvolupat d'intercanvi d'intel·ligència. Amb aquest ecosistema plantejat, es disposarà a implementar-ho en un entorn domèstic, com es podria tractar per exemple, en el teu ordinador de treball. L'objectiu de l'empresa i del client és que aquest Ecosistema CTI sigui la principal font de feeds d'intel·ligència i d'informació sobre ciberamenaçes, i d'aquesta manera poder mitigar de manera prioritzada i eficient l'afectació, i ajudar en la presa de decisions en el cas que una ciberamenaça sigui detectada. Equivalentment, l'objectiu principal de tenir aquest ecosistema al teu entorn domèstic, és poder monitorar les amenaces i poder arribar a temps de mitigar-les en el teu entorn. Thanks to the company that hired me, Ernst & Young, I have the opportunity to develop some parts of a cyberintelligence sharing ecosystem, which will serve one of their clients, the Cybersecurity Agency of Catalonia. The main objective of this project is to implement a similar ecosystem in a domestic environment through the use of different solutions, and therefore, to achieve the goal of having an environment in which to monitor the cyber threats that occur. Within the company, it is a new project that is led by the director Jaume Vidal Reverte, who is in charge of supervising the project. It is a project which, neither in the company nor in the client for whom it is directed, has ever been carried out and therefore, it will be the first time that it is worked in such a developed environment of intelligence exchange. With this proposed ecosystem, it will be ready to implement it in a domestic environment, as it could be, for example, in your work computer. The objective of the company and the client is for this CTI Ecosystem to be the main source of intelligence feeds and information on cyber threats, and thus be able to mitigate the impact in a prioritized and efficient manner, and assist in making decisions in the event that a cyber threat is detected. Similarly, the main objective of having this ecosystem in your home environment is to be able to monitor threats and be able to mitigate them in your environment in time

Published

2023

8. Assessment of soil erosion in the Autonomous District of Abidjan, Côte d'Ivoire

Author

Kinakpefan Michel TRAORE, Nambahigué Mathieu BAKARY, and TAMBOURA, Awa Timité

Subjects

Land cover, Autonomous District of Abidjan, Land use, Vulnerabilities, RUSLE model, Water erosion

Abstract

— In a context of global changes and climatic uncertainties, this study poses the problem of the occurrence of water erosion induced by natural constraints and uncontrolled and speculative anthropisation of soils in the Autonomous District of Abidjan. The aim is to propose a decision-making tool that identifies the areas of the Autonomous District of Abidjan (ADA) most prone to soil loss and the risk of water erosion. More specifically, the aim is to evaluate, prioritise and map the levels of susceptibility to the occurrence of this hydroclimatic risk in the ADA. The mapping approach is based on the aggregation of factors such as climatic aggressiveness, soil erodibility, topography, soil cover and anti-erosion practices from the Revised Universal Soil Loss Equation (RUSLE). The exploitation of these data reveals that soil loss in the ADA oscillates between a minimum value of 0 t/ha/year largely observable in the south of the lagoon system to a maximum value of 107.53 t/ha/year which concerns the plateau areas in the north. The average of this series of 0.48 t/ha/year translates into an overall low level of water erosion in the ADA over nearly 95% of the ADA territory. This soil degradation, which impacts human settlements induced by the morphology of the site, is amplified by human activities. In a context of rapid urban expansion linked to a remarkable demographic growth coupled with climatic uncertainties, development policies must better integrate sustainable soil management.

Published

2023

9. Review of the techniques and mechanisms for enhancing trust in internet of things for smart agriculture

Author

null Martin Otieno

Subjects

General Engineering, Trust, Smart agriculture, Threats, Vulnerabilities, Privacy

Abstract

Smart agriculture is an emerging technology that has been developed from innovative information technologies such as AI, IoT, ML, smart vehicles in order to maximize outputs while optimizing farm inputs for better production and profit. However, these innovations have several vulnerabilities, especially, given that most of agriculture is practiced in open fields, exposed to harsh, unprotected environments. Studies have been conducted on its security issues and how to mitigate the threats from the vulnerabilities along with some studies in data privacy in smart agriculture. However, studies on trust issues of farmers on these technologies are absent. This paper looks at the security issues and how they impact on farmers’ trust on these technologies. It finally offers direction on hoe to enhance their trust on the smart farming technologies.&nbsp

Published

2023

10. Gender vulnerabilities in low-carbon energy transitions: A conceptual review

Author

Sadiqua, Ayesha, Sahrakorpi, Tiia, Keppo, Ilkka, LUT University, Energy Conversion and Systems, Department of Mechanical Engineering, Aalto-yliopisto, and Aalto University

Subjects

Low-carbon energy transitions, Vulnerabilities, Gender, Conceptual literature review, Land-use, Policies

Abstract

Low carbon energy transitions are of paramount importance to achieve climate goals. These transitions are not only technical and economical, but also deeply social and gendered. In this paper, we reviewed the academic literature to understand: firstly, what gender vulnerabilities have been discussed in the literature and how they have been embedded in structural dynamics. Secondly, what socio-cultural and socio-economic drivers may lead to these gendered vulnerabilities? Based on content analysis, four key themes emerged from this literature survey: land use change, gender-neutral energy policies, access to resources, and green practices, gender, and culture. These four themes indicate that there are several enabling mechanisms arising from social and structural inequalities, indicative that vulnerabilities ought not to be considered in isolation, but in relationship with others. We also explored dimensions of vulnerability (exposure, sensitivity, adaptative capacity) based on Carley et al (2018 Nat. Energy 3621-7) to contextualise components of vulnerability in relation to gender. The main finding suggests considering further intersectional approaches to low carbon energy transitions, emphasising acknowledging, and lessening societal inequalities.

Published

2023

11. Concepts of Cyber Security

Author

Shterev, Yordan

Subjects

Cyberattacks, OSI Model, Vulnerabilities, Threats, Concepts of Cybersecurity

Abstract

This article summarizes, presents and develops technological concepts of cybersecurity according to the current state of the problem. Based on the OSI model, the main protocols used for it and hardware devices on the one hand, and the main vulnerabilities and threats on the other, the current protections against cyberattacks have been revealed.

Published

2022

12. COVID-19, SDGs and public health systems: Linkages in Brazil

Author

Flavio Martins, Anna Lima, Loan Diep, Luciana Cezarino, Lara Liboni, Rita Tostes, and Priti Parikh

Subjects

Settore SECS-P/07 - Economia Aziendale, Health Policy, Sustainable Development Goals, Vulnerabilities, COVID-19, Brazil, Health policy, Health services, Settore SECS-P/08 - Economia e Gestione delle Imprese

Published

2023

13. Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract

Author

Satpal Singh Kushwaha, Sandeep Joshi, Dilbag Singh, Manjit Kaur, and Heung-No Lee

Subjects

Blockchain, vulnerabilities, General Computer Science, decentralized, ethereum, security analysis tool, General Engineering, General Materials Science, Electrical engineering. Electronics. Nuclear engineering, smart contract, TK1-9971

Abstract

Blockchain is a revolutionary technology that enables users to communicate in a trust-less manner. It revolutionizes the modes of business between organizations without the need for a trusted third party. It is a distributed ledger technology based on a decentralized peer-to-peer (P2P) network. It enables users to store data globally on thousands of computers in an immutable format and empowers users to deploy small pieces of programs known as smart contracts. The blockchain-based smart contract enables auto enforcement of the agreed terms between two untrusted parties. There are several security vulnerabilities in Ethereum blockchain-based smart contracts, due to which sometimes it does not behave as intended. Because a smart contract can hold millions of dollars as cryptocurrency, so these security vulnerabilities can lead to disastrous losses. In this paper, a systematic review of the security vulnerabilities in the Ethereum blockchain is presented. The main objective is to discuss Ethereum smart contract security vulnerabilities, detection tools, real life attacks and preventive mechanisms. Comparisons are drawn among the Ethereum smart contract analysis tools by considering various features. From the extensive depth review, various issues associated with the Ethereum blockchain-based smart contract are highlighted. Finally, various future directions are also discussed in the field of the Ethereum blockchain-based smart contract that can help the researchers to set the directions for future research in this domain.

Published

2022

14. The Cybersecurity in Conditions of the Digital Transformation

Author

V. A. Artamonov and E. V. Artamonova

Subjects

assessments, cyberspace, vulnerabilities, cybersecurity, ict safety, owners, intruders, Information technology, assets, cybersecurity threats, T58.5-58.64, security policy, digital transformation, guidelines, information and communication technologies (ict), risks

Abstract

The paper deals with the issues of cybersecurity in the conditions of digital transformation and the development of society. The authors define cybersecurity and cyberspace by following international practice and IT standardization. According to the ISO/IEC 27032 standard, the cybersecurity position concerning other security domains is defined. Based on the best practices of IT international standards, the authors have considered the current aspects of cybersecurity threats, both external and internal. Considering the results of global statistical research, the authors have identified the current threats to digital transformation in organizations. The paper deals with guidelines to reducing the risks from losses of dangerous cyberattacks.

