247 research outputs found

    Effects of municipal smoke-free ordinances on secondhand smoke exposure in the Republic of Korea

    Get PDF
    ObjectiveTo reduce premature deaths due to secondhand smoke (SHS) exposure among non-smokers, the Republic of Korea (ROK) adopted changes to the National Health Promotion Act, which allowed local governments to enact municipal ordinances to strengthen their authority to designate smoke-free areas and levy penalty fines. In this study, we examined national trends in SHS exposure after the introduction of these municipal ordinances at the city level in 2010.MethodsWe used interrupted time series analysis to assess whether the trends of SHS exposure in the workplace and at home, and the primary cigarette smoking rate changed following the policy adjustment in the national legislation in ROK. Population-standardized data for selected variables were retrieved from a nationally representative survey dataset and used to study the policy action’s effectiveness.ResultsFollowing the change in the legislation, SHS exposure in the workplace reversed course from an increasing (18% per year) trend prior to the introduction of these smoke-free ordinances to a decreasing (−10% per year) trend after adoption and enforcement of these laws (β2 = 0.18, p-value = 0.07; β3 = −0.10, p-value = 0.02). SHS exposure at home (β2 = 0.10, p-value = 0.09; β3 = −0.03, p-value = 0.14) and the primary cigarette smoking rate (β2 = 0.03, p-value = 0.10; β3 = 0.008, p-value = 0.15) showed no significant changes in the sampled period. Although analyses stratified by sex showed that the allowance of municipal ordinances resulted in reduced SHS exposure in the workplace for both males and females, they did not affect the primary cigarette smoking rate as much, especially among females.ConclusionStrengthening the role of local governments by giving them the authority to enact and enforce penalties on SHS exposure violation helped ROK to reduce SHS exposure in the workplace. However, smoking behaviors and related activities seemed to shift to less restrictive areas such as on the streets and in apartment hallways, negating some of the effects due to these ordinances. Future studies should investigate how smoke-free policies beyond public places can further reduce the SHS exposure in ROK

    Cybersecurity: Past, Present and Future

    Full text link
    The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-

    Towards trustworthy computing on untrustworthy hardware

    Get PDF
    Historically, hardware was thought to be inherently secure and trusted due to its obscurity and the isolated nature of its design and manufacturing. In the last two decades, however, hardware trust and security have emerged as pressing issues. Modern day hardware is surrounded by threats manifested mainly in undesired modifications by untrusted parties in its supply chain, unauthorized and pirated selling, injected faults, and system and microarchitectural level attacks. These threats, if realized, are expected to push hardware to abnormal and unexpected behaviour causing real-life damage and significantly undermining our trust in the electronic and computing systems we use in our daily lives and in safety critical applications. A large number of detective and preventive countermeasures have been proposed in literature. It is a fact, however, that our knowledge of potential consequences to real-life threats to hardware trust is lacking given the limited number of real-life reports and the plethora of ways in which hardware trust could be undermined. With this in mind, run-time monitoring of hardware combined with active mitigation of attacks, referred to as trustworthy computing on untrustworthy hardware, is proposed as the last line of defence. This last line of defence allows us to face the issue of live hardware mistrust rather than turning a blind eye to it or being helpless once it occurs. This thesis proposes three different frameworks towards trustworthy computing on untrustworthy hardware. The presented frameworks are adaptable to different applications, independent of the design of the monitored elements, based on autonomous security elements, and are computationally lightweight. The first framework is concerned with explicit violations and breaches of trust at run-time, with an untrustworthy on-chip communication interconnect presented as a potential offender. The framework is based on the guiding principles of component guarding, data tagging, and event verification. The second framework targets hardware elements with inherently variable and unpredictable operational latency and proposes a machine-learning based characterization of these latencies to infer undesired latency extensions or denial of service attacks. The framework is implemented on a DDR3 DRAM after showing its vulnerability to obscured latency extension attacks. The third framework studies the possibility of the deployment of untrustworthy hardware elements in the analog front end, and the consequent integrity issues that might arise at the analog-digital boundary of system on chips. The framework uses machine learning methods and the unique temporal and arithmetic features of signals at this boundary to monitor their integrity and assess their trust level

