With the trade network analysis method and bilateral country-product level trade data of 2017-2020,this paper reveals the overall characteristics and intrinsic vulnerabilities of China’s global supply chains.Our rese...With the trade network analysis method and bilateral country-product level trade data of 2017-2020,this paper reveals the overall characteristics and intrinsic vulnerabilities of China’s global supply chains.Our research finds that first,most global supply-chain-vulnerable products are from technology-intensive sectors.For advanced economies,their supply chain vulnerabilities are primarily exposed to political and economic alliances.In comparison,developing economies are more dependent on regional communities.Second,China has a significant export advantage with over 80%of highly vulnerable intermediate inputs relying on imports of high-end electrical,mechanical and chemical products from advanced economies or their multinational companies.China also relies on developing economies for the import of some resource products.Third,during the trade frictions from 2018 to 2019 and the subsequent COVID-19 pandemic,there was a significant reduction in the supply chain vulnerabilities of China and the US for critical products compared with other products,which reflects a shift in the layout of critical product supply chains to ensure not just efficiency but security.China should address supply chain vulnerabilities by bolstering supply-side weaknesses,diversifying import sources,and promoting international coordination and cooperation.展开更多
This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws...This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.展开更多
The boom of coding languages in the 1950s revolutionized how our digital world was construed and accessed. The languages invented then, including Fortran, are still in use today due to their versatility and ability to...The boom of coding languages in the 1950s revolutionized how our digital world was construed and accessed. The languages invented then, including Fortran, are still in use today due to their versatility and ability to underpin a large majority of the older portions of our digital world and applications. Fortran, or Formula Translation, was a programming language implemented by IBM that shortened the apparatus of coding and the efficacy of the language syntax. Fortran marked the beginning of a new era of efficient programming by reducing the number of statements needed to operate a machine several-fold. Since then, dozens more languages have come into regular practice and have been increasingly diversified over the years. Some modern languages include Python, Java, JavaScript, C, C++, and PHP. These languages significantly improved efficiency and also have a broad range of uses. Python is mainly used for website/software development, data analysis, task automation, image processing, and graphic design applications. On the other hand, Java is primarily used as a client-side programming language. Expanding the coding languages allowed for increasing accessibility but also opened up applications to pertinent security issues. These security issues have varied by prevalence and language. Previous research has narrowed its focus on individual languages, failing to evaluate the security. This research paper investigates the severity and frequency of coding vulnerabilities comparatively across different languages and contextualizes their uses in a systematic literature review.展开更多
Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more t...Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.展开更多
This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data ...This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.展开更多
Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffe...Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffers many security vulnerabilities. Communication security must be guaranteed when EPON is applied in practice.This paper gives a general introduction to the EPON system,analyzes the potential threats and attacks pertaining to the EPON system,and presents effective countermea-sures against these threats and attacks with emphasis on the authentication protocols and key distribution.展开更多
In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed eit...In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.展开更多
From an environmental protection perspective, the crucial issues pertaining to the policing of hazardous waste relate to both the vulnerabilities and limitations of current practices, and the potential issues that dem...From an environmental protection perspective, the crucial issues pertaining to the policing of hazardous waste relate to both the vulnerabilities and limitations of current practices, and the potential issues that demand attention in the here and now, to alleviate future calamity. This paper describes the process involved in developing a vulnerabilities and limitations checklist that provides a relatively simple yet multi-pronged approach to assessing present and future environmental harms and crimes within the hazardous waste sector. Although it was not the intention of the authors to develop a generic checklist, this tool may prove useful to other industry sectors.展开更多
To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities ...To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.展开更多