Published

2022

15. ‘Leather on leather’: men with homosexual practices and HIV prevention in the Recife Metropolitan Region

Author

Rios, Luís Felipe, Adrião, Karla Galvão, Albuquerque, Amanda, and Pereira, Amanda França

Subjects

HSH, Sexual practices, Vulnerabilidade, Prevenção combinada, Prevention, Vulnerabilities, HIV/AIDS, MSM, Combined prevention, Prevenção, Práticas sexuais

Abstract

RESUMO O texto aborda as práticas sexuais e a prevenção do HIV nos circuitos de Homens que fazem Sexo com Homens (HSH) da Região Metropolitana do Recife, embasados em inquérito comportamental com 380 HSH de idade de 18 a 51 anos, e entrevistas com 20 dos respondentes. Os dados analisados foram coletados entre janeiro de 2016 e fevereiro de 2017, quando a Profilaxia Pré-Exposição (PrEP) ainda não estava disponível e a Profilaxia Pós-Exposição (PEP) era pouco conhecida (51,8%) e utilizada (1,3%). O Sexo Anal Desprotegido (SAD) (50,6% em parcerias fixas, 30,2% em casuais) ocorria, geralmente, com parceiros presumidamente negativos para HIV. As sorologias eram inferidas pelos vínculos (estranho, conhecido, amigo, namorado). As emoções (medo, tesão, amor, confiança, nojo, carência) eram importantes na configuração do SAD, normalmente articuladas às vinculações. Observaram-se regimes de prazer dissidentes da heteronormatividade: boca-ânus e boca-pênis; sexo a três e em grupo. Considerando a forte presença de SAD e a alta prevalência de HIV em Recife (21,5%), constatou-se a necessidade de ações educativas que apresentem técnicas da prevenção combinada (camisinha, PrEP, PEP, soroescolha, segurança negociada etc.) mediante narrativas que incorporem vínculos, emoções e regimes de prazer dissidentes, para que, ao se aproximarem dos contextos de usos, possibilitem escolhas mais seguras. ABSTRACT In this text we address sexual practices and HIV prevention in the circuits of men who have sex with men (MSM) in the Metropolitan Region of Recife (RMR), based on a behavioral survey with 380 MSM, aged between 18 and 51 years, and interviews with 20 of the respondents. The analyzed data were collected between January 2016 and February 2017, when Pre-Exposure Prophylaxis (PrEP) was not yet available and Post-Exposure Prophylaxis (PEP) was little known (51%) and used (1.3%). Unprotected Anal Sex (UAS) (50.6% in steady partners, 30.2% in casual partners) generally occurred between partners who were presumed to be HIV-negative. Serologies were inferred by ties (stranger, acquaintance, friend, boyfriend). Emotions (fear, lust, love, trust, disgust, neediness) were important in UAS configuration, almost always linked to attachments. We observed dissident pleasure regimes of heteronormativity: mouth-anus and mouth-penis; threesome and group sex. Considering the strong presence of UAS and the high prevalence of HIV in Recife (21.5%), we found the need for educational actions that introduce combined prevention techniques (condoms, PrEP, PEP, serochoice, negotiated safety etc.) through narratives that incorporate dissident bonds, emotions, and pleasure regimes, so that, when approaching the contexts of use, they enable safer choices.

Published

2023

16. Machine Learning Techniques to Combat Security Threats in Social Internet of Things

Author

Sunitha, R., Chandrika, J., and Pavithra, H. C.

Subjects

Machine Learning, Artificial Neural Network, Social Internet of Things, Vulnerabilities, Threats

Abstract

A new IoT archetype in which items can create social relationships with one another based on user preferences, resulting in a social platform is known as the Social Internet of Things (SIoT). Machines and gadgets in almost any commercial enterprise may be linked and programmed to offer facts to cloud apps and return end the usage of mobile networks. The act of securing net gadgets and the networks to which they're linked from threats and breaches is referred to as protection inside the Social Internet of Things. Identifying, protecting, and tracking threats, in addition to supporting the restoration of vulnerabilities from some of the technology which could constitute protection hazards, are all methods to offer protection. The blessings of SIoT are apparent, however high-profile assaults, blended with uncertainties regarding approximately protecting good practices and their associated costs, are deterring many companies from imposing it. Here, we are surveying a few machine-learning solutions that address the problem of social internet of things security. Any enterprise trying to secure SIoT devices on a more scalable and efficient basis with automation and aberrant behavior detection can benefit from machine learning. The performance of various machine learning algorithms and tools like Decision Tree (DT), Naive Bayes (NB), K-Nearest Neighbors (KNN), and Artificial Neural Networks (ANN), etc., in discovering the vulnerabilities and threats in SIoT is discussed here.

Published

2023

17. An overview of educational vulnerabilities in Brazil

Author

Prof. Walace Rodrigues (PhD)

Subjects

Public schools, Vulnerabilities, Brazil, Education

Abstract

This paper seeks to show an overview of Brazilian educational vulnerabilities that we can find at public schools all over the country, but mainly in poor areas. Our approach is a bibliographical one and our analysis is a qualitative and quantitative one. The results of this paper confirm, with the use of many authors' works, that educational vulnerabilities in Brazil are thought of as a mechanism of power to keep the poor population illiterate for the political benefit of some candidates in the elections and the business elite of the country. There is no interest of the very influential and rich people in Brazil to have a more equal country to all, as the poor people still serve as manoeuvrer mass to their interests., {"references":["W. RODRIGUES. Construindo o conceito de vulnerabilidade educacional. Revista Panorâmica OnLine. Barra do Garças – MT, vol. 24, 151-160, jan./jun. 2018a","W. RODRIGUES. Pensando Relações entre Educação Popular e Vulnerabilidade Educacional. Cadernos de Pesquisa: Pensamento Educacional. Curitiba, v. 13, n. 33, p. 287-298 jan./apr. 2018","CENPEC. Centro de Estudos e Pesquisas em Educação, Cultura e Ação Comunitária. Educação em territórios de alta vulnerabilidade social na metrópole.Síntese das conclusões. São Paulo, 1-33, 2011.","G. DUARTE. Auditoria aponta mais de 2 milhões de crianças fora das salas de aula. G1 – Educação. From 29th jan. 2018. Available at: . Access date: 18th dec. 2018.","A. M. BARBOSA. Arte-educação pós-colonialista no Brasil: aprendizagem triangular. Comunicação e Educação,São Paulo, (21), 59-64, jan./apr. 1995.","A. SEN. Social exclusion: Concept, application, and scrutiny. Social Development, Papers No. 1. (Office of Environment and Social Development, Asian Development Bank, June 2000)","SOUZA, Jessé. Ralé brasileira: quem é e como vive. (Belo Horizonte: Editora UFMG, 2009)."]}

Published

2023

18. The role of equipment vendors in 5G network security

Author

Matić, Katarina and Groš, Stjepan

Subjects

China, Huawei, network slice, vulnerabilities, threats, virtualizacija, ranjivosti, TECHNICAL SCIENCES. Computing. Information Systems, virtualization, Kina, TECHNICAL SCIENCES. Electrical Engineering. Electronics, TEHNIČKE ZNANOSTI. Računarstvo. Informacijski sustavi, radio pristupna mreža, prijetnje, Ericsson, jezgrena mreža, TEHNIČKE ZNANOSTI. Elektrotehnika. Elektronika, Nokia, rizici, radio access network, dijeljenje mrežnih resursa, Toolbox, core network, risks, 5G

Abstract

Karakteristike pete generacije mobilnih mreža (5G) i zabrana korištenja opreme kineskih dobavljača u Australiji, Japanu, SAD-u i drugim zemljama bili su motivirajući faktori za proučavanje utjecaja dobavljača opreme na sigurnost 5G mreže i pisanje ovog rada. Opremu kineskih dobavljača sve veći broj zemalja smatra visokorizičnom pa je tako i u Europskoj Uniji preporuka izbjegavati njenu uporabu jer može ugroziti sigurnost 5G mreže. Utjecaj Kine na kineske tvrtke je značajan, zakonom je propisano osnivanje organizacije Komunističke partije i provođenje nadzora u tvrtkama te dostava zatraženih informacija. Huawei je najveći kineski dobavljač 5G opreme i iako se nastoji prilagoditi sigurnosnim zahtjevima zapadnih zemalja i mnogo ulaže u razvoj i sigurnost svoje opreme i usluga, podliježe kineskim zakonima i smatra se visokorizičnim. Cilj rada je opisati 5G tehnologiju, 5G sigurnosnu arhitekturu, vodeće dobavljače opreme s naglaskom na one visokorizične te mjere koje bi operatori trebali uzeti u obzir kod odabira dobavljača, s ciljem očuvanja povjerljivosti, cjelovitosti i dostupnosti podataka u prijenosu, obradi i pohrani. Ključne riječi: 5G, jezgrena mreža, radio pristupna mreža, virtualizacija, dijeljenje mrežnih resursa, ranjivosti, prijetnje, rizici, Kina, Toolbox, Huawei, Ericsson, Nokia Fifth-generation mobile networks (5G) characteristics and the ban on the use of Chinese suppliers equipment in Australia, Japan, USA and other countries were motivating factors for studying the influence of equipment suppliers on 5G network security and writing this paper. An increasing number of countries considers Chinese suppliers equipment high-risk. EU recommends avoiding its use in its Member States as it can endanger 5G network security. The influence of China on Chinese companies is significant, the law prescribes the establishment of the Communist Party, carrying out supervision in companies and delivery of requested information. Huawei is China's largest 5G equipment supplier and although it strives to adapt to the security requirements of Western countries and invests heavily in the development and security of its equipment and services, it is subject to Chinese laws and is considered high-risk. The aim of the work is to describe 5G technology, 5G security architecture, leading equipment suppliers with an emphasis on high-risk ones and measures operators should take into account when choosing suppliers, with the aim of maintaining the confidentiality, integrity and availability of data while stored, processed and handled. Key words: 5G, core network, radio access network, virtualization, network slice, vulnerabilities, threats, risks, China, Toolbox, Huawei, Ericsson, Nokia