    Cache Attacks and Defenses

    Get PDF
    In the digital age, as our daily lives depend heavily on interconnected computing devices, information security has become a crucial concern. The continuous exchange of data between devices over the Internet exposes our information vulnerable to potential security breaches. Yet, even with measures in place to protect devices, computing equipment inadvertently leaks information through side-channels, which emerge as byproducts of computational activities. One particular source of such side channels is the cache, a vital component of modern processors that enhances computational speed by storing frequently accessed data from random access memory (RAM). Due to their limited capacity, caches often need to be shared among concurrently running applications, resulting in vulnerabilities. Cache side-channel attacks, which exploit such vulnerabilities, have received significant attention due to their ability to stealthily compromise information confidentiality and the challenge in detecting and countering them. Consequently, numerous defense strategies have been proposed to mitigate these attacks. This thesis explores these defense strategies against cache side-channels, assesses their effectiveness, and identifies any potential vulnerabilities that could be used to undermine the effectiveness of these defense strategies. The first contribution of this thesis is a software framework to assess the security of secure cache designs. We show that while most secure caches are protected from eviction-set-based attacks, they are vulnerable to occupancybased attacks, which works just as well as eviction-set-based attacks, and therefore should be taken into account when designing and evaluating secure caches. Our second contribution presents a method that utilizes speculative execution to enable high-resolution attacks on low-resolution timers, a common cache attack countermeasure adopted by web browsers. We demonstrate that our technique not only allows for high-resolution attacks to be performed on low-resolution timers, but is also Turing-complete and is capable of performing robust calculations on cache states. Through this research, we uncover a new attack vector on low-resolution timers. By exposing this vulnerability, we hope to prompt the necessary measures to address the issue and enhance the security of systems in the future. Our third contribution is a survey, paired with experimental assessment of cache side-channel attack detection techniques using hardware performance counters. We show that, despite numerous claims regarding their efficacy, most detection techniques fail to perform proper evaluation of their performance, leaving them vulnerable to more advanced attacks. We identify and outline these shortcomings, and furnish experimental evidence to corroborate our findings. Furthermore, we demonstrate a new attack that is capable of compromising these detection methods. Our aim is to bring attention to these shortcomings and provide insights that can aid in the development of more robust cache side-channel attack detection techniques. This thesis contributes to a deeper comprehension of cache side-channel attacks and their potential effects on information security. Furthermore, it offers valuable insights into the efficacy of existing mitigation approaches and detection methods, while identifying areas for future research and development to better safeguard our computing devices and data from these insidious attacks.Thesis (MPhil) -- University of Adelaide, School of Computer and Mathematical Sciences, 202

    Double-edged Sword: An in-depth analysis of browser fingerprints for web tracking and bot defenses

    Get PDF
    The use of browser fingerprints is a double-edged sword. While they can protect users' security by defending against bot and fraud attacks, they can also be used for web tracking, which violates individual users' privacy. While acknowledging that the use of browser fingerprints is a double-edged sword, my work is to achieve a balance that maximizes the benefits and minimizes the risks. In the following section, I provide a comprehensive examination of browser fingerprints and demonstrates how they can be improved to better protect users’ privacy while still providing a valuable tool in defending against bot and fraud attacks

    Trusted Artificial Intelligence in Manufacturing; Trusted Artificial Intelligence in Manufacturing

