7,369 research outputs found
The Viability and Potential Consequences of IoT-Based Ransomware
With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested.
As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed.
For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim.
Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research
The Adirondack Chronology
The Adirondack Chronology is intended to be a useful resource for researchers and others interested in the Adirondacks and Adirondack history.https://digitalworks.union.edu/arlpublications/1000/thumbnail.jp
Migrant Workers' Access to Justice for Wage Theft: A Global Study of Promising Initiatives
Systemic wage theft has long been part of the labour migration landscape in every region of the world. Though every jurisdiction has judicial and/or administrative mechanisms to address wage claims, employers in every country can be confident that very few unpaid migrant workers will ever use those mechanisms to recover their wages. This is because the system is stacked against them at every stage in the wage claim process.
This situation is not inevitable. This report provides a blueprint for improving government and court wage recovery processes for migrant workers. It draws on analysis of select, promising initiatives from around the world that demonstrate how many of the barriers that impede migrant workers’ access to justice can be overcome. These innovations shift risks and burdens of wage recovery away from workers and onto government and business, and disrupt employer expectations of impunity. The report proposes specific, evidence-based reform targets that can underpin global, national and local advocacy, and support greater coordination among a community of practice working to achieve labour justice for migrant workers
Hunting Wildlife in the Tropics and Subtropics
The hunting of wild animals for their meat has been a crucial activity in the evolution of humans. It continues to be an essential source of food and a generator of income for millions of Indigenous and rural communities worldwide. Conservationists rightly fear that excessive hunting of many animal species will cause their demise, as has already happened throughout the Anthropocene. Many species of large mammals and birds have been decimated or annihilated due to overhunting by humans. If such pressures continue, many other species will meet the same fate. Equally, if the use of wildlife resources is to continue by those who depend on it, sustainable practices must be implemented. These communities need to remain or become custodians of the wildlife resources within their lands, for their own well-being as well as for biodiversity in general. This title is also available via Open Access on Cambridge Core
The Effect of General Deterrence Variables on Oversight of Florida’s Driver and Vehicle Information Database (DAVID)
The Driver and Vehicle Information Database, known as DAVID, is a database operated by the Florida Highway Safety and Motor Vehicles and is used by many law enforcement agencies as an important investigative tool due to the information contained within. One important function of the agencies that allow their employees access to DAVID is to ensure the information is secured and not misused in violation of federal and state law, under a provision known as the Driver Privacy and Protection Act codified in 18 U.S.C. § 2721 (1994). Literature on general deterrence suggests that methods can be taken from an oversight standpoint that would allow for better control and deter users from misusing the data contained within DAVID. This study hypothesized that, if provided, standard operating procedures, ethics training, acceptable use policies, and consistent disciplinary procedures would act to improve oversight and be effective general deterrents against such misuse. The study tested the hypotheses using (n = 86) DAVID points of contact from various police agencies in Florida by way of an online survey. The results indicated a statistically significant relationship between standard operating procedures and acceptable use policies on oversight and deterrence. The null hypothesis could not be rejected regarding ethics training and disciplinary procedures on oversight and deterrence. The results supported two of the four hypotheses, and they may serve as a pathway to develop better administrative policies and procedures to improve the oversight process and help deter users from misusing DAVID in violation of law.