Published

2023

19. Análisis de ciberseguridad en plataformas e-learning: revisión sistemática de la literatura

Author

Pillajo Garcia, Paola Alexandra and Avila Pesantez, Diego

Subjects

E-Learning Platforms, Vulnerabilities, Cybersecurity, Attacks, Attacks, CybersecuritSystematic Literature Review

Abstract

Cybersecurity analysis of e-learning platforms is critical because they store and transmit sensitive and confidential information, such as personal data of students and teachers, grades and test results, and academic documents. In addition, e-learning platforms are often used to conduct online learning activities, which can increase the risk of disruptions and technical problems if not properly managed. The paper aims to perform a systematic literature review of cybersecurity issues in Moodle, Blackboard, and Microsoft Teams e-learning platforms using the protocol defined by Kitchenham from 2016 to 2022. The results detail some measures, including data encryption, more robust user authentication, software upgrades, and security policies that mitigate threats in these learning environments., El análisis de ciberseguridad en plataformas e-learning es importante porque almacenan y transmiten información confidencial y sensible, como datos personales de estudiantes y profesores, calificaciones y resultados de exámenes, y documentos académicos. Además, las plataformas e-learning a menudo se utilizan para llevar a cabo actividades de aprendizaje en línea, lo que puede aumentar el riesgo de interrupciones y problemas técnicos si no se gestionan adecuadamente. El objetivo del trabajo es realizar una revisión sistemática de la literatura de los problemas de ciberseguridad en las plataformas e-learning de Moodle, Blackboard y Microsoft Teams, utilizando el protocolo definido por Kitchenham, en el período 2016 hasta 2022. Como resultados se detallan algunas medias que incluyen la encriptación de datos, autenticación de usuarios más robusta, actualización del software y políticas de seguridad, que mitiguen las amenazas en estos entornos de aprendizaje.

Published

2023

20. Vulnerabilidades y amenazas en los activos de información: una revisión sistemática

Author

Guevara-Vega, Evellyn Milles Duval, Delgado-Deza, Jose Ricardo, and Mendoza-de-los-Santos, Alberto Carlos

Subjects

information assets, threats, cryptography, vulnerabilities, vulnerabilidades, activo de la información, information security, amenazas, seguridad de la información, criptografía

Abstract

With the advancement of time and technology, the security that was previously protected has been affected by multiple attacks, which in a certain sense were thought to be minor but, nowadays, it is necessary for the data to be controlled. These assets will be implicated by vulnerabilities and threats, which in order to defend themselves will require the question of this systematic review: Is it important to identify vulnerabilities and threats in information assets? Therefore, our research objective is to locate those vulnerabilities and threats that affect information assets along with solutions. This search was achieved thanks to the reviews of articles published in bibliographic databases such as: Scopus, Scielo, IEEE Xplore, IOPScience, ScienceDirect, ResearchGate, World Wide Science, Dialnet, Semantic Scholar and Google Academy between the years 2017 to 2022. As a result, those vulnerabilities will be obtained along with their threats, highlighting malware as the main threat to the asset and cryptography solutions that will seek to improve information security. Con el avance del tiempo y la tecnología, la seguridad que antes se protegía se vio afectada por múltiples ataques, que en un cierto sentido se creía sin tanta importancia pero que, en la actualidad, es necesario que los datos estén controlados. Estos activos se verán implicados por vulnerabilidades y amenazas, que para poder defenderse será necesaria la pregunta de esta revisión sistemática: ¿Es importante identificar las vulnerabilidades y amenazas en los activos de información? Por lo tanto, nuestro objetivo de investigación es localizar aquellas vulnerabilidades y amenazas que afectan a los activos de información junto con soluciones. Esta búsqueda se logró gracias a las revisiones de artículos publicados en base de datos bibliográficos como: Scopus, Scielo, IEEE Xplore, IOPScience, ScienceDirect, ResearchGate, World Wide Science, Dialnet, Semantic Scholar y Google Academy comprendida entre los años 2017 a 2022. Como resultados se obtendrán aquellas vulnerabilidades junto con sus amenazas, destacando el malware como principal amenazador del activo y en soluciones la criptografía que buscará mejorar la seguridad de información.

Published

2023

21. An adaptive framework for combating advanced persistent threats

Author

Ade , Sandra Ngi, Agaji, Iorshase, and Ogala, Emmanuel

Subjects

Cyber-attacks, Data exfiltration, Dwell times, Vulnerabilities, Threats, Zero-day attacks

Abstract

Advanced persistent threats (APTs) pose a significant risk to nearly every organization. Due to the sophistication of these attacks, they can bypass existing security systems and largely infiltrate the target network. The prevention and detection of APT are challenging because attackers constantly change and evolve their attacking techniques and methods to stay undetected. As a result, APT often successfully compromises companies, organizations, or public authorities. This paper developed an adaptive security framework that continuously investigates the behavior of users of a network to protect it against threats. The framework constitutes of three main sections namely; Intrusion prevention, Intrusion detection, and Response to intrusions. The design model comprises the front end, middleware, and back end. The front end is implemented using HTML and Cascading Style Sheet (CSS) in Netbeans Integrated Development Environment (IDE) version 8.0.2. The middleware is implemented using Java Web of NetBeans IDE while the back end is implemented using MySQL server. The results show that the runtime security of the system is adapted according to the behavior patterns exhibited by the user hence, our system can detect zero-day attacks which signature-based intrusion detection systems cannot detect, thus protecting against these attacks. The work is recommended as a countermeasure against emerging persistent attacks.

Published

2023

22. Exploring the Security Implications of a Decentralized Internet : Vulnerabilities in Web3 and Blockchain-Based Networks

Author

Blondell, Erik

Subjects

Computer and Information Sciences, Blockchain, vulnerabilities, Web3, smart-contracts, sårbarheter, säkerhet, Data- och informationsvetenskap, security, smart contracts

Abstract

The internet has evolved from an information-based reading platform to a read-and-write platform which is dominated by a handful of organizations. This centralization has led to a movement suggesting a new shift using blockchain technology to create a decentralised internet. This study explores and describes such a system's security limitations and constraints. Also, the study intends to provide a basis for awareness of the development of decentralised networks. The study concludes that most of the attacks are a result of a central authority. This situation leaves significant standardization decisions to individual developers. It also makes the new decentralised solutions heavily rely on external parties for intensive processes. This leads to opportunities for attacks and exploitation. Internet har utvecklats från en informationsbaserad läsplattform till en läs- och skrivplattform som domineras av en handfull organisationer. Denna centralisering har lett till en rörelse som föreslår ett nytt skifte med blockchain-teknik för att skapa ett decentraliserat internet. Denna studie undersöker och beskriver ett sådant systems säkerhetsbegränsningar. Studien avser också att ge en grund för medvetenhet om utvecklingen av decentraliserade nätverk. Studien drar slutsatsen att de flesta attackerna är ett resultat av en central auktoritet. Denna situation lämnar betydande standardiseringsbeslut till enskilda utvecklare. Det gör också att de nya decentraliserade lösningarna är starkt beroende av externa parter för intensiva processer. Detta leder till möjligheter till attacker och utnyttjning av resurser.

Published

2023

23. Journal of Systems and Software / A model-based mode-switching framework based on security vulnerability scores

Author

Riegler, Michael, Sametinger, Johannes, Vierhauser, Michael, and Wimmer, Manuel

Subjects

Resilience, Security, Vulnerabilities, Mode switching, Domain-specific languages

Abstract

Software vulnerabilities can affect critical systems within an organization impacting processes, workflows, privacy, and safety. When a software vulnerability becomes known, affected systems are at risk until appropriate updates become available and eventually deployed. This period can last from a few days to several months, during which attackers can develop exploits and take advantage of the vulnerability. It is tedious and time-consuming to keep track of vulnerabilities manually and perform necessary actions to shut down, update, or modify systems. Vulnerabilities affect system components, such as a web server, but sometimes only target specific versions or component combinations. In this paper, we propose a novel approach for automated mode switching of software systems to support system administrators in dealing with vulnerabilities and reducing the risk of exposure. We rely on model-driven techniques and use a multi-modal architecture to react to discovered vulnerabilities and provide automated contingency support. We have developed a dedicated domain-specific language to describe potential mitigation as mode switches. We have evaluated our approach with a web server case study, analyzing historical vulnerability data. Based on the vulnerabilities scores sum, we demonstrated that switching to less vulnerable modes reduced the attack surface in 98.9% of the analyzed time. Version of record

Published

2023

24. Integration of Occupational Exposure into the Exposome

Author

Viel, Jean-François, Bonvallot, Nathalie, Dab, William, École des Hautes Études en Santé Publique [EHESP] (EHESP), Institut de recherche en santé, environnement et travail (Irset), Université d'Angers (UA)-Université de Rennes (UR)-École des Hautes Études en Santé Publique [EHESP] (EHESP)-Institut National de la Santé et de la Recherche Médicale (INSERM)-Structure Fédérative de Recherche en Biologie et Santé de Rennes ( Biosit : Biologie - Santé - Innovation Technologique ), and Département des sciences en santé environnementale (DEESSE)

Subjects

Exposome, Occupational health, Eco-exposome, Worksome, Temporality, Epidemiology, [SDE]Environmental Sciences, Vulnerabilities, [SDV.SPEE]Life Sciences [q-bio]/Santé publique et épidémiologie, Internal exposome, Risk assessment

Abstract

International audience; The exposome concept was proposed to improve the reliability of exposure data for a better understanding of the etiology of chronic diseases. Designed to tackle three issues, namely the multiplicity, temporality, and variability of environmental exposure, the exposome concept is operationalized through a broad array of methodologies and tools. In this chapter, we first address the internal chemical exposome from the point of view of the intense development of bioanalytical technologies, which are briefly reviewed. Despite major advances in this field, the measurement of internal chemical exposure is still unable to provide an overall view of human exposure. Then, we describe how the eco-exposome complements the internal chemical exposome by considering physical exposure and social determinants. We show how new tools and methods deployed for exposome measurement can be applied in the field of occupational health (worksome). Finally, we present the main challenges to the better operationalization of the worksome concept.

