An Empirical Study on Android-related Vulnerabilities

Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. For this and other reasons, mobile devices, and in particular the software that runs on them, are considered first-class citizens in the software-vulnerabilities landscape. Several studies investigated the software-vulnerabilities phenomenon in the context of mobile apps and, more in general, mobile devices. Most of these studies focused on vulnerabilities that could affect mobile apps, while just few investigated vulnerabilities affecting the underlying platform on which mobile apps run: the Operating System (OS). Also, these studies have been run on a very limited set of vulnerabilities. In this paper we present the largest study at date investigating Android-related vulnerabilities, with a specific focus on the ones affecting the Android OS. In particular, we (i) define a detailed taxonomy of the types of Android-related vulnerability; (ii) investigate the layers and subsystems from the Android OS affected by vulnerabilities; and (iii) study the survivability of vulnerabilities (i.e., the number of days between the vulnerability introduction and its fixing). Our findings could help OS and apps developers in focusing their verification & validation activities, and researchers in building vulnerability detection tools tailored for the mobile world

MATCASC: A tool to analyse cascading line outages in power grids

Blackouts in power grids typically result from cascading failures. The key importance of the electric power grid to society encourages further research into sustaining power system reliability and developing new methods to manage the risks of cascading blackouts. Adequate software tools are required to better analyze, understand, and assess the consequences of the cascading failures. This paper presents MATCASC, an open source MATLAB based tool to analyse cascading failures in power grids. Cascading effects due to line overload outages are considered. The applicability of the MATCASC tool is demonstrated by assessing the robustness of IEEE test systems and real-world power grids with respect to cascading failures

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Continuous and Discrete Time Analysis of Network in NS2

A Simulator is nothing but a system which can imitate the working of a real world process and a network simulator is also the system or the software which can establish and analyze a network similar to the network of the real world. There are basically two network simulation methods available, event-driven simulation and time-driven simulation. Both these methods have their own benefits like less simulation time, high efficiency, less operational overhead, user-friendly etc. depending on the application. Different methods of network simulation have different effect on the network parameters. This paper analyses the effect on the network parameters by converting the event-driven simulation of NS2 to time-driven simulation in Matlab

An Analysis of flow-based routing

Since their development in the early 1970\u27s, the underlying function of IP routers has not changed - they still support a best effort delivery method in order to pass frames from source to destination. With the advent of newer, bandwidth intensive Internet-based services and applications, such as video conferencing and telemedicine, many individuals wonder if the current approach to routing is the most practical. The Internet needs to provide quality of service ( QoS ) as predictably as conventional circuit switching networks. Although some QoS capabilities in an isolated environment have been demonstrated, providing end-to-end QoS at a large scale across the Internet remains an unsolved problem [1]. The alternative to the traditional method of IP routing is a concept known as flow-based routing, whereas traffic is sent across the network as part of a common flow, rather than individually inspecting each packet. As part of this thesis, the differences between flow-based routing and the current standard of IP routing will be investigated. There are many benefits to be had from routing based on flows, for both routers and applications. Some research has already been done on specific aspects of flow-based routing, but because the concept is so cutting-edge, resources are scarce. This study delves into the benefits and obstacles of flow-based routing, and analyzes characteristics such as practicality and security, along with the benefits of this model