    Get PDF
    The successful deployment of AI solutions in manufacturing environments hinges on their security, safety and reliability which becomes more challenging in settings where multiple AI systems (e.g., industrial robots, robotic cells, Deep Neural Networks (DNNs)) interact as atomic systems and with humans. To guarantee the safe and reliable operation of AI systems in the shopfloor, there is a need to address many challenges in the scope of complex, heterogeneous, dynamic and unpredictable environments. Specifically, data reliability, human machine interaction, security, transparency and explainability challenges need to be addressed at the same time. Recent advances in AI research (e.g., in deep neural networks security and explainable AI (XAI) systems), coupled with novel research outcomes in the formal specification and verification of AI systems provide a sound basis for safe and reliable AI deployments in production lines. Moreover, the legal and regulatory dimension of safe and reliable AI solutions in production lines must be considered as well. To address some of the above listed challenges, fifteen European Organizations collaborate in the scope of the STAR project, a research initiative funded by the European Commission in the scope of its H2020 program (Grant Agreement Number: 956573). STAR researches, develops, and validates novel technologies that enable AI systems to acquire knowledge in order to take timely and safe decisions in dynamic and unpredictable environments. Moreover, the project researches and delivers approaches that enable AI systems to confront sophisticated adversaries and to remain robust against security attacks. This book is co-authored by the STAR consortium members and provides a review of technologies, techniques and systems for trusted, ethical, and secure AI in manufacturing. The different chapters of the book cover systems and technologies for industrial data reliability, responsible and transparent artificial intelligence systems, human centered manufacturing systems such as human-centred digital twins, cyber-defence in AI systems, simulated reality systems, human robot collaboration systems, as well as automated mobile robots for manufacturing environments. A variety of cutting-edge AI technologies are employed by these systems including deep neural networks, reinforcement learning systems, and explainable artificial intelligence systems. Furthermore, relevant standards and applicable regulations are discussed. Beyond reviewing state of the art standards and technologies, the book illustrates how the STAR research goes beyond the state of the art, towards enabling and showcasing human-centred technologies in production lines. Emphasis is put on dynamic human in the loop scenarios, where ethical, transparent, and trusted AI systems co-exist with human workers. The book is made available as an open access publication, which could make it broadly and freely available to the AI and smart manufacturing communities

    Internal interface diversification as a security measure in sensor networks

    Get PDF
    More actuator and sensor devices are connected to the Internet of Things (IoT) every day, and the network keeps growing, while software security of the devices is often incomplete. Sensor networks and the IoT in general currently cover a large number of devices with an identical internal interface structure. By diversifying the internal interfaces, the interfaces on each node of the network are made unique, and it is possible to break the software monoculture of easily exploitable identical systems. This paper proposes internal interface diversification as a security measure for sensor networks. We conduct a study on diversifiable internal interfaces in 20 IoT operating systems. We also present two proof-of-concept implementations and perform experiments to gauge the feasibility in the IoT environment. Internal interface diversification has practical limitations, and not all IoT operating systems have that many diversifiable interfaces. However, because of low resource requirements, compatibility with other security measures and wide applicability to several interfaces, we believe internal interface diversification is a promising and effective approach for securing nodes in sensor networks.</p

    The medical management of casualties in a chemical contaminated environment : a start for the CBRNE defence research program for clinicians