Published

2023

25. Evaluating Vulnerabilities and Misconfigurations in Software Using ChatGPT

Author

Jaindl, Julian

Subjects

Artificial Intelligence, ChatGPT, Software Security, Static Code Analysis, Vulnerabilities

Abstract

The spread of usage of Artificial Intelligence (AI) tools is increasing steadily. There isnearly no part of people’s daily or business life which may not be affected by AI in thefuture. John McCarthy defined the term AI as ’the science and engineering of makingintelligent machines, especially intelligent computer programs’ (cf. McCarthy, 2004).The release of ChatGPT, a language model developed by OpenAI in 2022 marks acorner stone in the development of artificial intelligence (OpenAI, 2021). The AI plat-form has been used as co-author in scientific papers as well as in software development.Software is evolving steadily, with rising complexity (cf. OWASP, 2022). This leadsto the fact that measures to mitigate software vulnerabilities are essential for everysoftware company.In software development, both manual and automated procedures are conventionallyemployed. Manual procedures, including code reviews, necessitate human effort andare susceptible to errors, thereby detecting only approximately half of the faults (cf.Nelson & Schumann, 2004).Big technology companies, for instance Google, are using automated software qual-ity tools like FindBugs. Nevertheless, the bug list of FindBugs often contains false-positives which requires additional manual steps (cf. Ayewah et al., 2007).Therefore, the usage of ChatGPT as an evaluation tool for software and configura-tion files for finding bugs and proposing fixes can have a positive impact on softwaredevelopment in general.Currently, there is no research on how ChatGPT can be utilized in static code analysis.The objective of this study is to evaluate existing traditional static code analysis toolsusing a prototype developed in-house. In addition, the code analysis will be performedusing ChatGPT, and an attempt is made to integrate this process into a ContinuousIntegration/Continuous Delivery (CI/CD) pipeline. The results obtained from the pro-totype and ChatGPT are compared to each other.The results indicate that ChatGPT outperforms traditional static code analysis tools incode analysis. Furthermore, its integration into a CI/CD pipeline is feasible withoutany major issues. Abweichender Titel laut Übersetzung von der:dem Verfasser:in Masterarbeit FH JOANNEUM 2023

Published

2023

26. Improving android application quality through extendable, automated security testing

Author

Nuno Realista, Francisco Palma, Carlos Serrão, Luís Nunes, Ana Almeida, Kevin Daimi, Abeer Alsadoon, Cathryn Peoples, and Nour El Madhoun

Subjects

Android, Segurança -- Security, Testing, Vulnerabilities, Developers, App stores, Quality

Abstract

Users trust their most sensitive data to their mobile devices and installed applications. These applications continuously collect information about users and their interactions and store that data locally or share it over the network. App stores provide these applications for the user devices and act as trust gateways between the application developers and the end-users, providing the needed assurance to the user that the application to be installed can be trusted. However, this process is far from ideal, mainly because app stores usually validate developed applications submitted against antivirus and antimalware scrutiny but do not look at applications from a holistic security perspective. This chapter proposes, specifies, and tests a system developed to improve Android applications' security. This system is based on the automated testing of submitted apps and identifying potential security vulnerabilities to improve the apps development process, resulting in the overall improvement of the app ecosystem security both on the app stores and on the end user's devices. The source code of the system is available through a GitHub repository for public contribution. info:eu-repo/semantics/acceptedVersion

Published

2023

27. SOCIAL AND PSYCHOLOGICAL CORRELATES OF THE MAJOR SOURCES OF DISCOMFORT PERCEIVED BY STUDENTS IN THE COVID-19 PANDEMIC: AN EXPLORATORY STUDY ON A ROMANIAN SAMPLE

Author

ÉVA KÁLLAY and SEBASTIAN PINTEA

Subjects

vulnerabilities, students, covid-19 pandemic, psychological discomfort, Psychology, Education, BF1-990

Abstract

The COVID-19 pandemic has a significant impact on the physical and psychological functioning of the entire world's population. Our study has had three major aims: (1) to identify the major sources of discomfort related to COVID-19 pandemic in third year psychology students, (2) to establish a hierarchy of the major sources of discomfort, and (3) to identify possible vulnerabilities for different sources of discomfort. We used a cross-sectional study to explore more accurately the individual reactions and possible vulnerabilities, also including open-ended questions to explore perceived sources of discomfort. Our study included 289 third-year psychology students from Babe -Bolyai University in Cluj-Napoca, Romania (M=24.39 years, SD=7.12). All participants were assessed regarding their levels of: depression, narcissistic traits, perfectionism, perceived stress, self-esteem, intolerance of uncertainty, subjective well-being, and emotion regulation strategies. Our results indicate significant gender and age differences: male participants reported mobility restrictions as a source of discomfort more frequently than female participants, and younger students are less concerned with restrictions regarding social relations, while older students report less emotional problems and less concern with educational problems. Students living in urban areas report less emotional problems than students from rural areas. The results generated by our research point out certain social and psychological vulnerabilities for each perceived source of discomfort (emotion-regulation strategies, perfectionism, narcissism), can bring a valuable input in counselling and therapy for individuals who are maximally affected by the pandemic of COVID-19.

Published

2021

28. Can Physical, Psychological, and Social Vulnerabilities Predict Ageism?

Author

Lea Zanbar, Sagit Lev, and Yifat Faran

Subjects

ageism, vulnerabilities, well-being, post-traumatic distress, social support, Health, Toxicology and Mutagenesis, Public Health, Environmental and Occupational Health

Abstract

Ageism can be expressed as the discrimination, social exclusion, and even abuse of older adults. The literature suggests that certain vulnerabilities could be risk factors affecting people’s ageism. Based on the Social Identity Theory, the present study aimed to examine the association of physical/psychological and social vulnerabilities with ageism. The sample consisted of 200 Israelis from the general population who completed self-report questionnaires. Hierarchical regression indicated that low well-being, high post-traumatic distress, and limited social support were associated with ageism. Furthermore, the association of post-traumatic distress with ageism increased with age. The findings expand the knowledge of vulnerabilities as risk factors for ageism, perhaps reflecting its unconscious nature, and can assist in designing interventions for people interacting with older adults.

Published

2022

29. On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Author

Sara Palacios Chavarro, Pantaleone Nespoli, Daniel Díaz-López, and Yury Niño Roa

Subjects

Artificial Intelligence, security chaos engineering, attack trees, cloud managed services, vulnerabilities, Computer Science Applications, Information Systems, Management Information Systems

Abstract

Software is behind the technological solutions that deliver many services to our society, which means that software security should not be considered a desirable feature anymore but more of a necessity. Protection of software is an endless labor that includes the improvement of security controls but also the understanding of the sources that induce incidents, which in many cases are due to bad implementation or assumptions of controls. As traditional methods may not be efficient in detecting those security assumptions, novel alternatives must be attempted. In this sense, Security Chaos Engineering (SCE) becomes an innovative methodology based on the definition of a steady state, a hypothesis, experiments, and metrics, which allow to identify failing components and ultimately protect assets under cyber risk scenarios. As an extension of a previous work, this paper presents ChaosXploit, an SCE-powered framework that employs a knowledge database, composed of attack trees, to expose vulnerabilities that exist in a software solution that has been previously defined as a target. The use of ChaosXploit may be part of a defensive security strategy to detect and correct software misconfigurations at an early stage. Finally, different experiments are described and executed to validate the feasibility of ChaosXploit in terms of auditing the security of cloud-managed services, i.e., Amazon buckets, which may be prone to misconfigurations and, consequently, targeted by potential cyberattacks.

