5,141 research outputs found

    An optimized attack tree model for security test case planning and generation

    Get PDF
    Securing software assets via efficient test case management is an important task in order to realize business goals. Given the huge risks web applications face due to incessant cyberattacks, a proactive risk strategy such as threat modeling is adopted. It involves the use of attack trees for identifying software vulnerabilities at the earliest phase of software development which is critical to successfully protect these applications. Although, many researches have been dedicated to security testing with attack tree models, test case redundancy using this threat modeling technique has been a major issue faced leading to poor test coverage and expensive security testing exercises. This paper presents an attack tree modeling algorithm for deriving a minimal set of effective attack vectors required to test a web application for SQL injection vulnerabilities. By leveraging on the optimized attack tree algorithm used in this research work, the threat model produces efficient test plans from which adequate test cases are derived to ensure a secured web application is designed, implemented and deployed. The experimental result shows an average optimization rate of 41.67% from which 7 test plans and 13 security test cases were designed to mitigate all SQL injection vulnerabilities in the web application under test. A 100% security risk intervention of the web application was achieved with respect to preventing SQL injection attacks after applying all security recommendations from test case execution report

    Asset versus consumption poverty and poverty dynamics in the presence of multiple equilibria in rural Ethiopia

    Get PDF
    Effective poverty reduction programs require careful measurement of poverty status. Several studies have shown conceptually that assets reflecting productive capacity form a more robust basis for identifying the poor than do flow variables such as expenditures or income. Nonetheless, little work has empirically compared poverty measurements based on assets and expenditures. This paper uses panel data from Ethiopia to generate an asset-based poverty classification scheme. Regression results are used to estimate an asset index and classify households into categories of structural poverty. Asset index dynamics are also explored to test for the existence of multiple asset index equilibria; evidence of potential poverty traps. Results provide evidence of multiple equilibria in the study sample as a whole as well as convergence at different levels over space, depending on commercialization opportunities and agroecological factors. The asset-based poverty classifications consistently predict future poverty status more accurately than do income-based measures, confirming that the asset-based measure could be used to more carefully target poverty interventions in rural areas and to more accurately assess the impact of those interventions.asset index, asset poverty, Commercialization, expenditures, income-based measures, index equilibria, Poverty dynamics, Poverty reduction, regression,

    Tracing the geographical origin of Argentinean lemon juices based on trace element profiles using advanced chemometric techniques

    Get PDF
    This study examines the application of chemometric techniques associated with trace element concentrations for origin evaluation of lemon juice samples. Seventy-four lemon juice samples from three different provinces of Argentina were evaluated according to their microelement contents to identify differences in patterns of elements in the three provinces. Inductively coupled plasma mass spectrometry (ICP-MS) was used for the determination of twenty-five elements (Ag, Al, As, Ba, Bi, Co, Cr, Cu, Fe, Ga, In, La, Li, Mn, Mo, Ni, Rb, Sb, Sc, Se, Sn, Sr, Tl, V, and Zn). Once the analytical data were collected, supervised pattern recognition techniques were applied to construct classification/discrimination rules to predict the origin of samples on the basis of their profiles of trace elements. Namely, linear discriminant analysis (LDA), partial least square discriminant analysis (PLS-DA), k-nearest neighbors (k-NN), random forest (RF), and support vector machine with radial basis function Kernel (SVM). The results indicated that it was feasible to attribute unknown lemon juice samples to its geographical origin. SVM had better performance compared to RF, k-NN, LDA and PLS-DA, listed in descending order. Eventually, this study verifies that trace element pattern is a powerful geographical indicator when identifying the origin of lemon juice samples by analyzing trace element data with the help of SVM technique. This level of accuracy provides an interesting foundation to propose the combination of trace element contents with SVM technique as a valuable tool to evaluate the geographical origin of lemon juice samples produced in Argentina.Fil: Gaiad, José Emilio. Universidad Nacional del Nordeste; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Nordeste. Instituto de Química Básica y Aplicada del Nordeste Argentino. Universidad Nacional del Nordeste. Facultad de Ciencias Exactas Naturales y Agrimensura. Instituto de Química Básica y Aplicada del Nordeste Argentino; ArgentinaFil: Hidalgo, Melisa Jazmin. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Nordeste. Instituto de Química Básica y Aplicada del Nordeste Argentino. Universidad Nacional del Nordeste. Facultad de Ciencias Exactas Naturales y Agrimensura. Instituto de Química Básica y Aplicada del Nordeste Argentino; Argentina. Universidad Nacional del Nordeste; ArgentinaFil: Villafañe, Roxana Noelia. Universidad Nacional de San Luis; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - San Luis. Instituto de Química de San Luis. Universidad Nacional de San Luis. Facultad de Química, Bioquímica y Farmacia. Instituto de Química de San Luis; ArgentinaFil: Marchevsky, Eduardo Jorge. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - San Luis. Instituto de Química de San Luis. Universidad Nacional de San Luis. Facultad de Química, Bioquímica y Farmacia. Instituto de Química de San Luis; Argentina. Universidad Nacional de San Luis; ArgentinaFil: Pellerano, Roberto Gerardo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Nordeste. Instituto de Química Básica y Aplicada del Nordeste Argentino. Universidad Nacional del Nordeste. Facultad de Ciencias Exactas Naturales y Agrimensura. Instituto de Química Básica y Aplicada del Nordeste Argentino; Argentina. Universidad Nacional del Nordeste; Argentin