Keywords: D.A.V.I.D., DPPA, FLHSMV, driver license, point of contactChapter I: INTRODUCTION 1 -- Driver and Vehicle Information Database 1 -- Driver Privacy Protection Act 2 -- DAVID Point of Contact 4 -- History of Abuse 6 -- Statement of the Problem 8 -- Objectives of the Research 9 -- Research Questions 10 -- Summary 12 -- Chapter II: REVIEW OF LITERATURE 14 -- General Deterrence Theory 14 -- Fourth Amendment and Government Databases 18 -- Standard Operating Procedures 20 -- Ethics Training 22 -- Acceptable Use Policy 25 -- Disciplinary Procedures and Enforcement 28 -- Chapter III: METHODOLOGY 34 -- Introduction 34 -- Hypothesis 34 -- Survey Instrument 36 -- Study Participants and Data Collection 38 -- Study Measures 41 -- Agency Demographics 41 -- POC Demographics 43 -- Study Procedure 44 -- Summary 44 -- Chapter IV: RESULTS 46 -- Introduction 46 -- Descriptive Statistics 46 -- Hypothesis 1 52 -- Hypothesis 2 53 -- Hypothesis 3 54 -- Hypothesis 4 55 -- Summary 57 -- Chapter V: DISCUSSION 59 -- POC and Agency Demographics 60 -- Historical Context of Descriptive Statistics 62 -- Research Question 1 63 -- Research Question 2 65 -- Research Question 3 67 -- Research Question 4 68 -- Implication of the Findings 71 -- Limitations of the Study 72 -- Future of DAVID and Other Databases 74 -- Recommendations 77 -- Conclusion 79 -- REFERENCES 82Glen, Carol M.Song, MinsunMurillo, Albert G.D.P.A.Public Administratio
STAKEHOLDER ENGAGEMENT IN SUSTAINABILITY REPORTING IN INDONESIA
This research aims to understand the ways the preparers of sustainability reports in Indonesia embed stakeholder engagement in sustainability reporting. This research seeks to understand the perceived role of stakeholder engagement in sustainability reporting and examines whether the report preparers decouple their stakeholder engagement disclosures from the actual practices. The neo-institutional theory is used to illuminate the companies’ non-conformity responses to institutional influences.
This research utilises mixed methods by deploying questionnaires, sustainability reports and semi-structured interviews. The questionnaire survey was analysed using descriptive statistics. The interviews were conducted face-to-face and analysed using thematic analysis. Content analysis of stakeholder engagement disclosures was also undertaken on the 2007 to 2018 sustainability reports issued by the companies participating in the interviews.
The findings of this research reveal that the report preparers attempt to embed stakeholder engagement in the companies’ sustainability reporting in response to coercive, normative and mimetic influences. However, stakeholder engagement is loosely embedded as a result of contextualising the Global Reporting Initiative (GRI)’s conception of stakeholder engagement into Indonesia’s local contexts. Stakeholder engagement is perceived as having important roles in mandatory corporate social responsibility (CSR) programmes and materiality assessment to define the report content. External stakeholders are engaged more inclusively in the former whereas internal stakeholders take control of the latter.
It is not evident that the report preparers in Indonesia decouple stakeholder engagement disclosures from practices. However, the ways in which the companies practise their stakeholder engagement (means) deviate from the goals of stakeholder engagement suggested by the GRI’s principles for defining the report content (ends), known as the means-ends decoupling. The report preparers in Indonesia accept the GRI’s concept by meeting the suggested indicators, but unintentionally overlook the GRI’s principles that are required to be implemented as a new institution, rather than intentionally avoiding them.
The main contribution of this research to the literature is that it provides insights into the need to embed stakeholder engagement in sustainability reporting in an integral way, including by translating the GRI’s global conception into local context. This research also provides insights into the presumption that ‘companies report the practice’ of stakeholder engagement in sustainability reporting—as suggested by the GRI and the extant literature. Just because the companies report the practice (means) by making reference to the GRI, it does not necessarily follow that the companies have conformed to the goals of stakeholder engagement suggested by the GRI’s principles for defining the report content (ends). Taking into full consideration Indonesia’s politicoeconomic, sociocultural and legal contexts, which can be dissimilar to other local contexts, this research contributes to an understanding of decoupling, especially the means-ends decoupling, which tends to be unintentional in the companies’ non-acquiescent response to institutional influences. The decoupling indicates that the report preparers consider the GRI’s stakeholder engagement indicators as technical prescriptions leading to box-ticking activities, rather than being thoroughly understood and implemented as a new institution. Besides, this research offers a practical contribution in that the companies’ sustainability reporting consultants could shepherd their clients’ stakeholder engagement, guided by the GRI standards (previously called guidelines), to go beyond merely meeting the GRI indicators and producing ‘nice to read’ sustainability reports
Cultural scripts of parenting and state institutions in the context of post-socialist migrations: Russian-speaking migrant parents in Finland
This thesis provides an in-depth, qualitative study of Russian-speaking migrant parents’ experiences of parenting and state institutions in Finland. The fieldwork for this study was conducted from June 2018 to May 2019, focusing on the capital area and the city of Tampere in southern Finland. This study contributes to migration studies through a transnational framework. Analysing how migrant parents understand and conceptualise parenting in a transnational environment, this study provides new insights to the formation of transnational identities. Moreover, this study investigates the roles of state institutions as a part of this transnational environment, giving the study practical and political implications.