Published

2022

30. Sexual health promotion: challenges in the university scenario and strategies for dealing with risk behaviors

Author

Trindade, Angélica Vasconcellos, Kocourek, Sheila, Kleinubing, Raquel Einloft, Mortari, Elisangela Carlosso Machado, and Souza, Martha Helena Teixeira de

Subjects

CIENCIAS SOCIAIS APLICADAS::ADMINISTRACAO::ADMINISTRACAO PUBLICA [CNPQ], Sexualidade, IST’s, Vulnerabilities, Sexually transmitted infections, Estudantes universitários, Sexuality, Vulnerabilidades, University students

Abstract

Health promotion consists of activities aimed at transforming individuals' behavior, focusing on their life habits. Entering a university represents an important rite of passage in young people's lives, potentially associated with vulnerabilities. Among them, STIs continue to represent a public health problem worldwide, directly impacting public health policies for the population. Discussing the inherent characteristics of the young public is relevant, considering that the understanding of their sexual experiences makes it possible to know the consequences of their sexual health and their risk behavior. The objective of this study is to analyze how university students experience their sexual and reproductive practice and propose strategies to promote sexual and reproductive health. Quantitative, field research, with an exploratory descriptive character. Data collection took place from March to May 2022 through the questionnaire Survey of knowledge, attitudes and practices in the Brazilian population, from the Ministry of Health, applied to students online, through the Student Portal of the educational institution higher. Among the 1166 participants, the majority were undergraduates (85.85%) female (n=691), aged between 20 and 24 years (62.18%), white or white (77.87%). Descriptive data were grouped into three categories, namely: sexual behavior and reproductive factors; sexual education as a promotion of care; knowledge about the transmission, cure and treatment of some diseases; and the role of the Health Care Network and Higher Education Institutions in health education. As a tool to disseminate the results of this research, an infographic called “you are the protagonist of your health!” was proposed. It is expected that, with the help of the data and product developed in this study, the students' demands can be accommodated, in a perspective of strengthening the approximation of education with health, envisioning educational actions that can impact the promotion and prevention of the university population. A promoção da saúde se constitui nas atividades dirigidas à transformação de comportamentos dos indivíduos, focando nos seus hábitos de vida. O ingresso na universidade representa um rito de passagem importante na vida dos jovens, com potencial associação a vulnerabilidades. Dentre elas, as IST’s seguem representando um problema de saúde pública em todo o mundo, impactando diretamente nas políticas públicas de saúde da população. Discutir as características inerentes ao público jovem é relevante, considerando que o entendimento de suas experiências sexuais possibilita conhecer os reflexos de sua saúde sexual e seu comportamento de risco. O objetivo deste estudo é analisar como os estudantes universitários vivenciam a sua prática sexual e reprodutiva e propor estratégias de promoção da saúde sexual e reprodutiva. Pesquisa quantitativa, de campo, de caráter descritivo exploratório. A coleta de dados ocorreu no período de março a maio de 2022 meio do questionário Pesquisa de conhecimento, atitudes e práticas na população brasileira, do Ministério da Saúde, aplicado aos estudantes de forma online, por meio do Portal do aluno da instituição de ensino superior. Dentre os 1166 participantes, a maioria era graduando (85,85%) do gênero feminino (n=691), com idades entre 20 a 24 anos (62,18%), cor ou raça branca (77,87%). Os dados descritivos foram agrupados em três categorias, quais sejam: comportamento sexual e fatores reprodutivos; educação sexual como promoção do cuidado; conhecimento acerca de transmissão, cura e tratamento de algumas doenças; e papel da Rede de Atenção à Saúde e Instituições de Ensino Superior na educação em saúde. Como ferramenta para difundir os resultados desta pesquisa propôs-se um infográfico denominado “você é o protagonista da sua saúde!”. Espera-se que, com o auxílio dos dados e produto desenvolvido neste estudo, se possa acolher as demandas dos estudantes, numa perspectiva de fortalecer a aproximação da educação com a saúde, vislumbrando ações educativas que possam impactar na promoção e prevenção da população universitária.

Published

2022

31. Prevention and care of risks and emergencies in the residential sector

Author

Vásquez Hernández, César Leonardo, Duque López, José Octavio, and Isaza, Jorge

Subjects

AUXILIO EN DESASTRES, Gestión del riesgo, Manejo de emergencias, Sector residencial, Vulnerabilidades, Risk management, Residential sector, Amenazas, ADMINISTRACION DE RIESGOS, Security, Vulnerabilities, Emergency management, Threats, Seguridad

Abstract

Los desastres naturales, efectos del cambio climático, problemáticas sociales, delincuencia, incumplimientos a normatividad de infraestructura y la misma cultura humana, entre otros, son algunos factores que generan realidades de emergencia y crisis en la sociedad actual en Colombia. Por este motivo, el Estado colombiano y el sector empresarial privado han hecho grandes esfuerzos para enfrentar estas situaciones de tal manera que se atiendan desde la prevención, durante el evento y recuperación posterior en el menor tiempo posible, manteniendo el control ante el riesgo en el sector público y empresarial. Sin embargo, han sido pocos lideres que se han preocupado por extender planes de contingencia para el sector residencial involucrando factores socioeconómicos en relación con la toma de decisiones, limitando así la ejecución de dichos planes en los estratos bajos de Bogotá, donde la vulnerabilidad es mayor. Es por esto que el presente trabajo pretende identificar las necesidades de un sector residencial de la ciudad de Bogotá, dando consigo una entrega de una herramienta que les permita a sus habitantes mejorar la calidad de vida generando cultura de seguridad, autocuidado y progreso social. Natural disasters, the effects of climate change, social problems, crime, non-compliance with infrastructure regulations, and human culture itself, among others, are some of the factors that generate emergency and crisis realities in today's society in Colombia. For this reason, the Colombian State and the private business sector have made great efforts to face these situations in such a way that they are addressed through prevention, during the event and subsequent recovery in the shortest possible time, maintaining control over the risk in the public and business sector. However, there have been few leaders who have been concerned about extending contingency plans for the residential sector involving socioeconomic factors in relation to decision-making, thus limiting the implementation of such plans in the lower strata of Bogota, where vulnerability is higher. This is why the present work aims to identify the needs of the residential sector of the city of Bogota, providing a tool that allows its inhabitants to improve their quality of life by generating a culture of safety, self-ca,re and social progress. Especialización

Published

2022

32. La hiérarchie des vulnérabilités d’une politique d’expulsion des bidonvilles : le rôle du genre dans les mises à l’abri

Author

Caseau, Anne-Cécile

Subjects

vulnerabilities, rapports de genre, eviction, vulnérabilités, bidonvilles, gender relations, expulsion, slums

Abstract

Cet article propose de saisir l’échelle des vulnérabilités mise en place par l’État dans sa gestion des bidonvilles et des personnes migrantes qui y vivent, et de questionner la place de l’ordre du genre dans cette hiérarchisation. L’analyse s’appuie sur une ethnographie de huit mois dans un bidonville de Seine-Saint-Denis réalisée en 2018, et l’observation participante de l’expulsion de ce dernier fin octobre 2018. L’accès difficile à l’hébergement d’urgence des habitant·es de ce bidonville le jour de l’expulsion doit se comprendre dans l’imbrication de la stigmatisation et un traitement différentiel de ceux et celles perçu·es comme Roms, et de l’ordre du genre. La reconnaissance de la vulnérabilité s’organise autour du principe des « femmes et des enfants d’abord » (Fassin et Rechtman, 2007) : le système de genre attribue plus de responsabilités parentales aux femmes, et par la volonté de protéger l’enfant, on protège aussi les femmes qui s’en occupent. This article seeks to understand the scale of vulnerabilities put in place by the State in its management of slums and the migrants who inhabit them, and to question how a gendered order plays into this hierarchy. The analysis is based on an eight-month-long ethnography in a Seine-Saint-Denis slum, realized in 2018, and the participation observation of this slum’s destruction at the end of October 2018. On the day of the eviction, the difficult access to emergency housing for the inhabitants of this slum must be understood in light of both the stigma and differential treatment of those perceived as Roma, and gender. The acknowledgment of vulnerability is organized around the principle of “women and children first” (Fassin and Rechtman, 2007): the gender system assigns more parental responsibilities to women, and through the desire to protect children, the State also protects the women who care for them.

Published

2022

33. Cybersecurity in Software Supply Chain And the role of SLTT Governance

Author

Garrett, Anrè

Subjects

Cybersecurity, Software Supply Chain, Vulnerabilities

Abstract

With rapidly expanding technologies and the explosive growth of IoT devices, the role of software in supply chains has increased tenfold over the past decade. Various reports have identified the vulnerabilities and threats to software supply chains, which mostly point to open-source software, issues of integrity, exploitation of the software supply chain process, and third- party risks. However, research needs to be more extensive when examining software supply chains with their many dependencies and the role of SLTT governance in mitigating risk. This study used qualitative research to collect data to analyze common trends, themes, gaps, and opportunities. In over 11 hours of interviews with participants from various software supply chain fields, the study examines vulnerabilities, threats, and challenges facing those responsible for software supply chains today. Commonalities identified include addressing weaknesses in human capital, processes, and SLTT governance, as well as limitations in funding and today's security architecture.

Published

2022

34. Vivre en centre d’hébergement collectif dans l’attente d’un « logement à soi » : les épreuves du provisoire et les enjeux dans la scolarisation des enfants issus de l’asile

Author

Geneviève Mottet

Subjects

vulnerabilities, schooling, provisoire, vulnérabilités, collective accommodation center, centre d’hébergement collectif, scolarisation, families, temporary, requérants d’asile, familles, asylum seekers

Abstract

Cet article étudie les épreuves auxquelles font face les familles requérantes d’asile ou réfugiées vivant en centre d’hébergement collectif (CHC) à Genève. L’objectif est de saisir les expériences et le vécu qu’ont ces familles de leur accueil dans un système d’hébergement institutionnel, de l’attente d’un logement ainsi que des déménagements successifs qui leur sont imposés. Les conditions de scolarisation des enfants de ces familles requérantes d’asile et réfugiées sont également au cœur de notre analyse dans la mesure où les conditions de vie en CHC, les déménagements successifs et les décisions des politiques migratoires et éducatives impactent leur intégration scolaire. This article studies the hardships faced by families seeking asylum or refugees living in collective accommodation centers (CHC) in Geneva. The objective is to capture the experiences and experiences of these families of their reception in an institutional accommodation system, the wait for housing and the successive moves that are imposed on them. The schooling conditions of the children of these asylum-seeking and refugee families are also at the heart of our analysis insofar as the living conditions in the CHC, the successive moves and the decisions of the migration and educational policies have an impact on their school integration.