    Full text link
    The main objective of this research program was to assess the status of clinical knowledge and evidence-based practice in the medical management of mass casualties, contaminated by exposure to a chemical weapon, during a medical evacuation, which is defined as from the incident site of a contaminated environment up-to a clean zone. First, in our published systematic review, we assessed past medical responses during a chemical attack. The lack of clinical data and intervention-related information, such as protection and decontamination capabilities, stresses not only the need to study acute or prehospital settings, but also a set of integrated competences in the contaminated environment (i.e.: protection, decontamination and clinical interventions) (Prospero registered CRD42019104473). Second, a method paper which presents an ongoing international retro-prospective observational study on the medical responses during a chemical attack has been submitted for publication. The goal of this study is to describe the acute clinical management of patients in the contaminated zone (1970-2036; US Clinical trial registered NCT05026645). Data gathering is currently ongoing with the use of a comprehensive online registry programmed by the Quebec Respiratory Health Research Network. In the third and fourth, we started the development of two technological innovations to improve the medical management of mass casualties, caused by a chemical weapon, in contaminated environments. The first is the creation of a mobile laboratory for the continuity of our work in both indoor and outdoor settings. The other is the launch of a research program, named VIMY Multi-System, which includes: (1) An electronic casualty card system integrating the United Kingdom National Early Warning System; (2) a forward-deployable telemedicine capability prototype – currently undergoing integration testing – that incorporates drone technology to monitor patients being clinically managed in a simulated chemically contaminated environment. Our fifth published paper, on the methods of oxygen conservation with an automated titration system (n= 60; US Clinical trial registered NCT02782936 and NCT02809807), showed that such an automated system may constitute a viable medical solution for interventions in a contaminated environment and also constitutes one of the possible solutions to improve therapeutic interventions. The system studied allows the maintenance of adequate oxygenation while reducing the use of oxygen in patients, making it possible to extend their treatment duration even under conditions of limited logistical resources in oxygen. The oxygen flow provided by the automated system allows a mean reduction in administered oxygen quantities of more than six-fold when decreasing the prescribed SpO2 target from 98 to 90% (5 L/min to1 L/min, p <0.001) in hospitalized patients with respiratory disorders. The comparison was conducted on the basis of conservative flow rate targets reported in the literature (2.5, 5.0, 10.0 and 15.0 l/min). When it comes to the automated correction of a hypoxemic condition in sick patients and healthy subjects wearing a gas mask, the prescribed SpO2 target resulted in maximum administered oxygen flow rates of 0.2 L/min and 2.9 L/min respectively. These results show a possible logistic and therapeutic optimization in the use of oxygen. Finally, these initial advances will be integrated as our research work progresses in order to improve clinical evidence-based practices in contaminated environments due to the use of chemical weapons.L’objectif principal de cette recherche était d’évaluer l’état des connaissances et le savoir-faire de la pratique clinique dans la gestion d’un grand nombre de blessés, contaminés des suites d’une exposition à l’arme chimique, pendant leur évacuation médicale depuis le site de l’incident dans un environnement contaminé jusqu’à la zone propre. Premièrement, dans une revue systématique que nous avons publiée, nous avons évalué les réponses médicales passées lors d’attaques chimiques. Le manque de données cliniques et d’autres informations liées à l’intervention, tel que les capacités de protection et de décontamination, souligne non seulement la nécessité d’étudier l’environnement préhospitalier, mais aussi la gamme de compétences interdépendantes en milieu contaminé (c.-à-d. : protection, décontamination et interventions cliniques) (Prospero CRD42019104473). Deuxièmement, nous avons soumis pour publication la méthodologie d’une étude rétroprospective observationnelle internationale s’intéressant aux réponses médicales lors d’une attaque chimique. Le but consiste à décrire la gestion clinique en soins aigus des blessés dans la zone contaminée (1970-2036) (ClinicalTrials.gov NCT05026645). L’acquisition de données est en cours à l’aide d’un registre de données intégral en ligne qui a été programmé par le Réseau de recherche en santé respiratoire du Québec. En troisième et quatrième lieu, nous avons entrepris le développement de deux innovations technologiques afin d’améliorer la prise en charge médicale des patients en milieu contaminé à la suite de l’utilisation de l’arme chimique. L’un est la création d’un laboratoire mobile pour poursuivre nos travaux tant à l’intérieur qu’à l’extérieur. L’autre est la mise sur pied d’un programme de recherche, nommé VIMY Multi-Systèmes, qui inclut : (1) un système de carte de blessés électronique intégrant le système national d’alerte précoce du Royaume-Uni, (2) les premiers tests d’intégration d’un prototype d’une capacité de télémédecine de déploiement avancé, incluant la technologie du drone, pour une surveillance clinique globale des patients pris en charge en milieu contaminé chimique simulé. Notre cinquième publication, qui porte sur les méthodes de maintien de l’oxygénation par titrage automatisée (n=60 ; ClinicalTrials.gov NCT02782936 et NCT02809807), nous a permis de démontrer qu’un système automatisé peut constituer une solution médicale intéressante qui serait applicable dans les interventions en milieu contaminé et de surcroît comme une solution pour améliorer les actions thérapeutiques. Le système que nous avons étudié permet de maintenir une oxygénation adéquate tout en limitant la consommation d’oxygène des patients, prolongeant ainsi leur durée de traitement, notamment en cas de ressources en oxygène limitées. D’une part, le débit de l’oxygène fourni par le système automatisé a permis une réduction moyenne des quantités administrées de l’ordre de plus de six fois lors de la diminution de la cible de saturation en oxygène (SpO2) prescrite de 98 à 90 % (5 L/min à 1 L/min, p < 0,001) chez les patients hospitalisés atteints de maladies respiratoires. La comparaison s’est faite par rapport à des débits conservateurs rapportés dans la littérature (2,5, 5,0, 10,0 et 15,0 L/min). D’autre part, la correction automatisée d’une condition hypoxémique chez les patients malades et les sujets sains portant le masque à gaz, la cible SpO2 a engendré des débits maximaux d’oxygènes administrés de 2,5 et 2,9 L/min respectivement. Ainsi, nous avons démontré une optimalisation logistique et thérapeutique de la consommation de l’oxygène. Finalement, ces premières avancées seront intégrées au fur et à mesure de l’avancement de nos recherches afin d’améliorer le processus de soins en milieu contaminé issu de l’utilisation de l’arme chimique
    • …
    corecore