Analysis of Security Vulnerabilities and Countermeasures of Ethernet Passive Optical Network(EPON)

Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffers many security vulnerabilities. Communication security must be guaranteed when EPON is applied in practice.This paper gives a general introduction to the EPON system,analyzes the potential threats and attacks pertaining to the EPON system,and presents effective countermea-sures against these threats and attacks with emphasis on the authentication protocols and key distribution.

Systematic Review of Web Application Security Vulnerabilities Detection Methods

In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.

Measuring Global Supply Chain Vulnerabilities Using Trade Network Analysis Method

With the trade network analysis method and bilateral country-product level trade data of 2017-2020,this paper reveals the overall characteristics and intrinsic vulnerabilities of China’s global supply chains.Our research finds that first,most global supply-chain-vulnerable products are from technology-intensive sectors.For advanced economies,their supply chain vulnerabilities are primarily exposed to political and economic alliances.In comparison,developing economies are more dependent on regional communities.Second,China has a significant export advantage with over 80%of highly vulnerable intermediate inputs relying on imports of high-end electrical,mechanical and chemical products from advanced economies or their multinational companies.China also relies on developing economies for the import of some resource products.Third,during the trade frictions from 2018 to 2019 and the subsequent COVID-19 pandemic,there was a significant reduction in the supply chain vulnerabilities of China and the US for critical products compared with other products,which reflects a shift in the layout of critical product supply chains to ensure not just efficiency but security.China should address supply chain vulnerabilities by bolstering supply-side weaknesses,diversifying import sources,and promoting international coordination and cooperation.

Key Vulnerabilities and Limitations in the Management of Hazardous Waste and Its Disposal: A Checklist Assessment Tool

From an environmental protection perspective, the crucial issues pertaining to the policing of hazardous waste relate to both the vulnerabilities and limitations of current practices, and the potential issues that demand attention in the here and now, to alleviate future calamity. This paper describes the process involved in developing a vulnerabilities and limitations checklist that provides a relatively simple yet multi-pronged approach to assessing present and future environmental harms and crimes within the hazardous waste sector. Although it was not the intention of the authors to develop a generic checklist, this tool may prove useful to other industry sectors.

Evaluation of Disaster Risks, Vulnerabilities and Response Strategies of High Rise Buildings in Lagos Municipality

Although disasters can occur anywhere, certain types of disasters are more likely to have more effects on some buildings than others, especially on those in urban areas. Buildings in Lagos have had nasty experiences from both natural and artificial disasters, claiming lives and properties in the past. This study aims at evaluating the disaster risks, vulnerabilities and response strategies in the high rise buildings in Lagos municipality. Structured questionnaire was administered to building owners, estate managers and disaster managers who manage the high rise buildings. The information obtained was supplemented by personal interviews conducted with tenants and rescue organizations. The study identified collapse of building, fire out break, and communication and power failure as the most likely potential disasters, power failure and collapse had the highest severity of impact, and the degree of preparedness achieved to confront the disasters was below satisfaction. However, the specific status of the response strategies was as expected, but there was room for improvements. The potential disasters were natural, human and environmental and the most vulnerable sectors were other properties rather than the high rise buildings themselves. The magnitude of risk levels could be contained with the level of response strategies already achieved if coordinated.

The Knowledge of Cyber-Security Vulnerabilities in an Institution of Higher and University Education. A Case of ISP-Bukavu (Institut Supérieur Pédagogique de Bukavu) (TTC = Teachers’ Training College)

This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.

Systematic Review: Analysis of Coding Vulnerabilities across Languages

The boom of coding languages in the 1950s revolutionized how our digital world was construed and accessed. The languages invented then, including Fortran, are still in use today due to their versatility and ability to underpin a large majority of the older portions of our digital world and applications. Fortran, or Formula Translation, was a programming language implemented by IBM that shortened the apparatus of coding and the efficacy of the language syntax. Fortran marked the beginning of a new era of efficient programming by reducing the number of statements needed to operate a machine several-fold. Since then, dozens more languages have come into regular practice and have been increasingly diversified over the years. Some modern languages include Python, Java, JavaScript, C, C++, and PHP. These languages significantly improved efficiency and also have a broad range of uses. Python is mainly used for website/software development, data analysis, task automation, image processing, and graphic design applications. On the other hand, Java is primarily used as a client-side programming language. Expanding the coding languages allowed for increasing accessibility but also opened up applications to pertinent security issues. These security issues have varied by prevalence and language. Previous research has narrowed its focus on individual languages, failing to evaluate the security. This research paper investigates the severity and frequency of coding vulnerabilities comparatively across different languages and contextualizes their uses in a systematic literature review.

Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities

To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.

Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis

Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.