Published

2022

35. La (sur)vie en dehors des dispositifs d’hébergement institutionnel : exemples de débrouilles quotidiennes de familles exilées dans la Métropole bordelaise

Author

Sarah Marchiset

Subjects

alimentation, « chez-soi », vulnerabilities, capacité d’agir, food, agency, vulnérabilités, habitat, “home”, mobilité, housing, mobility

Abstract

Cet article se propose d’interroger de manière conjointe les vulnérabilités auxquelles sont confrontées des familles exilées vivant dans un squat de la métropole bordelaise, et les réponses formulées par ces dernières pour y faire face et se créer une place dans la société d’arrivée. À partir des trajectoires et des expériences quotidiennes de ces familles, l’accent sera mis sur les problématiques liées à la mobilité, l’habitat et l’alimentation, toutes trois au cœur des tensions entre contraintes et espaces de liberté, incarnées par ailleurs dans le couple vulnérabilité – agency (Butler, Gambetti, et Sabsay, 2016). En replaçant ces vulnérabilités à l’intérieur d’un contexte politique globalement inhospitalier à leur égard, nous verrons en quoi la création d’un « chez-soi » devient ainsi à la fois une urgence et un défi. This paper aims to jointly question the vulnerabilities faced by exiled families living in a squat, localised in the metropole of Bordeaux, and the ways they can cope and create a place for themselves in the society of arrival. Based on the trajectories and daily experiences of these families, the focus will be on issues related to mobility, housing and food, considering all three at the core of tensions between constraints and spaces of freedom, embodied in the relation between vulnerability and agency (Butler, Gambetti et Sabsay, 2016). By considering these vulnerabilities within a global inhospitable political context towards them, we will understand how creating “home” thus become both an emergency and a challenge.

Published

2022

36. Analysis of operational risks by land modality in Colombia: a look from the international standard BASC v5 - 2017

Author

Ovalle Gómez, Iván Camilo and Chaparro Firacative, José Carlos

Subjects

Cadena de suministros, Vulnerabilidades, Materialización, Materialization, Logistics, Controles de seguridad, Processes, Supply chain, Vulnerabilities, LOGISTICA EN LOS NEGOCIOS, ADMINISTRACION DE RIESGOS, Risk, Norma BASC V5, Security controls, BASC V5 standard, Procesos, Riesgo, Logística

Abstract

La cadena de suministro integra una visión holística en cuanto a conceptos de: transporte, transformación, logística, distribución, personal, entre otros, cada uno de estos incluye varios factores de riesgo y vulnerabilidades, por esto es crucial y de suma importancia contar con controles o requisitos de seguridad óptimos, con el fin de minimizar la probabilidad de materialización del riesgo. Se pueden evidenciar riesgos en cada uno de los procesos de la cadena de suministro, desde la primera etapa, hasta su etapa final, entre estos dos procesos mencionados anteriormente, existen muchos más, que pueden llegar a ser una fuente potencial generadora de riesgos. Es por esto que se deben implementar controles enfocados a la seguridad, para que el funcionamiento y desarrollo de la cadena de suministro no se vea alterado, desde la implementación de diversos requisitos aplicados a los terceros o asociados de negocio, controles de seguridad enfocados tanto en las unidades de carga, como también a las unidades encargadas de trasportar esta, de un punto de partida a un destino, junto con en los procesos relacionados con el personal. 1) Resumen. 2) Introducción. 3) Análisis de los riesgos operativos. 4) Controles. 5) Conclusiones. 6) Bibliografía. The supply chain integrates a holistic vision in terms of concepts of: transportation, transformation, logistics, distribution, personnel, among others, each of these includes various risk factors and vulnerabilities, for this reason it is crucial and extremely important to have controls. o optimal security requirements, in order to minimize the probability of the risk materializing. Risks can be evidenced in each of the processes of the supply chain, from the first stage, to its final stage, between these two processes mentioned above, there are many more, which can become a potential source of risk. For this reason, controls focused on security must be implemented, so that the operation and development of the supply chain is not altered, from the implementation of various requirements applied to third parties or business partners, security controls focused on both the cargo units, as well as the units in charge of transporting it, from a starting point to a destination, together with the processes related to personnel. Pregrado

Published

2022

37. A HOMEGROWN AND HYBRID HUMAN SECURITY APPROACH FOR THE EASTERN CARIBBEAN

Author

Hercules-Lambert, Vah T., Matei, Cristiana, Halladay, Carolyn C., and National Security Affairs (NSA)

Subjects

Caribbean Community security strategy, vulnerabilities, governance, human security, Eastern Caribbean, security strategy, Regional Security System, national security strategy, environmental security

Abstract

The Eastern Caribbean region faces chronic and pervasive structural, societal, and environmental vulnerabilities, but weak institutional and governance structures and one-dimensional security strategies fail to address these threats and adversely affect the people and overall security of the region. This thesis examines the concept of human security and how it can inform a multidimensional strategic thinking for Eastern Caribbean Regional Security System member states to address traditional and non-traditional threats. Case studies of Singapore and Sri Lanka, island states facing challenges akin to those of Eastern Caribbean microstates, provide insight on how human security concepts can translate to practical security policies. The analysis reveals that a statewide approach to good governance that addresses systemic causes of human insecurity has transformative and strengthening effects on human and state security; that the human security concept has practical applicability to national security, as demonstrated by Singapore’s longstanding, multidimensional “Total Defense” approach and that implementing sustainable approaches can reduce environmental vulnerabilities, adding value to state resources and overall security. This study concludes that incorporating human security factors into Eastern Caribbean planning could strengthen regional security by addressing pervasive and interconnected security threats, and mitigate potentially devastating consequences for the region. Civilian, Police Department, Grenada Approved for public release. Distribution is unlimited.

Published

2022

38. Security and privacy of IoT devices for aging in place

Author

Noel Khaemba, Issa Traoré, and Mohammad Mamun

Subjects

cloud storage, actuator system, vulnerabilities, Raspberry Pi, security, privacy, internet of things, Agetech IoT solution, machine learning, sensor, dataset, threat, mitigation strategy, ageing in place

Abstract

The rising cost of elderly living and care facilities prompts for other solutions for the elderly people where aging in place is one of the ways to solve this issue using emerging technologies centered around smart IoT devices. To ensure security and privacy for a smart home for aging in place, different aspects of the IoT devices have to be considered. This chapter seeks to provide a categorical review and analysis of age-tech IoT device technologies, and discuss the underlying security and privacy challenges and available solutions., Series: Engineering Cyber-Physical Systems and Critical Infrastructures (ECPSCI)

Published

2022

39. Living in the Dark: MQTT-Based Exploitation of IoT Security Vulnerabilities in ZigBee Networks for Smart Lighting Control

Author

Armstrong Nhlabatsi and Noon Hussein

Subjects

ZigBee, CoAP, MQTT, IoT, vulnerabilities, attacks, countermeasures, smart bulb, home automation, General Earth and Planetary Sciences, General Environmental Science

Abstract

The Internet of Things (IoT) has provided substantial enhancements to the communication of sensors, actuators, and their controllers, particularly in the field of home automation. Home automation is experiencing a huge rise in the proliferation of IoT devices such as smart bulbs, smart switches, and control gateways. However, the main challenge for such control systems is how to maximize security under limited resources such as low-processing power, low memory, low data rate, and low-bandwidth IoT networks. In order to address this challenge the adoption of IoT devices in automation has mandated the adoption of secure communication protocols to ensure that compromised key security objectives, such as confidentiality, integrity, and availability are addressed. In light of this, this work evaluates the feasibility of MQTT-based Denial of Service (DoS) attacks, Man-in-the-Middle (MitM), and masquerade attacks on a ZigBee network, an IoT standard used in wireless mesh networks. Performed through MQTT, the attacks extend to compromise neighboring Constrained Application Protocol (CoAP) nodes, a specialized service layer protocol for resource-constrained Internet devices. By demonstrating the attacks on an IKEA TRÅDFRI lighting system, the impact of exploiting ZigBee keys, the basis of ZigBee security, is shown. The reduction of vulnerabilities to prevent attacks is imperative for application developers in this domain. Two Intrusion Detection Systems (IDSs) are proposed to mitigate against the proposed attacks, followed by recommendations for solution providers to improve IoT firmware security. The main motivation and purpose of this work is to demonstrate that conventional attacks are feasible and practical in commercial home automation IoT devices, regardless of the manufacturer. Thus, the contribution to the state-of-the-art is the design of attacks that demonstrate how known vulnerabilities can be exploited in commercial IoT devices for the purpose of motivating manufacturers to produce IoT systems with improved security.