The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featur...The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featured various “once in a century” droughts and floods in the Amazon basin, which have affected human and natural systems in the region. We assess a history of such hazards based on river data, and discuss some of the observed impacts in terms of vulnerability of human and natural systems, as well as some of adaptation strategies implemented by regional and local governments to cope with them. A critical perspective of mitigation of drought and flood policies in Amazonia suggests that they have been mostly ineffective in reducing vulnerability for the majority of the population, constituting, perhaps, examples of maladaptation via the undermining of resilience.展开更多
The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent year...The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent years, with an increasing load demand due to rural electrification and industrialization, the Ethiopian power system has faced more frequent, widely spread and long lasting blackouts. To slash the occurrence of such incidents, identifying the system vulnerabilities is the first step in this direction. In this paper, the vulnerability assessment is performed using indices called active power performance index(PIp) and voltage performance index(PIv). These indices provide a direct means of comparing the relative severity of the different line outages on the system loads and voltage profiles. Accordingly, it is found that the most severe line outages are those lines that interconnect the high load centered(Addis Ababa and Central regions) with the rest of the regional power systems. In addition, the most vulnerable buses of the network in respect of voltage limit violations are mainly found at the high load centers.展开更多
Excessive unplanned urban growth leads to many vulnerabilities and impacts on urban environments to varying degrees. However, the majority of the extant literature focuses on the problems related to location and socio...Excessive unplanned urban growth leads to many vulnerabilities and impacts on urban environments to varying degrees. However, the majority of the extant literature focuses on the problems related to location and socioeconomic conditions, rather than vulnerability processes and related environmental degradation. This paper analyzes the scope of urban vulnerabilities for five rapidly urbanizing and highly-congested cities in the Kathmandu Valley, Nepal. First, the historic context of the Valley’s uncontrolled urbanization sets the scene. Second, the optic is narrowed to focus upon the geographical features of the resultant urbanized Valley landscape that includes spatial arrangements and of houses, population densities, road networks, vehicular densities, garbage problems, and available open spaces. Additionally, seismic vulnerabilities in the urban areas are also considering in this examination. Third, three-dimensional visualizations of selected urban locations are presented to differentiate between vulnerable and relatively safe locations. The intent of this research is to contribute to the methodological understanding of human/hazards interactions in rapidly urbanizing cities of the Third World, which share similar socioeconomic conditions and environmental con-texts.展开更多
Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of contr...Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.展开更多
Although there have been remarkable technological developments in healthcare, the privacy and security of mobile health systems (mHealth) still raise many concerns with considerable consequences for patients using the...Although there have been remarkable technological developments in healthcare, the privacy and security of mobile health systems (mHealth) still raise many concerns with considerable consequences for patients using these technologies. For instance, potential security and privacy threats in wireless devices, such as Wi-Fi and Bluetooth connected to a patient hub at the application, middleware and sensory layers, may result in the disclosure of private and sensitive data. This paper explores the security and privacy of the patient hub, including patient applications and their connections to sensors and cloud technology. Addressing the privacy and security concerns of the patient hub called for a comprehensive risk assessment by using the OCTAVE risk assessment framework. Findings reveal that the highest risk concerned data exposure at the sensory layer. In spite of the countermeasures presented in this paper, most served as a means to identify risk early as opposed to mitigating them. The findings can serve to inform users of the potential vulnerabilities in the patient hub before they arise.展开更多
Natural disasters are not negligible factors that have significant impacts on a country’s development. Madagascar cannot escape cyclones, floods and drought due to its geographical situation. The objective in this wo...Natural disasters are not negligible factors that have significant impacts on a country’s development. Madagascar cannot escape cyclones, floods and drought due to its geographical situation. The objective in this work is to assess the risks and vulnerability to these hazards in order to strengthen the resilience of the Malagasy population. Our approach is based on multi-criteria spatial analysis using the Analytical Hierarchy Process (AHP). The results form decision spatial information that can be used at the strategic level of natural risk and disaster management. This work focuses on the degree of vulnerability and it was found in this study that the Androy and Atsimo-Atsinanana regions are the most vulnerable to major hazards in Madagascar not only because of their exposure to risk but also because of their very low socio-economic status.展开更多