The framework of cultural scripts of parenting takes centre stage in this study. Echoing existing research on socio-cultural identities, cultural scripts are understood as flexible models of behaviour, a ‘tool kit’ from which identities are constructed. Significantly, as a framework cultural script presumes an interaction between the individual, community, and social norms. Rather than straight-forward socialisation from above to a role such as that of a mother or a father, the process is more complex. Individuals become mothers and fathers by taking part in available practices and discourses that define them as such in the eyes of others and themselves. By analysing data from in-depth, semi-structured interviews with Russian-speaking migrant parents, the research investigates what kind of elements migrant parents draw on to construct their cultural scripts of parenting, including how a good parent interacts with state institutions and uses public services.
This study frames parenting as a historically and socially situated cultural product. Russian-speaking migration in Finland is placed into the context of postsocialist migrations. This study particularly analyses how historical legacies are present in the ways in which Russian-speaking parents in Finland describe their relationship. Through the framework of cultural scripts, this study offers an innovative way of analysing transnational identities and practices
A Functional Stakeholder Model of Corporate Governance for Banks in Challenging Institutional Contexts: A Case Study of Nigeria
This thesis seeks to address the limited stakeholders’ recognition and protection under the Anglo-Saxon corporate governance model currently practised in Nigeria. The Anglo-Saxon corporate governance model originated from the UK and the US and focuses on profit maximisation for shareholders’ benefit at the expense of other stakeholders, such as customers and employees. The thesis argued that the relative success of the Anglo-Saxon model in developed economies, such as the UK, is because of the availability of functional institutions, such as an efficient legal system which includes the state apparatus for making, interpreting and enforcing the law. The UK Anglo Saxon model is dependent on an active external market for corporate control and organised civil societies for its success. Nigeria inherited the UK corporate governance model because of its historical past. Despite the differences in their institutional environments, Nigeria has continued to model its corporate governance framework on that of the UK, despite its inefficient legal system resulting from the systemic corruption across the entire branches and tiers of government. Thus, implementing the UK’s corporate governance model in Nigeria has deviated from what theories have envisaged. This is due to Nigeria's institutional environment, evidenced by its weak institutions, such as inadequate legal, regulatory and supervisory systems, insiders’ ownership concentration, an underdeveloped capital market and systemic corruption across the entire branches and tiers of government. This has resulted in Nigeria’s persistent banking failures because of the weak corporate governance framework, evidenced by inaccurate reporting and non-compliance with regulatory requirements, gross insider abuses resulting in substantial non-performing insider related loans, persistent illiquidity, and poor assets quality. Because of Nigeria’s institutional voids, when banks fail, stakeholders, mostly customers and employees, suffer because the current framework does not offer them any protection. Therefore, given Nigeria’s challenging institutional context, this thesis proposes an alternative corporate governance framework in the Nigerian banking sector that will promote the recognition of stakeholders and protect stakeholders’ interests. The thesis makes original contributions to the existing scholarship in comparative corporate governance and regulation, particularly as it relates to banking regulation and stakeholders
- …