Published

2022

40. Tactics of invisibility : How people in vulnerable positions make datafied everyday life livable

Author

Karoliina Talvitie-Lamberg, Vilma Lehtinen, Sanna Valtonen, Tampere University, and Communication Sciences

Subjects

6131 Theatre, dance, music, other performing arts, vulnerabilities, Sociology and Political Science, Communication, tactics, surveillance, näkymättömyys, invisibility, tarkkailu, data platforms, haavoittuvuus, taktiikka

Abstract

Various data platforms force the individual into constant presence and visibility. However, the ways in which datafied environments relate to experienced vulnerabilities in our everyday lives remain unclear. Through diaries produced by and interviews with participants from three groups who occupy presumably vulnerable positions and who currently live in Finland, we explore the ways in which people challenge expectations and prior assumptions related to forced visibility. Using the concept of tactics developed by de Certeau, we aim to understand how individuals make everyday surveillance culture livable through what we call tactics of invisibility. Based on our analysis, we identify three kinds of tactics in this context: keeping worlds apart, cropping oneself out of the frame, and sidestepping. We interpret tactics of invisibility as ways of shaping a space for oneself illustrate fractures in what previous research has framed as digital resignation.

Published

2022

41. Análisis de la vulnerabilidad Log4shell

Author

Fabra Amat, Jorge

Subjects

Log4J, Cybersecurity, Grado en Ingeniería Informática-Grau en Enginyeria Informàtica, Ransomware, Attacks, CVE, Ciberseguridad, ARQUITECTURA Y TECNOLOGIA DE COMPUTADORES, Ataques, Amenazas, Vulnerabilities, Threats, Log4shell, Vulnerabilidad

Abstract

[ES] Este trabajo de final de grado tiene como objetivo mostrar lo peligrosas que son para las empresas las vulnerabilidades. Se analizará el impacto que puede generar un 0-Day en un entorno empresarial. Posteriormente abarcaremos la vulnerabilidad Log4shell en un entorno simulado. Para poder abordar con detalle el tema tratado, analizaremos la ciberseguridad actual. Una vez esté explicado el contexto se realizarán diversas pruebas en entornos simulados con el objetivo de mostrar la vulnerabilidad. Una vez se haya detectado y explotado la vulnerabilidad, asumiremos el rol de empresa y procederemos a su mitigación. Para terminar, realizaremos un caso de uso donde al explotar la vulnerabilidad se desplegará un ransomware., [CA] Aquest treball de final de grau té com a objectiu mostrar el perilloses que són per a les empreses les vulnerabilitats. S’analitzarà l’impacte que pot generar un 0-Day en un entorn empresarial. Posteriorment abastarem la vulnerabilitat Log4shell en un entorn simulat. Per a poder abordar amb detall el tema tractat, analitzarem la ciberseguretat actual. Una vegada estiga explicat el context es realitzaran diverses proves en entorns simulats amb l’objectiu de mostrar la vulnerabilitat. Una vegada s’haja detectat i explotat la vulnerabilitat, assumirem el rol d’empresa i procedirem a la seua mitigació. Per a acabar, realitzarem un cas d’ús on en explotar la vulnerabilitat es desplegarà un ransomware., [EN] This final degree project aims to show how dangerous vulnerabilities are for companies. We will analyze the impact that a 0-Day can generate in a business environment. We will then cover the Log4shell vulnerability in a simulated environment. In order to be able to address the topic in detail, we will analyze current cybersecurity. Once the context is explained, several tests will be performed in simulated environments in order to show the vulnerability. Once the vulnerability has been detected and exploited, we will assume the role of the company and proceed to its mitigation. Finally, we will perform a use case where a ransomware will be deployed after exploiting the vulnerability.

Published

2022

42. Getting Smarter about Smart Cities: Improving Data Security and Privacy through Compliance

Author

Mudassar Aslam, Muhammad Abbas Khan Abbasi, Tauqeer Khalid, Rafi us Shan, Subhan Ullah, Tahir Ahmad, Saqib Saeed, Dina A. Alabbad, and Rizwan Ahmad

Subjects

Privacy, compliance, data breaches, information security policies and procedures, Personal Identity Information (PII), vulnerabilities, Internet of Things, Quality of Life, Electrical and Electronic Engineering, Biochemistry, Instrumentation, Atomic and Molecular Physics, and Optics, Computer Security, Confidentiality, Analytical Chemistry

Abstract

Smart cities assure the masses a higher quality of life through digital interconnectivity, leading to increased efficiency and accessibility in cities. In addition, a huge amount of data is being exchanged through smart devices, networks, cloud infrastructure, big data analysis and Internet of Things (IoT) applications in the various private and public sectors, such as critical infrastructures, financial sectors, healthcare, and Small and Medium Enterprises (SMEs). However, these sectors require maintaining certain security mechanisms to ensure the confidentiality and integrity of personal and critical information. However, unfortunately, organizations fail to maintain their security posture in terms of security mechanisms and controls, which leads to data breach incidents either intentionally or inadvertently due to the vulnerabilities in their information management systems that either malicious insiders or attackers exploit. In this paper, we highlight the importance of data breaches and issues related to information leakage incidents. In particular, the impact of data breaching incidents and the reasons contributing to such incidents affect the citizens’ well-being. In addition, this paper also discusses various preventive measures such as security mechanisms, laws, standards, procedures, and best practices, including follow-up mitigation strategies.

Published

2022

43. Social and digital vulnerabilities: The role of participatory processes in the reconfiguration of urban and digital space

Author

Maria Cristina Antonucci, Michele Sorice, and Andrea Volterrani

Subjects

urban regeneration, social participation, urban policies, vulnerabilities, Public Administration, Sociology and Political Science, civic engagement, digital platforms, third sector organizations, Settore SPS/08, Political Science and International Relations, urban regeneration, urban policies, social participation, civic engagement, liminal spaces, digital platforms, vulnerabilities, third sector organizations, Safety Research, liminal spaces

Abstract

In the Italian context, political and social participation in the urban dimension has experienced innovations to broaden the inclusion of citizens in public choices relating to citylife and to urban renovation. Participation found in the city a relevant space to experiment with innovation in the relationship between institutions and citizens, many initiatives advanced and developed over the years have had a powerful lever in technology: participatory budgets, consultations, public-private-non-profit partnerships. In other cases, specifically in peripheral realities, urban innovation has turned out to be detached from digital infrastructures and has benefited, rather, from the social infrastructures in the area. Civic committees, community foundations, collaboration agreements between citizens and authorities, and local community development experiences developed in peripheral contexts. Regenerating urban spaces is a political objective proposed with increasing emphasis by institutional bodies at the various levels of governance. Environmental, economic, social and urban planning intersect and overlap and often projects related to urban planning “on paper” prevail over issues related to urban communities “on territories”. Without adequate processes of participation and subjectivity of citizens living in urban contexts, no model of “urban renaissance” appears fully deployed, resulting in participatory processes that—at best—only allow for access logics in a neoliberal perspective. Through a qualitative methodology, the paper aims at presenting and investigating six case studies in major Italian cities (Rome, Naples, Milan, Turin, Florence, Reggio Calabria), in which democratic innovation and experimentation in civic engagement spread from the digital capital of citizens and the social organizations of the peripheral territory, with its specificities and its problems. In particular, the objective of the paper is to discuss and problematise the processes of participation involving and featuring vulnerable people within the reconfiguration of urban and digital spaces. Following Sutton and Kemp's approach, we consider the relationship between urban spaces and marginal communities as central to a one-to-one relationship, fostering processes of urban inclusion. Combining participatory processes in liminal marginalized communities with an institutional push toward holistic urban regeneration may develop opportunities for active citizenship, overcoming the neoliberal paradigm of the city.

Published

2022

44. Impact of Man-in-the-Middle Attacks to the O-RAN Inter-Controllers Interface

Author

Tiberti, W., Di Fina, E., Marotta, A., and Cassioli, D.

Subjects

vulnerabilities, Man-in-the-Middle, O-RAN, Security

Published

2022

45. The Opinions on Force Protection in Asymmetric Operations

Author

Ion Mituleţu and Ionel Cotoarbă

Subjects

force protection, vulnerabilities, Military Science, asymmetric operations, asymmetric threats, General Medicine, Business, Force protection, Computer security, computer.software_genre, risks, computer

Abstract

The future conflicts will take place in increasingly complex operational environments and will largely include conventional, asymmetric or hybrid opponents. The battle space that has acquired new valences and the asymmetrical nature of the current operational environment require the perpetual reconfiguration of the rules of engagement. Within the asymmetric actions, the enemy will focus their efforts on attacking vulnerable military structures, which have a degree of protection inadequate for the operational situation. Therefore, the protection of force is a key element in the effective management of situations, maintaining the pace of actions and the ability to fight in the development of asymmetric operations. From the range of asymmetric actions that manifests itself globally, we aim to conduct an analysis focused on force protection measures specific to counterinsurgency, counter-guerrilla and counter-terrorism operations. The place and role of force protection in asymmetric operations attest to the fact that specific measures are aimed in particular at maintaining the morale and combat capability of their own forces throughout the range of missions performed, as well as protecting the civilian population in the area of action.

