Cross-layer Soft Error Analysis and Mitigation at Nanoscale Technologies

This thesis addresses the challenge of soft error modeling and mitigation in nansoscale technology nodes and pushes the state-of-the-art forward by proposing novel modeling, analyze and mitigation techniques. The proposed soft error sensitivity analysis platform accurately models both error generation and propagation starting from a technology dependent device level simulations all the way to workload dependent application level analysis

An OSINT Approach to Automated Asset Discovery and Monitoring

The main objective of this thesis is to improve the efficiency of security operations centersthrough the articulation of different publicly open sources of security related feeds. This ischallenging because of the different abstraction models of the feeds that need to be madecompatible, of the range of control values that each data source can have and that will impactthe security events, and of the scalability of computational and networking resources that arerequired to collect security events.Following the industry standards proposed by the literature (OSCP guide, PTES andOWASP), the detection of hosts and sub-domains using an articulation of several sources isregarded as the first interaction in an engagement. This first interaction often misses somesources that could allow the disclosure of more assets. This became important since networkshave scaled up to the cloud, where IP address range is not owned by the company, andimportant applications are often shared within the same IP, like the example of Virtual Hoststo host several application in the same server.We will focus on the first step of any engagement, the enumeration of the target network.Attackers often use several techniques to enumerate the target to discover vulnerable services.This enumeration could be improved by the addition of several other sources and techniquesthat are often left aside from the literature. Also, by creating an automated process it ispossible for security operation centers to discover these assets and map the applicationsin use to keep track of said vulnerabilities using OSINT techniques and publicly availablesolutions, before the attackers try to exploit the service. This gives a vision of the Internetfacing services often seen by attackers without querying the service directly evading thereforedetection. This research is in frame with the complete engagement process and should beintegrate in already built solutions, therefore the results should be able to connect to additionalapplications in order to reach forward in the engagement process.By addressing these challenges we expect to come in great aid of sysadmin and securityteams, helping them with the task of securing their assets and ensuring security cleanlinessof the enterprise resulting in a better policy compliance without ever connecting to the clienthosts

Vulnerability to Flooding in Cities at Local Scale: New Methodology with Application to a Local Council in Sydney

Background. Flood studies are conducted mostly at city or catchment scales. While such studies are necessary for developing flood policies, municipalities require, in addition, place-specific data and strategies that can identify population at risk and develop tailored measures to reduce vulnerability and increase resilience. Local authorities commonly conduct their own flood studies, concentrating on the geophysical aspects of floods without considering their differential social impacts. Different communities and individuals may be at risk for different reasons and for effective flood risk management and better adaptation to floods, it is important to know not only how significant the aggregate flooding risk is, but who is at risk and what are the drivers of their vulnerability. Objectives and Methods. The objective of the study is to develop a new methodology for assessing urban flood risk at local scale by constructing a Flood Social Vulnerability (FSV) model and use it assess the extent to which vulnerability to flooding is likely to change under different scenarios of climate change. The model is based on a hybrid approach, combining hydrological and hydraulic flood simulations with social vulnerability and built-environment indicators. The methodology is tested by applying it to the Marrickville Study Region (MSR), which consists of a number of suburbs in Sydney’s Inner-West known to be prone to flooding. The study area is divided into a set of local spatial units, determined by the smallest unit at which aggregated data is available. This is, in the case of MSR, the SA1 scale of the Australian Bureau of Statistics. A set of indicators under each dimension of a flood risk pyramid – hazard, exposure and social vulnerability – are extracted from simulation analyses and socio-economic databases, for each local unit, and combined into a flood social vulnerability index (FSVI). Moreover, this research investigated how vulnerability might change in the future due to the impact of climate change under today’s demographic, socioeconomic and built-environment conditions. To test the suitability of FSVI in informing flood mitigation policy making within a local government, results were discussed with the local government authority (the Inner-West Council) of the MSR. Findings. FSVI developed in this study helped in detecting local flood vulnerability hotspots. There was little overlap between the spatial distribution of the three sets of indicators (hazard, exposure and social vulnerability). Hence, drawing on socio-economic information to assess vulnerability to flooding was found to be useful. Simulation of climate change scenarios show noticeable increases in the duration of floods, but limited changes in flood depths, velocities and extents. Stakeholders at the Inner-West Council stated that the study’s findings could inform the Council’s current flood management planning, especially in relation to emergency services

