Systematic Security Guideline Framework through Intelligently Automated Vulnerability Analysis

This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.

Application of Hazard Vulnerability Analysis Based on Kaiser Model in Neonatal Breast Milk Management

Objective:To analyze the existing risks in breast milk management at the neonatal department and provide corresponding countermeasures.Methods:22 risk events were identified in 7 risk links in the process of bottle-feeding of breast milk.Hazard Vulnerability Analysis based on the Kaiser model was applied to investigate and evaluate the risk events.Results:High-risk events include breast milk quality inspection,hand hygiene during collection,disinfection of collectors,cold chain management,hand hygiene during the reception,breast milk closed-loop management,and post-collection disposal.Root cause analysis of high-risk events was conducted and breast milk management strategies outside the hospital and within the neonatal department were proposed.Conclusion:Hazard Vulnerability Analysis based on the Kaiser model can identify and assess neonatal breast milk management risks effectively,which helps improve the management of neonatal breast milk.It is conducive to the safe development and promotion of bottle feeding of breast milk for neonates,ensuring the quality of medical services and the safety of children.

Vector-intensity measure based seismic vulnerability analysis of bridge structures

This paper presents a method for seismic vulnerability analysis of bridge structures based on vector-valued intensity measure （viM）, which predicts the limit-state capacities efficiently with multi-intensity measures of seismic event. Accounting for the uncertainties of the bridge model, ten single-bent overpass bridge structures are taken as samples statistically using Latin hypercube sampling approach. 200 earthquake records are chosen randomly for the uncertainties of ground motions according to the site condition of the bridges. The uncertainties of structural capacity and seismic demand are evaluated with the ratios of demand to capacity in different damage state. By comparing the relative importance of different intensity measures, Sa（T1） and Sa（T2） are chosen as viM. Then, the vector-valued fragility functions of different bridge components are developed. Finally, the system-level vulnerability of the bridge based on viM is studied with Duunett- Sobel class correlation matrix which can consider the correlation effects of different bridge components. The study indicates that an increment IMs from a scalar IM to viM results in a significant reduction in the dispersion of fragility functions and in the uncertainties in evaluating earthquake risk. The feasibility and validity of the proposed vulnerability analysis method is validated and the bridge is more vulnerable than any components.

Investigation on the COVID-19 Outbreak in India: Lockdown Impact and Vulnerability Analysis

Coronavirus (COVID-19) disease is a major pandemic which has taken the world by storm. More than 524,000 citizens of the globe have succumbed to the disease as on 3rd July, 2020. Accurate modeling of the dynamics of the disease spread is required to curb the virus. With the availability of large amount of data made available publicly by the Government agency as well as the other live crowdsourcing media, it is possible to develop an accurate local prediction tool. In this study, we analyze the dynamics of local outbreaks of COVID-19 for few states of India with major outbreaks and for India as a whole. The large amount of data available from the COVID-19 Tracker India platform was utilized to estimate the impact of lockdown in the country and the states with major outbreaks. The effectiveness of the lockdown implementation by the respective states is studied for the analysis. The lockdown was categorized into strict, moderate, and lenient. The model is deployed on a web based platform to disseminate the alert to the public. We further extend the ordinary differential Equation (ODE) based model to generate district level vulnerability index for the whole country based on the rate of change of infected people, breach in social distancing, and population. Around 47% of districts of the country were not found vulnerable;however, 13% of the districts were identified as high risk for the disease outbreak.

Analysis and Zoning on Vulnerability of the Lightning Disaster in Guizhou Province

[ Objective] The research aimed to evaluate vulnerability of the lightning disaster in Guizhou and conduct zoning. [ Method] According to data of the lightning monitoring network and statistical data of the lightning disaster in Guizhou during 2007 -2012, by combining economy and population situations in 9 cities of Guizhou, 6 indicators were used to assess vulnerability of the lightning disasterCG lightning intensity, strong CG lightning intensity, annual average occurrence frequency of the lightning disaster, GDP per capita, population intensity and casualties frequency. By constructing principal component, determining weighing and comprehensive assessment, vulnerability grade of the lightning disaster in Guizhou was divided. [ Result] Guiyang was extremely high vulnerability zone, high vulnerability zone included Zunyi, Bijie and Liupanshui, moderate vulnerabili- ty zone included Anshun, Tongren and Qianxinan, Qiannan was low vulnerability zone, and Qiandongnan was extremely low vulnerability zone. Vulnerability distribution boundary of the lightning disaster in Guizhou was along northeast to southwest, and vulnerability of the lightning disaster gradually weakened from northwest to southeast. [ Conclusion] The research provided scientific basis for preventing lightning disaster and reducing damage of the lightning disaster.