Recent Extremes of Drought and Flooding in Amazonia: Vulnerabilities and Human Adaptation

The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featured various “once in a century” droughts and floods in the Amazon basin, which have affected human and natural systems in the region. We assess a history of such hazards based on river data, and discuss some of the observed impacts in terms of vulnerability of human and natural systems, as well as some of adaptation strategies implemented by regional and local governments to cope with them. A critical perspective of mitigation of drought and flood policies in Amazonia suggests that they have been mostly ineffective in reducing vulnerability for the majority of the population, constituting, perhaps, examples of maladaptation via the undermining of resilience.

Analyzing Ethereum Smart Contract Vulnerabilities at Scale Based on Inter-Contract Dependency

Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.

Identification of system vulnerabilities in the Ethiopian electric power system

The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent years, with an increasing load demand due to rural electrification and industrialization, the Ethiopian power system has faced more frequent, widely spread and long lasting blackouts. To slash the occurrence of such incidents, identifying the system vulnerabilities is the first step in this direction. In this paper, the vulnerability assessment is performed using indices called active power performance index(PIp) and voltage performance index(PIv). These indices provide a direct means of comparing the relative severity of the different line outages on the system loads and voltage profiles. Accordingly, it is found that the most severe line outages are those lines that interconnect the high load centered(Addis Ababa and Central regions) with the rest of the regional power systems. In addition, the most vulnerable buses of the network in respect of voltage limit violations are mainly found at the high load centers.

Urban Vulnerabilities in the Kathmandu Valley, Nepal: Visualizations of Human/Hazard Interactions

Excessive unplanned urban growth leads to many vulnerabilities and impacts on urban environments to varying degrees. However, the majority of the extant literature focuses on the problems related to location and socioeconomic conditions, rather than vulnerability processes and related environmental degradation. This paper analyzes the scope of urban vulnerabilities for five rapidly urbanizing and highly-congested cities in the Kathmandu Valley, Nepal. First, the historic context of the Valley’s uncontrolled urbanization sets the scene. Second, the optic is narrowed to focus upon the geographical features of the resultant urbanized Valley landscape that includes spatial arrangements and of houses, population densities, road networks, vehicular densities, garbage problems, and available open spaces. Additionally, seismic vulnerabilities in the urban areas are also considering in this examination. Third, three-dimensional visualizations of selected urban locations are presented to differentiate between vulnerable and relatively safe locations. The intent of this research is to contribute to the methodological understanding of human/hazards interactions in rapidly urbanizing cities of the Third World, which share similar socioeconomic conditions and environmental con-texts.

Risk Assessment Framework of mHealth System Vulnerabilities: A Multilayer Analysis of the Patient Hub

Although there have been remarkable technological developments in healthcare, the privacy and security of mobile health systems (mHealth) still raise many concerns with considerable consequences for patients using these technologies. For instance, potential security and privacy threats in wireless devices, such as Wi-Fi and Bluetooth connected to a patient hub at the application, middleware and sensory layers, may result in the disclosure of private and sensitive data. This paper explores the security and privacy of the patient hub, including patient applications and their connections to sensors and cloud technology. Addressing the privacy and security concerns of the patient hub called for a comprehensive risk assessment by using the OCTAVE risk assessment framework. Findings reveal that the highest risk concerned data exposure at the sensory layer. In spite of the countermeasures presented in this paper, most served as a means to identify risk early as opposed to mitigating them. The findings can serve to inform users of the potential vulnerabilities in the patient hub before they arise.

Spatial Analysis of Risks and Vulnerabilities to Major Hazards in Madagascar Using the Multi-Criteria Method Based on the Analytical Hierarchy Process (AHP)

Natural disasters are not negligible factors that have significant impacts on a country’s development. Madagascar cannot escape cyclones, floods and drought due to its geographical situation. The objective in this work is to assess the risks and vulnerability to these hazards in order to strengthen the resilience of the Malagasy population. Our approach is based on multi-criteria spatial analysis using the Analytical Hierarchy Process (AHP). The results form decision spatial information that can be used at the strategic level of natural risk and disaster management. This work focuses on the degree of vulnerability and it was found in this study that the Androy and Atsimo-Atsinanana regions are the most vulnerable to major hazards in Madagascar not only because of their exposure to risk but also because of their very low socio-economic status.

Multiple Vulnerabilities of the Elderly People in Indonesia： Ethical Considerations