Visualizing Contextual Information for Network Vulnerability Management

The threat of data breach rises every day, and many organizations lack the resources to patch every vulnerability they might have. Yet, these organizations do not prioritize what vulnerabilities to patch in an optimal way, in part due to a lack of context needed to make these decisions. Our team proposes the Vulnerability Visualization (VV) tool, a web visualization dashboard for increasing analyst prioritization capabilities through visualization of context for network scans. Evaluations demonstrate that the VV tool enhances the vulnerability management (VM) process through augmenting the discovery and prioritization of vulnerabilities. We show that adding context to the VM process through visualization allows people to make better decisions for vulnerability remediation

The Benefits and Burdens of Pediatric Palliative Care and End-of-Life Research: A Systematic Review

Objective: The aim of this study is to report the benefits and burdens of palliative research participation on children, siblings, parents, clinicians, and researchers. Background: Pediatric palliative care requires research to mature the science and improve interventions. A tension exists between the desire to enhance palliative and end-of-life care for children and their families and the need to protect these potentially vulnerable populations from untoward burdens. Methods: Systematic review followed PRISMA guidelines with prepared protocol registered as PROSPERO #CRD42018087304. MEDLINE, CINAHL, PsycINFO, EMBASE, Scopus, and The Cochrane Library were searched (2000–2017). English-language studies depicting the benefits or burdens of palliative care or end-of-life research participation on either pediatric patients and/or their family members, clinicians, or study teams were eligible for inclusion. Study quality was appraised using the Mixed Methods Appraisal Tool (MMAT). Results: Twenty-four studies met final inclusion criteria. The benefit or burden of palliative care research participation was reported for the child in 6 papers; siblings in 2; parents in 19; clinicians in 3; and researchers in 5 papers. Benefits were more heavily emphasized by patients and family members, whereas burdens were more prominently emphasized by researchers and clinicians. No paper utilized a validated benefit/burden scale. Discussion: The lack of published exploration into the benefits and burdens of those asked to take part in pediatric palliative care research and those conducting the research is striking. There is a need for implementation of a validated benefit/burden instrument or interview measure as part of pediatric palliative and end-of-life research design and reporting

Reduction of the seismic vulnerability of vernacular architecture with traditional strengthening solutions

Tese de Doutoramento em Engenharia CivilThe valorization and preservation of vernacular architecture, as well as traditional construction techniques and materials, is a key-element for cultural identity. As part of this essential objective, the present thesis focuses on vernacular architecture earthquake preparedness, with a particular focus on the Portuguese case. Conservation efforts are often mainly focused on historical constructions and monuments. Furthermore, more detailed and sophisticated seismic vulnerability assessment approaches typically used for monumental buildings require time, cost and resources that are not commonly assigned to the study of vernacular architecture. Earthquakes come unexpectedly, endangering in-use vernacular architecture and the population who inhabits it. That is why the development of a simplified method for the seismic vulnerability assessment of vernacular architecture is of paramount importance. The present research establishes four clear objectives that are accomplished through the development of four research tasks structured along the nine chapters that composed this document. The first part of the thesis is dedicated to the investigation of traditional strengthening construction techniques developed empirically by local communities to protect their built-up environment, based on literature review and on-site visits. The second part deals with the development of two seismic vulnerability assessment methods for vernacular architecture: (1) Seismic Vulnerability Index for Vernacular Architecture (SVIVA); and (2) Seismic Assessment of the Vulnerability of Vernacular Architecture Structures (SAVVAS). The development of these two methods composes the main body of the thesis, which is carried out on the basis of an extensive numerical modeling campaign that also helped to gain a deeper quantitative knowledge on the seismic behavior of representative examples of existing Portuguese vernacular architecture. The third part of the thesis addresses the numerical investigation of traditional strengthening construction solutions identified within the first part. It is mainly intended to validate their efficiency in mitigating the seismic vulnerability of vernacular architecture for their eventual application. Finally, the thesis deals with the application of the two methods in two different case studies. This part allows calibrating the two methods, as well as validating their applicability as first level seismic vulnerability assessment approaches.A valorização e conservação da arquitetura vernácula, assim como das técnicas e materiais tradicionais de construção, é um elemento chave de identidade cultural. A presente tese centra-se na arquitetura vernácula e na sua preparação para fazer face aos terramotos, em particular no caso português. Os esforços de conservação centram-se em geral nas construções históricas. Abordagens muito detalhadas e sofisticadas para a avaliação da vulnerabilidade sísmica são, sobretudo, aplicáveis em edificios históricos e monumentais, porque requerem um tempo, um custo e uma quantidade de recursos que não podem ser atribuídos ao estudo da arquitetura vernácula. Contudo, os sismos são inesperados e põem em risco a arquitetura vernácula e os seus habitantes. É por isso que o desenvolvimento de um metodo simplificado para a avaliação da vulnerabilidade sísmica da arquitetura vernácula é de suma importância. A presente investigação estabelece quatro objetivos que são atingidos através do desenvolvimento de quatro tarefas organizadas em nove capítulos que compõem este documento. A primeira parte da tese centra-se no estudo de técnicas tradicionais de reforço desenvolvidas por comunidades locais empiricamente, com o objetivo de proteger os seus edifícios das ações sísmicas. Esta parte inclui a revisão da literatura e a investigação in-situ. A segunda parte dedica-se a desenvolver dois métodos para a avaliação da vulnerabilidade sísmica da arquitectura vernácula: (1) Seismic Vulnerability Index for Vernacular Architecture (SVIVA); e (2) Seismic Assessment of the Vulnerability of Vernacular Architecture Structures (SAVVAS). O desenvolvimento destes métodos compõe o corpo principal da tese, baseado num extenso trabalho de modelação numérica, que também contribui para se obter um melhor conhecimento do comportamento sísmico de exemplos existentes e representativos da arquitetura vernácula portuguesa. A terceira parte aborda a investigação numérica das soluções de reforço tradicionais identificadas previamente e destina-se principalmente à validação da sua eficiência na mitigação da vulnerabilidade sísmica da arquitectura vernácula, para assim poder ser aplicadas em edifícios existentes. A tese é concluída com a aplicação dos dois métodos desenvolvidos, em dois casos de estudo. Esta parte contribui para a calibração dos métodos, além da validação da sua aplicabilidade como abordagem de primeiro nível na avaliação da vulnerabilidade sísmica