CORMAND2--针对工业机器人的欺骗攻击

Industrial robots are becoming increasingly vulnerable to cyber incidents and attacks,particularly with the dawn of the Industrial Internet-of-Things(IIoT).To gain a comprehensive understanding of these cyber risks,vulnerabilities of industrial robots were analyzed empirically,using more than three million communication packets collected with testbeds of two ABB IRB120 robots and five other robots from various original equipment manufacturers(OEMs).This analysis,guided by the confidentiality-integrity-availability(CIA)triad,uncovers robot vulnerabilities in three dimensions:confidentiality,integrity,and availability.These vulnerabilities were used to design Covering Robot Manipulation via Data Deception(CORMAND2),an automated cyber-physical attack against industrial robots.CORMAND2 manipulates robot operation while deceiving the Supervisory Control and Data Acquisition(SCADA)system that the robot is operating normally by modifying the robot’s movement data and data deception.CORMAND2 and its capability of degrading the manufacturing was validated experimentally using the aforementioned seven robots from six different OEMs.CORMAND2 unveils the limitations of existing anomaly detection systems,more specifically the assumption of the authenticity of SCADA-received movement data,to which we propose mitigations for.

Assessing vulnerability of a forest ecosystem to climate change and variability in the western Mediterranean sub-region of Turkey

Climate change is a real, pressing and significant global problem. The concept of ‘climate change vulnerability’ helps us to better comprehend the cause/effect relationships behind climate change and its impact on human societies, socioeconomic sectors, and physiographical and ecological systems. In this study, multifactorial spatial modelling evaluated the vulnerability of a Mediterranean forest ecosystem to climate change and variability with regard to land degradation. This produced data and developed tools to support better decision-making and management. As a result, the geographical distribution of Environmental Vulnerability Areas(EVAs) of the forest ecosystem is the estimated Environmental Vulnerability Index(EVI) values. These revealed that, at current levels of environmental degradation, physical, geographical, policy enforcement, and socioeconomic conditions, the area with a ‘‘very low’’ degree of vulnerability covered mainly the town, its surrounding settlements and agricultural lands found principally over the low, flat travertine plateau and the plains to the east and southeast of the district. The spatial magnitude of the EVAs of the forest ecosystem under current environmental degradation was also determined. This revealed that the EVAs classed as ‘‘very low’’accounted for 21% of the area of the forest ecosystem,those classed as ‘‘low’’ for 36%, those classed as ‘‘medium’’ for 20%, and those classed as ‘‘high’’ for 24%.

Seismic vulnerability estimation of the building considering seismic environment and local site condition

A procedure is developed to incorporate seismic environment and site condition into the framework of seismic vulnerability estimation of building to consider the effects of the severity and/or frequency content of ground motion due to seismic environment and site condition. Localized damage distribution can be strongly influenced by seismic environment and surficial soil conditions and any attempt to quantify seismic vulnerability of building should consider the impact of these effects. The seismic environment, site and structure are coupled to estimate damage probability distribution among different damage states for the building. Response spectra at rock site are estimated by probabilistic seismic hazard assessment approach. Based upon engineering representations of soil and amplifying spectral coordinates, frequency content and severity of ground motion are considered. Furthermore the impacts of severity and/or frequency of ground motion effects are considered to estimate the seismic response of reinforced concrete building and damage probability distribution for the building. In addition, a new method for presenting the distribution of damage is developed to express damage probability distribution for the building for different seismic hazard levels.

Influence of spiral anchor composite foundation on seismic vulnerability of raw soil structure

A typical single-layer raw soil structure in villages and towns in China is taken as the research object.In the probabilistic seismic demand analysis,the seismic demand model is obtained by the incremental dynamic time history analysis method.The seismic vulnerability analysis is carried out for the raw soil structure of nonfoundation,strip foundation,and spiral anchor composite foundation,respectively.The spiral anchor composite foundation can reduce the seismic response and failure state of raw soil structure,and the performance level of the structure is significantly improved.Structural requirements sample data with the same ground motion intensity are analyzed by linear regression statistics.Compared with the probabilistic seismic demand model under various working conditions,the seismic demand increases gradually with the increase of intensity.The seismic vulnerability curve is summarized for comparative analysis.With the gradual deepening of the limit state,the reduction effect of spiral anchor composite foundation on the exceedance probability becomes more and more obvious,which can reduce the probability of structural failure to a certain extent.