A closer look to the state of affairs of the elderly in Indonesia has disclosed the fact that the Indonesian elderly facing what this paper is coined as ＂multiple vulnerabilities.＂ On the one hand, Indonesian demographic is showing that the Indonesian people are getting old. The fertility rate has significantly decreased since 1970 when the total fertility rate decreases from 5.0 to 2.1 in 2025. This alone gives rise to various problems of the elderly, among whom are the dependency ratio, aging index, potential support ratio, and the feminization of aging. These problems show the level of vulnerability of the Indonesian elderly. From the perspective of the dependency ratio, for example, the number of people under the age of 15 and above 65 who depend on the labor force （15-64 years） has increased since 1970, from 7.0 to 29.0 in 2050. Again, this shows the high level of vulnerability of Indonesian elderly given that the dependency ratio itself has influenced on health care, living arrangements and family support, and so on. Aside from that, the economic burden will be very visible in the workforce. On the other hand, the policies on the elderly are still far from maximum realization. Law on the Welfare of the Elderly （13/1998） has recommended that every hospital must have geriatrics and gerontology section, yet only 8 hospitals fulfill the requirement. The situation is worsened due to the lack of adequate medical staff at the health center, which can serve elderly patients in a professional and humane way. Again, this brings forth the other side of the state of the elderly in Indonesia, which indicates the high level of their vulnerability. In this paper I will analyze the state of vulnerability of the elderly people in Indonesia from the perspective of ethics of vulnerability and personalism. I consider these two approaches as representing all ethical discussion about the ethical treatment of the elderly due to their characters of valuing the elderly as persons with dignity. Thus, this paper will show that the elderly in Indonesia is in danger of not being treated humanely.

Rural Livelihoods Vulnerabilities and Commercial Bushmeat Hunting Challenges in Cross River National Park, Nigeria

Biodiversity conservation in parks and protected areas in Africa in general and especially in Nigeria is seriously threatened by the explosion of commercial bushmeat hunting activities in buffer zone communities. Several fauna species are becoming endangered and the list of extinct species is increasing due to commercial bushmeat hunting activities. Using a combination of qualitative and quantitative research techniques, this paper assesses the livelihoods vulnerability underpinnings of commercial bushmeat hunting activities in Cross River National Park (CRNP). Results reveal that commercial bushmeat hunting activities are shaped by a vulnerability context that hinges on different elements of environmental shocks, seasonal challenges and surrounding societal trends. The paper highlights the conservation and global sustainable development implications of uncontrolled commercial bushmeat hunting practices and concludes with options on policy recommendations and future research trajectories.

Securing Stock Transactions Using Blockchain Technology: Architecture for Identifying and Reducing Vulnerabilities Linked to the Web Applications Used (MAHV-BC)

This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.

Classification of Cybersecurity Threats, Vulnerabilities and Countermeasures in Database Systems

Database systems have consistently been prime targets for cyber-attacks and threats due to the critical nature of the data they store.Despite the increasing reliance on database management systems,this field continues to face numerous cyber-attacks.Database management systems serve as the foundation of any information system or application.Any cyber-attack can result in significant damage to the database system and loss of sensitive data.Consequently,cyber risk classifications and assessments play a crucial role in risk management and establish an essential framework for identifying and responding to cyber threats.Risk assessment aids in understanding the impact of cyber threats and developing appropriate security controls to mitigate risks.The primary objective of this study is to conduct a comprehensive analysis of cyber risks in database management systems,including classifying threats,vulnerabilities,impacts,and countermeasures.This classification helps to identify suitable security controls to mitigate cyber risks for each type of threat.Additionally,this research aims to explore technical countermeasures to protect database systems from cyber threats.This study employs the content analysis method to collect,analyze,and classify data in terms of types of threats,vulnerabilities,and countermeasures.The results indicate that SQL injection attacks and Denial of Service(DoS)attacks were the most prevalent technical threats in database systems,each accounting for 9%of incidents.Vulnerable audit trails,intrusion attempts,and ransomware attacks were classified as the second level of technical threats in database systems,comprising 7%and 5%of incidents,respectively.Furthermore,the findings reveal that insider threats were the most common non-technical threats in database systems,accounting for 5%of incidents.Moreover,the results indicate that weak authentication,unpatched databases,weak audit trails,and multiple usage of an account were the most common technical vulnerabilities in database systems,each accounting for 9%of vulnerabilities.Additionally,software bugs,insecure coding practices,weak security controls,insecure networks,password misuse,weak encryption practices,and weak data masking were classified as the second level of security vulnerabilities in database systems,each accounting for 4%of vulnerabilities.The findings from this work can assist organizations in understanding the types of cyber threats and developing robust strategies against cyber-attacks.

Graph neural network based approach Che upo to automatically assigning common weakness enumeration identifiers for vulnerabilities

Vulnerability reports are essential for improving software security since they record key information on vulnerabilities.In a report,CWE denotes the weakness of the vulnerability and thus helps quickly understand the cause of the vulner-ability.Therefore,CWE assignment is useful for categorizing newly discovered vulnerabilities.In this paper,we propose an automatic CwE assignment method with graph neural networks.First,we prepare a dataset that contains 3394 real world vulnerabilities from Linux,OpenSSL,Wireshark and many other software programs.Then,we extract state-ments with vulnerability syntax features from these vulnerabilities and use program slicing to slice them according to the categories of syntax features.On top of slices,we represent these slices with graphs that characterize the data dependency and control dependency between statements.Finally,we employ the graph neural networks to learn the hidden information from these graphs and leverage the Siamese network to compute the similarity between vulnerability functions,thereby assigning CWE IDs for these vulnerabilities.The experimental results show that the proposed method is effective compared to existing methods.