    Instrumental Variables Estimation With Some Invalid Instruments and its Application to Mendelian Randomization

    Get PDF
    Instrumental variables have been widely used for estimating the causal effect between exposure and outcome. Conventional estimation methods require complete knowledge about all the instruments’ validity; a valid instrument must not have a direct effect on the outcome and not be related to unmeasured confounders. Often, this is impractical as highlighted by Mendelian randomization studies where genetic markers are used as instruments and complete knowledge about instruments’ validity is equivalent to complete knowledge about the involved genes’ functions. In this paper, we propose a method for estimation of causal effects when this complete knowledge is absent. It is shown that causal effects are identified and can be estimated as long as less than 50% of instruments are invalid, without knowing which of the instruments are invalid. We also introduce conditions for identification when the 50% threshold is violated. A fast penalized �1 estimation method, called sisVIVE, is introduced for estimating the causal effect without knowing which instruments are valid, with theoretical guarantees on its performance. The proposed method is demonstrated on simulated data and a real Mendelian randomization study concerning the effect of body mass index on health-related quality of life index. An R package sisVIVE is available on CRAN. Supplementary materials for this article are available onlin

    Metamodel-based importance sampling for structural reliability analysis

    Full text link
    Structural reliability methods aim at computing the probability of failure of systems with respect to some prescribed performance functions. In modern engineering such functions usually resort to running an expensive-to-evaluate computational model (e.g. a finite element model). In this respect simulation methods, which may require 103610^{3-6} runs cannot be used directly. Surrogate models such as quadratic response surfaces, polynomial chaos expansions or kriging (which are built from a limited number of runs of the original model) are then introduced as a substitute of the original model to cope with the computational cost. In practice it is almost impossible to quantify the error made by this substitution though. In this paper we propose to use a kriging surrogate of the performance function as a means to build a quasi-optimal importance sampling density. The probability of failure is eventually obtained as the product of an augmented probability computed by substituting the meta-model for the original performance function and a correction term which ensures that there is no bias in the estimation even if the meta-model is not fully accurate. The approach is applied to analytical and finite element reliability problems and proves efficient up to 100 random variables.Comment: 20 pages, 7 figures, 2 tables. Preprint submitted to Probabilistic Engineering Mechanic

    STRATEGIES TO INCREASE AGRICULTURAL PRODUCTIVITY AND REDUCE LAND DEGRADATION: EVIDENCE FROM UGANDA

    Get PDF
    This paper estimates a structural econometric model of household decisions regarding income strategies, participation in programs and organizations, crop choices, land management, and labor use, and their implications for agricultural production and land degradation; based upon a survey of over 450 households and their farm plots in Uganda. The results generally support the Boserupian model of population-induced agricultural intensification, but do not support the "more people-less erosion" hypothesis, with population pressure found to contribute to erosion in the densely populated highlands. Agricultural technical assistance programs have location-specific impacts on agricultural production and land degradation, contributing to higher value of crop production in the lowlands, but to soil erosion in the highlands. By contrast, NGO programs focusing on agriculture and environment are helping to reduce erosion, but have mixed impacts on production. We find little evidence of impact of access to markets, roads and credit, land tenure or title on agricultural intensification and crop production, though road access appears to contribute to land degradation in the highlands. Education increases household incomes, but also reduces crop production in the lowlands. We do not find evidence of a poverty-land degradation trap, while poverty has mixed impacts on agricultural production: smaller farms obtain higher crop production per hectare, while households with fewer livestock have crop production. These findings suggest that development of factor markets can improve agricultural efficiency. Several other factors that contribute to increased value of crop production, without significant impacts on land degradation, include specialized crop production, livestock and nonfarm income strategies, and irrigation. In general, the results imply that the strategies to increase agricultural production and reduce land degradation must be location-specific, and that there are few "win-win" opportunities to simultaneously increase production and reduce land degradation.Agricultural productivity, land degradation, agricultural development strategies, Uganda, farm size-productivity, Land Economics/Use, Productivity Analysis,
    corecore