Security Evaluation and Hardening of Free and Open Source Software (FOSS)

Recently, Free and Open Source Software (FOSS) has emerged as an alternative to Commercial-Off- The-Shelf (COTS) software. Now, FOSS is perceived as a viable long-term solution that deserves careful consideration because of its potential for significant cost savings, improved reliability, and numerous advantages over proprietary software. However, the secure integration of FOSS in IT infrastructures is very challenging and demanding. Methodologies and technical policies must be adapted to reliably compose large FOSS-based software systems. A DRDC Valcartier-Concordia University feasibility study completed in March 2004 concluded that the most promising approach for securing FOSS is to combine advanced design patterns and Aspect-Oriented Programming (AOP). Following the recommendations of this study a three years project have been conducted as a collaboration between Concordia University, DRDC Valcartier, and Bell Canada. This paper aims at presenting the main contributions of this project. It consists of a practical framework with the underlying solid semantic foundations for the security evaluation and hardening of FOSS

Creep and tensile properties of several oxide-dispersion-strengthened nickel-base alloys at 1365 K

The tensile properties at room temperature and at 1365 K and the tensile creep properties at low strain rates at 1365 K were measured for several oxide-dispersion-strengthened (ODS) alloys. The alloys examined included ODS Ni, ODS Ni-20Cr, and ODS Ni-16Cr-Al. Metallography of creep tested, large grain size ODS alloys indicated that creep of these alloys is an inhomogeneous process. All alloys appear to possess a threshold stress for creep. This threshold stress is believed to be associated with diffusional creep in the large grain size ODS alloys and normal dislocation motion in perfect single crystal (without transverse low angle boundaries) ODS alloys. Threshold stresses for large grain size ODS Ni-20Cr and Ni-16Cr-Al type alloys are dependent on the grain aspect ratio. Because of the deleterious effect of prior creep on room temperature mechanical properties of large grain size ODS alloys, it is speculated that the threshold stress may be the design limiting creep strength property

Massive MIMO is a Reality -- What is Next? Five Promising Research Directions for Antenna Arrays

Massive MIMO (multiple-input multiple-output) is no longer a "wild" or "promising" concept for future cellular networks - in 2018 it became a reality. Base stations (BSs) with 64 fully digital transceiver chains were commercially deployed in several countries, the key ingredients of Massive MIMO have made it into the 5G standard, the signal processing methods required to achieve unprecedented spectral efficiency have been developed, and the limitation due to pilot contamination has been resolved. Even the development of fully digital Massive MIMO arrays for mmWave frequencies - once viewed prohibitively complicated and costly - is well underway. In a few years, Massive MIMO with fully digital transceivers will be a mainstream feature at both sub-6 GHz and mmWave frequencies. In this paper, we explain how the first chapter of the Massive MIMO research saga has come to an end, while the story has just begun. The coming wide-scale deployment of BSs with massive antenna arrays opens the door to a brand new world where spatial processing capabilities are omnipresent. In addition to mobile broadband services, the antennas can be used for other communication applications, such as low-power machine-type or ultra-reliable communications, as well as non-communication applications such as radar, sensing and positioning. We outline five new Massive MIMO related research directions: Extremely large aperture arrays, Holographic Massive MIMO, Six-dimensional positioning, Large-scale MIMO radar, and Intelligent Massive MIMO.Comment: 20 pages, 9 figures, submitted to Digital Signal Processin

Traceability for the maintenance of secure software

Traceability links among different software engineering artifacts make explicit how a software system was implemented to accommodate its requirements. For secure and dependable software system development, one must ensure the linked entities are truly traceable to each other and the links are updated to reflect true traceability among changed entities. However, traditional traceability relationships link recovery techniques are not accurate enough. To address this problem, we propose a traceability technique based on refactoring, which is then continuously integrated with other software maintenance activities. Applying our traceability technique to the proven SSL protocol design, we found a significant vulnerability bug in its open-source implementation. The results also demonstrate the level of accuracy and change resilience of our technique that enable reuse of the traceability-related analysis on different implementations