Biodiversity conservation in parks and protected areas in Africa in general and especially in Nigeria is seriously threatened by the explosion of commercial bushmeat hunting activities in buffer zone communities. Seve...Biodiversity conservation in parks and protected areas in Africa in general and especially in Nigeria is seriously threatened by the explosion of commercial bushmeat hunting activities in buffer zone communities. Several fauna species are becoming endangered and the list of extinct species is increasing due to commercial bushmeat hunting activities. Using a combination of qualitative and quantitative research techniques, this paper assesses the livelihoods vulnerability underpinnings of commercial bushmeat hunting activities in Cross River National Park (CRNP). Results reveal that commercial bushmeat hunting activities are shaped by a vulnerability context that hinges on different elements of environmental shocks, seasonal challenges and surrounding societal trends. The paper highlights the conservation and global sustainable development implications of uncontrolled commercial bushmeat hunting practices and concludes with options on policy recommendations and future research trajectories.展开更多
The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader th...The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.展开更多
Although AI and quantum computing (QC) are fast emerging as key enablers of the future Internet, experts believe they pose an existential threat to humanity. Responding to the frenzied release of ChatGPT/GPT-4, thousa...Although AI and quantum computing (QC) are fast emerging as key enablers of the future Internet, experts believe they pose an existential threat to humanity. Responding to the frenzied release of ChatGPT/GPT-4, thousands of alarmed tech leaders recently signed an open letter to pause AI research to prepare for the catastrophic threats to humanity from uncontrolled AGI (Artificial General Intelligence). Perceived as an “epistemological nightmare”, AGI is believed to be on the anvil with GPT-5. Two computing rules appear responsible for these risks. 1) Mandatory third-party permissions that allow computers to run applications at the expense of introducing vulnerabilities. 2) The Halting Problem of Turing-complete AI programming languages potentially renders AGI unstoppable. The double whammy of these inherent weaknesses remains invincible under the legacy systems. A recent cybersecurity breakthrough shows that banning all permissions reduces the computer attack surface to zero, delivering a new zero vulnerability computing (ZVC) paradigm. Deploying ZVC and blockchain, this paper formulates and supports a hypothesis: “Safe, secure, ethical, controllable AGI/QC is possible by conquering the two unassailable rules of computability.” Pursued by a European consortium, testing/proving the proposed hypothesis will have a groundbreaking impact on the future digital infrastructure when AGI/QC starts powering the 75 billion internet devices by 2025.展开更多
Laser anti-drone technology is entering the sequence of actual combat,and it is necessary to consider the vulnerability of typical functional parts of UAVs.Since the concept of"vulnerability"was proposed,a v...Laser anti-drone technology is entering the sequence of actual combat,and it is necessary to consider the vulnerability of typical functional parts of UAVs.Since the concept of"vulnerability"was proposed,a variety of analysis programs for battlefield targets to traditional weapons have been developed,but a comprehensive assessment methodology for targets'vulnerability to laser is still missing.Based on the shotline method,this paper proposes a method that equates laser beam to shotline array,an efficient vulnerability analysis program of target to laser is established by this method,and the program includes the circuit board and the wire into the vulnerability analysis category,which improves the precision of the vulnerability analysis.Taking the UAV engine part as the target of vulnerability analysis,combine with the"life-death unit method"to calculate the laser penetration rate of various materials of the UAV,and the influence of laser weapon system parameters and striking orientation on the killing probability is quantified after introducing the penetration rate into the vulnerability analysis program.The quantitative analysis method proposed in this paper has certain general expansibility,which can provide a fresh idea for the vulnerability analysis of other targets to laser.展开更多
This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world sof...This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.展开更多
文摘With the trade network analysis method and bilateral country-product level trade data of 2017-2020,this paper reveals the overall characteristics and intrinsic vulnerabilities of China’s global supply chains.Our research finds that first,most global supply-chain-vulnerable products are from technology-intensive sectors.For advanced economies,their supply chain vulnerabilities are primarily exposed to political and economic alliances.In comparison,developing economies are more dependent on regional communities.Second,China has a significant export advantage with over 80%of highly vulnerable intermediate inputs relying on imports of high-end electrical,mechanical and chemical products from advanced economies or their multinational companies.China also relies on developing economies for the import of some resource products.Third,during the trade frictions from 2018 to 2019 and the subsequent COVID-19 pandemic,there was a significant reduction in the supply chain vulnerabilities of China and the US for critical products compared with other products,which reflects a shift in the layout of critical product supply chains to ensure not just efficiency but security.China should address supply chain vulnerabilities by bolstering supply-side weaknesses,diversifying import sources,and promoting international coordination and cooperation.