Research on performance-based seismic design criteria

The seismic design criterion adopted in the existing seismic design codes is reviewed. It is pointed out that the presently used seismic design criterion is not satisfied with the requirements of nowadays social and economic development. A new performance-based seismic design criterion that is composed of three components is presented in this paper. It can not only effectively control the economic losses and casualty, but also ensure the building's function in proper operation during earthquakes. The three components are: classification of seismic design for buildings, determination of seismic design intensity and/or seismic design ground motion for controlling seismic economic losses and casualties, and determination of the importance factors in terms of service periods of buildings. For controlling the seismic human losses, the idea of socially acceptable casualty level is presented and the 'Optimal Economic Decision Model' and 'Optimal Safe Decision Model' are established. Finally, a new method is recommended for calculating the importance factors of structures by adjusting structures service period on the base of more important structure with longer service period than the conventional ones. Therefore, the more important structure with longer service periods will be designed for higher seismic loads, in case the exceedance probability of seismic hazard in different service period is same.

Amelioration and retrofitting of educational buildings

Following a seismic event that occurred years ago in Central Italy, the public opinion was growing and growing a concern on the adequacy of educational buildings all across Italy. This activated several political decisions and a consequent technical effort is in progress. Technically speaking one has to manage the classical problem of retrofitting existing buildings. However, the legal environment goes across national codes, targeted guidelines and the professional need of achieving pragmatic solutions based on ethical and social acceptation schemes.This paper introduces the topic in its worldwide exception and focuses then on some operative aspects in the Italian situation. It outlines the consolidated steps along this technical process and emphasizes the weak aspects one meets when going across the designers＇ reports.

A Novel Hybrid Method to Analyze Security Vulnerabilities in Android Applications

We propose a novel hybrid method to analyze the security vulnerabilities in Android applications.Our method combines static analysis,which consists of metadata and data flow analyses with dynamic analysis,which includes dynamic executable scripts and application program interface hooks.Our hybrid method can effectively analyze nine major categories of important security vulnerabilities in Android applications.We design dynamic executable scripts that record and perform manual operations to customize the execution path of the target application.Our dynamic executable scripts can replace most manual operations,simplify the analysis process,and further verify the corresponding security vulnerabilities.We successfully statically analyze 5547 malwares in Drebin and 10 151real-world applications.The average analysis time of each application in Drebin is 4.52 s,whereas it reaches 92.02 s for real-word applications.Our system can detect all the labeled vulnerabilities among 56 labeled applications.Further dynamic verification shows that our static analysis accuracy approximates 95%for real-world applications.Experiments show that our dynamic analysis can effectively detect the vulnerability named input unverified,which is difficult to be detected by other methods.In addition,our dynamic analysis can be extended to detect more types of vulnerabilities.

Characterizing Uncertainty in City-Wide Disaster Recovery through Geospatial Multi-Lifeline Restoration Modeling of Earthquake Impact in the District of North Vancouver

Restoring lifeline services to an urban neighborhood impacted by a large disaster is critical to the recovery of the city as a whole.Since cities are comprised of many dependent lifeline systems,the pattern of the restoration of each lifeline system can have an impact on one or more others.Due to the often uncertain and complex interactions between dense lifeline systems and their individual operations at the urban scale,it is typically unclear how different patterns of restoration will impact the overall recovery of lifeline system functioning.A difficulty in addressing this problem is the siloed nature of the knowledge and operations of different types of lifelines.Here,a city-wide,multi-lifeline restoration model and simulation are provided to address this issue.The approach uses the Graph Model for Operational Resilience,a data-driven discrete event simulator that can model the spatial and functional cascade of hazard effects and the pattern of restoration over time.A novel case study model of the District of North Vancouver is constructed and simulated for a reference magnitude 7.3 earthquake.The model comprises municipal water and wastewater,power distribution,and transport systems.The model includes 1725 entities from within these sectors,connected through 6456 dependency relationships.Simulation of the model shows that water distribution and wastewater treatment systems recover more quickly and with less uncertainty than electric power and road networks.Understanding this uncertainty will provide the opportunity to improve data collection,modeling,and collaboration with stakeholders in the future.