Published

2021

46. Geoethics and dimensions of vulnerability in Central Africa: the case study of the Democratic Republic of the Congo

Author

Francesco De Pascale

Subjects

QE1-996.5, vulnerabilities, Disaster risk reduction, media_common.quotation_subject, Vulnerability, Geology, General Medicine, disaster risk reduction, democratic republic of the congo, Geoethics, Democracy, Interdependence, Promotion (rank), conflicts, Multidisciplinary approach, Political science, Thematic analysis, geoethics, Environmental planning, media_common

Abstract

This article aims to analyse the dimensions of vulnerability in the complex territorial ecosystem of the Democratic Republic of the Congo, considering some substantial geoethical considerations and guidelines, usefull for the resolution of crisis situation. A thematic analysis was carried out on a gathering of secondary data and testimonies. Specifically, the paper will examine the modalities by which the mitigation process of the various vulnerabilities can be realized if implemented in synergy with some geoethical key points. This could contribute to the disaster risk reduction in DRC. Therefore, this paper will ascertain how the promotion of an environmental and ethical responsibility cannot be ignored in the future. It must be recognized that social, physical, environmental, economic, cultural, institutional vulnerabilities are interwined and interdependent. So, for their resolution, an integrated and multidisciplinary approach and the adoption of strategies shared by all the national and international stakeholders and policy makers are required.

Published

2021

47. COVID-19 magnifies the vulnerabilities: The Brazilian case

Author

Danielle Mendes Thame Denny, Douglas Castro, Clarice Seixas Duarte, and Luiz Ismael Pereira

Subjects

medicine.medical_specialty, Economic growth, Sociology and Political Science, Coronavirus disease 2019 (COVID-19), Inequality, media_common.quotation_subject, VULNERABILIDADE, 03 medical and health sciences, 0302 clinical medicine, Sovereignty, inequalities, Political science, Pandemic, international reforms, medicine, 030212 general & internal medicine, 0505 law, media_common, 050502 law, Public health, public health, 05 social sciences, sovereignty, Brazilian case, Law, Vulnerabilities, Covid-19

Abstract

This paper discusses inequalities of the health system in Brazil and advocates that now, more than ever in light of the Covid-19 pandemic, the world needs to put in place a more collaborative and egalitarian way of financing health research and investments in public health systems. The role of the state and institutions in the design of public policies for the realization of social rights is debated in the face of the economic and political crisis. Here we draw upon Martha Fineman’s vulnerability theory and Thomas Pogge’s view on justice with regard to health.

Published

2021

48. A Software Vulnerabilities Odysseus: Analysis, Detection, and Mitigation

Author

Riom, Timothée, Klein, Jacques [superviser], Bissyande, Tegawendé François D Assise [president of the jury], Le Traon, Yves [member of the jury], Barais, Olivier [member of the jury], and Graux, Pierre [member of the jury]

Subjects

Computer science [C05] [Engineering, computing & technology], Detection, Mitigations, Vulnerabilities, Sciences informatiques [C05] [Ingénierie, informatique & technologie], Software, Analysis

Abstract

Programming has become central in the development of human activities while not being immune to defaults, or bugs. Developers have developed specific methods and sequences of tests that they implement to prevent these bugs from being deployed in releases. Nonetheless, not all cases can be thought through beforehand, and automation presents limits the community attempts to overcome. As a consequence, not all bugs can be caught. These defaults are causing particular concerns in case bugs can be exploited to breach the program’s security policy. They are then called vulnerabilities and provide specific actors with undesired access to the resources a program manages. It damages the trust in the program and in its developers, and may eventually impact the adoption of the program. Hence, to attribute a specific attention to vulnerabilities appears as a natural outcome. In this regard, this PhD work targets the following three challenges: (1) The research community references those vulnerabilities, categorises them, reports and ranks their impact. As a result, analysts can learn from past vulnerabilities in specific programs and figure out new ideas to counter them. Nonetheless, the resulting quality of the lessons and the usefulness of ensuing solutions depend on the quality and the consistency of the information provided in the reports. (2) New methods to detect vulnerabilities can emerge among the teachings this monitoring provides. With responsible reporting, these detection methods can provide hardening of the programs we rely on. Additionally, in a context of computer perfor- mance gain, machine learning algorithms are increasingly adopted, providing engaging promises. (3) If some of these promises can be fulfilled, not all are not reachable today. Therefore a complementary strategy needs to be adopted while vulnerabilities evade detection up to public releases. Instead of preventing their introduction, programs can be hardened to scale down their exploitability. Increasing the complexity to exploit or lowering the impact below specific thresholds makes the presence of vulnerabilities an affordable risk for the feature provided. The history of programming development encloses the experimentation and the adoption of so-called defence mechanisms. Their goals and performances can be diverse, but their implementation in worldwide adopted programs and systems (such as the Android Open Source Project) acknowledges their pivotal position. To face these challenges, we provide the following contributions: • We provide a manual categorisation of the vulnerabilities of the worldwide adopted Android Open Source Project up to June 2020. Clarifying to adopt a vulnera- bility analysis provides consistency in the resulting data set. It facilitates the explainability of the analyses and sets up for the updatability of the resulting set of vulnerabilities. Based on this analysis, we study the evolution of AOSP’s vulnerabilities. We explore the different temporal evolutions of the vulnerabilities affecting the system for their severity, the type of vulnerability, and we provide a focus on memory corruption-related vulnerabilities. • We undertake the replication of a machine-learning based detection algorithms that, besides being part of the state-of-the-art and referenced to by ensuing works, was not available. Named VCCFinder, this algorithm implements a Support- Vector Machine and bases its training on Vulnerability-Contributing Commits and related patches for C and C++ code. Not in capacity to achieve analogous performances to the original article, we explore parameters and algorithms, and attempt to overcome the challenge provided by the over-population of unlabeled entries in the data set. We provide the community with our code and results as a replicable baseline for further improvement. • We eventually list the defence mechanisms that the Android Open Source Project incrementally implements, and we discuss how it sometimes answers comments the community addressed to the project’s developers. We further verify the extent to which specific memory corruption defence mechanisms were implemented in the binaries of different versions of Android (from API-level 10 to 28). We eventually confront the evolution of memory corruption-related vulnerabilities with the implementation timeline of related defence mechanisms.

Published

2022

49. Applications of Kali Linux Operating System

Author

Brajković, Mateo and Babić, Snježana

Subjects

socijalni inženjering, vulnerabilities, eksploatacije, aplikacije, Linux, napadi, reconnaissance, social engineering, Kali, ranjivosti, exploits, DRUŠTVENE ZNANOSTI. Informacijske i komunikacijske znanosti. Informacijski sustavi i informatologija, penetration testing, attacks, penetracijsko testiranje, Applications, izviđanje, SOCIAL SCIENCES. Information and Communication Sciences. Information Systems and Information Science, payloads

Abstract

Kali Linux je vrlo jednostavan i u isto vrijeme kompleksan operativni sustav koji ima s informatičke strane uz najpopularniju aplikaciju što je penetracijsko testiranje ima još mnogo aplikacija kojima se može efikasno manipulirati nekakvim informatičkim sustavom. Ima aplikacije u bilo kojem aspektu informatike, sustav sadrži u sebi veliki broj alata koji služe za raznovrsne mogućnosti u svim poljima gdje Kali Linux može biti koristan. U radu je prikazano kakve aplikacije ima s ovim sustavom, čemu služe te aplikacije, i nekakvi najbolji načini i alati koji mogu biti korišteni za postići tu aplikaciju. Rad je namijenjen da bude vodič kroz sve mogućnosti koje daje, naravno da je tu penetracijsko testiranje na prvom mjestu i da kad podijelimo cijeli proces na manje dijelove dobijemo aplikacije koje nam mogu služiti zasebno za sebe, isto tako za prikaz aplikacija koje nisu dio penetracijskog testiranja već imaju svoju korist zasebno za sebe. Kali Linux is a very simple and at the same time complex operating system that has, on the IT side, in addition to the most popular application, because penetration testing has many other applications that can effectively manipulate some kind of IT system. It has applications in any aspect of IT, the system contains a large number of tools that serve for various possibilities in all fields where Kali Linux can be useful. The paper shows what applications there are with this system, what these applications are for, and some of the best ways and tools that can be used a little to achieve this application. The work is intended to be a guide through all the possibilities it provides, of course, penetration testing is in the first place and when we divide the whole process into smaller parts, we get applications that can serve us separately on their own, as well as for displaying applications that are not part of penetration testing they already have their benefit separately for themselves.

Published

2022

50. Cyber Threats to Smart Grids: Review, Taxonomy, Potential Solutions, and Future Directions

Author

Ning, Jianguo Ding, Attia Qammar, Zhimin Zhang, Ahmad Karim, and Huansheng

Subjects

smart grids, cybersecurity, vulnerabilities, cyberattacks, blockchain, artificial intelligence

Abstract

Smart Grids (SGs) are governed by advanced computing, control technologies, and networking infrastructure. However, compromised cybersecurity of the smart grid not only affects the security of existing energy systems but also directly impacts national security. The increasing number of cyberattacks against the smart grid urgently necessitates more robust security protection technologies to maintain the security of the grid system and its operations. The purpose of this review paper is to provide a thorough understanding of the incumbent cyberattacks’ influence on the entire smart grid ecosystem. In this paper, we review the various threats in the smart grid, which have two core domains: the intrinsic vulnerability of the system and the external cyberattacks. Similarly, we analyze the vulnerabilities of all components of the smart grid (hardware, software, and data communication), data management, services and applications, running environment, and evolving and complex smart grids. A structured smart grid architecture and global smart grid cyberattacks with their impact from 2010 to July 2022 are presented. Then, we investigated the the thematic taxonomy of cyberattacks on smart grids to highlight the attack strategies, consequences, and related studies analyzed. In addition, potential cybersecurity solutions to smart grids are explained in the context of the implementation of blockchain and Artificial Intelligence (AI) techniques. Finally, technical future directions based on the analysis are provided against cyberattacks on SGs.

Published

2022