文摘This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.
文摘The boom of coding languages in the 1950s revolutionized how our digital world was construed and accessed. The languages invented then, including Fortran, are still in use today due to their versatility and ability to underpin a large majority of the older portions of our digital world and applications. Fortran, or Formula Translation, was a programming language implemented by IBM that shortened the apparatus of coding and the efficacy of the language syntax. Fortran marked the beginning of a new era of efficient programming by reducing the number of statements needed to operate a machine several-fold. Since then, dozens more languages have come into regular practice and have been increasingly diversified over the years. Some modern languages include Python, Java, JavaScript, C, C++, and PHP. These languages significantly improved efficiency and also have a broad range of uses. Python is mainly used for website/software development, data analysis, task automation, image processing, and graphic design applications. On the other hand, Java is primarily used as a client-side programming language. Expanding the coding languages allowed for increasing accessibility but also opened up applications to pertinent security issues. These security issues have varied by prevalence and language. Previous research has narrowed its focus on individual languages, failing to evaluate the security. This research paper investigates the severity and frequency of coding vulnerabilities comparatively across different languages and contextualizes their uses in a systematic literature review.
基金supported by the Key R and D Programs of Zhejiang Province under Grant No.2022C01018the Natural Science Foundation of Zhejiang Province under Grant No.LQ20F020019.
文摘Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.
文摘This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.
文摘Ethernet-based Passive Optical Network(EPON) is considered a very promising solution for the first mile problem of the next generation networks.Due to its particular characteristic of shared media structure,EPON suffers many security vulnerabilities. Communication security must be guaranteed when EPON is applied in practice.This paper gives a general introduction to the EPON system,analyzes the potential threats and attacks pertaining to the EPON system,and presents effective countermea-sures against these threats and attacks with emphasis on the authentication protocols and key distribution.
文摘In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.
文摘From an environmental protection perspective, the crucial issues pertaining to the policing of hazardous waste relate to both the vulnerabilities and limitations of current practices, and the potential issues that demand attention in the here and now, to alleviate future calamity. This paper describes the process involved in developing a vulnerabilities and limitations checklist that provides a relatively simple yet multi-pronged approach to assessing present and future environmental harms and crimes within the hazardous waste sector. Although it was not the intention of the authors to develop a generic checklist, this tool may prove useful to other industry sectors.
文摘To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
文摘The present study focuses on the impacts of extreme drought and flooding situations in Amazonia, using level/discharge data from some rivers in the Amazon region as indicators of impacts. The last 10 years have featured various “once in a century” droughts and floods in the Amazon basin, which have affected human and natural systems in the region. We assess a history of such hazards based on river data, and discuss some of the observed impacts in terms of vulnerability of human and natural systems, as well as some of adaptation strategies implemented by regional and local governments to cope with them. A critical perspective of mitigation of drought and flood policies in Amazonia suggests that they have been mostly ineffective in reducing vulnerability for the majority of the population, constituting, perhaps, examples of maladaptation via the undermining of resilience.