Precarity and Agency through a Migration Lens

This special issue leverages the migrant experience to better understand precarity and agency in the contemporary world. By way of introduction, we examine the broader bodies of literature on precarity and agency, relate them to research on migration, and link them to the contributions in the special issue. Laying a foundation for further research, we illuminate three approaches to study the precarity-migration-agency nexus: an industry-specific approach, a sending country/deportee approach, and a collective action approach. We conclude with a critical analysis of freedom and national borders, considering the \u27open borders\u27 movement, postnational citizenship, and opposition to marketization

Micro-mechanical investigations of irradiation tolerance in nanostructured ferritic alloys processed into thin-walled tubing

The contribution of this thesis to science is studying a newer class of oxide dispersion strengthened steel shaped into thin walled tubing by comparing different thermos-mechanical processing paths. Additionally, this work investigates the properties and microstructure of those materials using high-throughput micro-mechanical techniques before and after ion irradiation. Specifically, this work shows the use of sharp indentation, spherical nanoindentation, micro-pillar compression, and micro-tensile testing techniques. The first part of the dissertation explores the different techniques on varied material systems. The second part applies these characterization methods to one specific steel in order to evaluate the effect of the processing method on the properties. Testing at a nanometer scale to tens of micrometers length scale was critical for the study after proton irradiation, which occurs on a similar length scale into the surface of the material. This enables testing on a shorter time frame than waiting for large pieces of materials after neutron irradiation. The findings show irradiation of a particular ion specie combined with a micro-mechanical technique applied at same length scale can provide useful information to evaluate candidate materials for nuclear applications. It was found that the two processing pathways at lower temperatures resulted in smaller grain sizes and therefore, higher strengths and less of a change in strength after proton irradiation

Integration and development trajectories: Latin American populations in The Netherlands: exploratory study

This document gathers the main results of an exploratory study about the obstacles and possibilities of articulating the population of Latin American origin residing in The Netherlands to the receiving society. Two specific issues on the matter are presented: an overview of the types of organizations working with or for said populations; and information on the living conditions, potential and needs of the individuals. A review of the available statistical data from various government institutions is exposed and analysed and, on the basis of the results from a survey as well as several interviews, the situation of the target population is analyzed. The document contains a special section about the conditions of ‘populations in special situations’ and, when required, pertinent recommendations on their needs and the possibilities to improve their conditions are made. The study demonstrates that the increases in number of Latin American migrants as well as the changes in the causes for migration and the profile of those who arrive to The Netherlands are issues which deserve attention both at a theoretical level as well as in the practical and policy formulation aspects.civil society;migration;integration;organizations;Latin American populations

Use of Service Oriented Architecture for Scada Networks

Supervisory Control and Data Acquisition (SCADA) systems involve the use of distributed processing to operate geographically dispersed endpoint hardware components. They manage the control networks used to monitor and direct large-scale operations such as utilities and transit systems that are essential to national infrastructure. SCADA industrial control networks (ICNs) have long operated in obscurity and been kept isolated largely through strong physical security. Today, Internet technologies are increasingly being utilized to access control networks, giving rise to a growing concern that they are becoming more vulnerable to attack. Like SCADA, distributed processing is also central to cloud computing or, more formally, the Service Oriented Architecture (SOA) computing model. Certain distinctive properties differentiate ICNs from the enterprise networks that cloud computing developments have focused on. The objective of this project is to determine if modern cloud computing technologies can be also applied to improving dated SCADA distributed processing systems. Extensive research was performed regarding control network requirements as compared to those of general enterprise networks. Research was also conducted into the benefits, implementation, and performance of SOA to determine its merits for application to control networks. The conclusion developed is that some aspects of cloud computing might be usefully applied to SCADA systems but that SOA fails to meet ICN requirements in a certain essential areas. The lack of current standards for SOA security presents an unacceptable risk to SCADA systems that manage dangerous equipment or essential services. SOA network performance is also not sufficiently deterministic to suit many real-time hardware control applications. Finally, SOA environments cannot as yet address the regulatory compliance assurance requirements of critical infrastructure SCADA systems