Automated ISMS control auditability

This thesis focuses on researching a possible reference model for automated ISMS’s (Information Security Management System) technical control auditability. The main objective was to develop a generic framework for automated compliance status monitoring of the ISO27001:2013 standard which could be re‐used in any ISMS system. The framework was tested with Proof of Concept (PoC) empirical research in a test infrastructure which simulates the framework target deployment environment. To fulfil the objective the thesis analysed first which ISO27001:2013 controls could be implemented using technical means and whether it would be possible to automate the measurement of the control compliance for these controls. After that different sources were used as input material to actually define how to fulfill, verify and measure the selected controls. The developed framework consists of three parts, Framework Selected Controls, Framework Architecture and guidance how to use the framework. It includes ISO27001:2013 controls which could be automatically audited, a methodology to do this and a framework how this could be fulfilled. The testing was performed using three different types of commercial tools to understand if they could fulfill a part of the developed framework. None of the tested tools was able to fulfill the framework as it is. Empirical research has showed the importance of the integrity assurance when reaching for automated security control compliance. This is the essential part and is somewhat lacking on the tested tools.Tässä opinnäytetyössä tutkitaan mahdollista viitekehysmallia tietoturvan hallintajärjestelmän (ISMS) teknisten kontrollien automaattisesta auditoitavuudesta. Päätavoitteena oli kehittää viitekehysmalli ISO27001:2013 standardin säännönmukaisuuden automaattisesta arvioinnista jota voitaisiin uudelleenkäyttää missä tahansa ISMS‐järjestelmässä. Viitekehysmalli testattiin empiirisellä tutkimuksella jossa ratkaisu pyrittiin todentamaan (Proof of concept). Tavoitteen saavuttamiseksi analysoitiin mitkä ISO27001:2013 kontrollit voitaisiin toteuttaa teknisesti ja olisiko niiden säännönmukaisuuden todennus tehtävissä automaattisesti. Useita eri lähteitä käytettiin hyväksi määriteltäessä miten kontrollit tulisi toteuttaa, todentaa ja miten niitten säännönmukaisuus voitaisiin mitata. Kehitetty viitekehys koostuu kolmesta osasta, viitekehykseen valituista kontrolleista, viitekehyksen arkkitehtuurista sekä käyttöohjeistuksesta ja se sisältää ISO27001:2013 kontrollit jotka voitaisiin automaattisesti auditoida, menetelmä tämän tekemiseen ja varsinaisen viitekehyksen automaattisen auditoitavuuden saavuttamiseen. Testauksessa käytettiin kolmea eri tyyppistä kaupallista työkalua jotta ymmärrettäisiin voisivatko ne toteuttaa osan kehitetystä viitekehyksestä. Mikään työkaluista ei pystynyt tähän suoraan. Empiirinen tutkimus on osoittanut eheyden varmistamisen tärkeyden tavoiteltaessa automaattista säännönmukaisuuden varmistamista. Tämä on olennainen osa joka näyttää puuttuvan testatuista työkaluista