文摘The Ethiopian Electric Power(EEP) has been operating and managing the national interconnected power system with dispersed and geographically isolated generators, a complex transmission system and loads. In recent years, with an increasing load demand due to rural electrification and industrialization, the Ethiopian power system has faced more frequent, widely spread and long lasting blackouts. To slash the occurrence of such incidents, identifying the system vulnerabilities is the first step in this direction. In this paper, the vulnerability assessment is performed using indices called active power performance index(PIp) and voltage performance index(PIv). These indices provide a direct means of comparing the relative severity of the different line outages on the system loads and voltage profiles. Accordingly, it is found that the most severe line outages are those lines that interconnect the high load centered(Addis Ababa and Central regions) with the rest of the regional power systems. In addition, the most vulnerable buses of the network in respect of voltage limit violations are mainly found at the high load centers.
文摘Excessive unplanned urban growth leads to many vulnerabilities and impacts on urban environments to varying degrees. However, the majority of the extant literature focuses on the problems related to location and socioeconomic conditions, rather than vulnerability processes and related environmental degradation. This paper analyzes the scope of urban vulnerabilities for five rapidly urbanizing and highly-congested cities in the Kathmandu Valley, Nepal. First, the historic context of the Valley’s uncontrolled urbanization sets the scene. Second, the optic is narrowed to focus upon the geographical features of the resultant urbanized Valley landscape that includes spatial arrangements and of houses, population densities, road networks, vehicular densities, garbage problems, and available open spaces. Additionally, seismic vulnerabilities in the urban areas are also considering in this examination. Third, three-dimensional visualizations of selected urban locations are presented to differentiate between vulnerable and relatively safe locations. The intent of this research is to contribute to the methodological understanding of human/hazards interactions in rapidly urbanizing cities of the Third World, which share similar socioeconomic conditions and environmental con-texts.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT:Ministry of Science and ICT)(Nos.NRF-2016M2A8A4952280 and NRF-2020R1A2C1012187).
文摘Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.
文摘Although there have been remarkable technological developments in healthcare, the privacy and security of mobile health systems (mHealth) still raise many concerns with considerable consequences for patients using these technologies. For instance, potential security and privacy threats in wireless devices, such as Wi-Fi and Bluetooth connected to a patient hub at the application, middleware and sensory layers, may result in the disclosure of private and sensitive data. This paper explores the security and privacy of the patient hub, including patient applications and their connections to sensors and cloud technology. Addressing the privacy and security concerns of the patient hub called for a comprehensive risk assessment by using the OCTAVE risk assessment framework. Findings reveal that the highest risk concerned data exposure at the sensory layer. In spite of the countermeasures presented in this paper, most served as a means to identify risk early as opposed to mitigating them. The findings can serve to inform users of the potential vulnerabilities in the patient hub before they arise.
文摘Natural disasters are not negligible factors that have significant impacts on a country’s development. Madagascar cannot escape cyclones, floods and drought due to its geographical situation. The objective in this work is to assess the risks and vulnerability to these hazards in order to strengthen the resilience of the Malagasy population. Our approach is based on multi-criteria spatial analysis using the Analytical Hierarchy Process (AHP). The results form decision spatial information that can be used at the strategic level of natural risk and disaster management. This work focuses on the degree of vulnerability and it was found in this study that the Androy and Atsimo-Atsinanana regions are the most vulnerable to major hazards in Madagascar not only because of their exposure to risk but also because of their very low socio-economic status.
文摘Biodiversity conservation in parks and protected areas in Africa in general and especially in Nigeria is seriously threatened by the explosion of commercial bushmeat hunting activities in buffer zone communities. Several fauna species are becoming endangered and the list of extinct species is increasing due to commercial bushmeat hunting activities. Using a combination of qualitative and quantitative research techniques, this paper assesses the livelihoods vulnerability underpinnings of commercial bushmeat hunting activities in Cross River National Park (CRNP). Results reveal that commercial bushmeat hunting activities are shaped by a vulnerability context that hinges on different elements of environmental shocks, seasonal challenges and surrounding societal trends. The paper highlights the conservation and global sustainable development implications of uncontrolled commercial bushmeat hunting practices and concludes with options on policy recommendations and future research trajectories.
基金the FederalMinistry of Education and Research of Germany under Grant Numbers 16ES1131 and 16ES1128K.
文摘The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.
文摘Although AI and quantum computing (QC) are fast emerging as key enablers of the future Internet, experts believe they pose an existential threat to humanity. Responding to the frenzied release of ChatGPT/GPT-4, thousands of alarmed tech leaders recently signed an open letter to pause AI research to prepare for the catastrophic threats to humanity from uncontrolled AGI (Artificial General Intelligence). Perceived as an “epistemological nightmare”, AGI is believed to be on the anvil with GPT-5. Two computing rules appear responsible for these risks. 1) Mandatory third-party permissions that allow computers to run applications at the expense of introducing vulnerabilities. 2) The Halting Problem of Turing-complete AI programming languages potentially renders AGI unstoppable. The double whammy of these inherent weaknesses remains invincible under the legacy systems. A recent cybersecurity breakthrough shows that banning all permissions reduces the computer attack surface to zero, delivering a new zero vulnerability computing (ZVC) paradigm. Deploying ZVC and blockchain, this paper formulates and supports a hypothesis: “Safe, secure, ethical, controllable AGI/QC is possible by conquering the two unassailable rules of computability.” Pursued by a European consortium, testing/proving the proposed hypothesis will have a groundbreaking impact on the future digital infrastructure when AGI/QC starts powering the 75 billion internet devices by 2025.
基金National Natural Science Foundation of China(Grant Nos.62005276,62175234)the Scientific and Technological Development Program of Jilin,China(Grant No.20230508111RC)to provide fund for this research。
文摘Laser anti-drone technology is entering the sequence of actual combat,and it is necessary to consider the vulnerability of typical functional parts of UAVs.Since the concept of"vulnerability"was proposed,a variety of analysis programs for battlefield targets to traditional weapons have been developed,but a comprehensive assessment methodology for targets'vulnerability to laser is still missing.Based on the shotline method,this paper proposes a method that equates laser beam to shotline array,an efficient vulnerability analysis program of target to laser is established by this method,and the program includes the circuit board and the wire into the vulnerability analysis category,which improves the precision of the vulnerability analysis.Taking the UAV engine part as the target of vulnerability analysis,combine with the"life-death unit method"to calculate the laser penetration rate of various materials of the UAV,and the influence of laser weapon system parameters and striking orientation on the killing probability is quantified after introducing the penetration rate into the vulnerability analysis program.The quantitative analysis method proposed in this paper has certain general expansibility,which can provide a fresh idea for the vulnerability analysis of other targets to laser.
基金This work is the result of commissioned research project supported by the Affiliated Institute of ETRI(2022-086)received by Junho AhnThis research was supported by the National Research Foundation of Korea(NRF)Basic Science Research Program funded by the Ministry of Education(No.2020R1A6A1A03040583)this work was supported by Korea Institute for Advancement of Technology(KIAT)Grant funded by the Korea government(MOTIE)(P0008691,HRD Program for Industrial Innovation).
文摘This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities,generating applicable guidelines based on real-world software.The existing analysis of software security vulnerabilities often focuses on specific features or modules.This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software.The key novelty lies in overcoming the constraints of partial approaches.The proposed framework utilizes data from various sources to create a comprehensive functionality profile,facilitating the derivation of real-world security guidelines.Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure(CVE)and Common Vulnerability Scoring System(CVSS)scores,resulting in automated guidelines tailored to each product.These guidelines are not only practical but also applicable in real-world software,allowing for prioritized security responses.The proposed framework is applied to virtual private network(VPN)software,wherein a validated Level 2 data flow diagram is generated using the Spoofing,Tampering,Repudiation,Information Disclosure,Denial of Service,and Elevation of privilege(STRIDE)technique with references to various papers and examples from related software.The analysis resulted in the identification of a total of 121 vulnerabilities.The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems,subsystems,and selected modules.