Design and Freeform Fabrication of Deployable Structures with Lattice Skins

Frontier environments—such as battlefields, hostile territories, remote locations, or outer space—drive the need for lightweight, deployable structures that can be stored in a compact configuration and deployed quickly and easily in the field. We introduce the concept of lattice skins to enable the design, solid freeform fabrication (SFF), and deployment of customizable structures with nearly arbitrary surface profile and lightweight multi-functionality. Using Duraform FLEX® material in a selective laser sintering machine, large deployable structures are fabricated in a nominal build chamber by either virtually collapsing them into a condensed form or decomposing them into smaller parts. Before fabrication, lattice sub-skins are added strategically beneath the surface of the part. The lattices provide elastic energy for folding and deploying the structure or constrain expansion upon application of internal air pressure. Nearly arbitrary surface profiles are achievable and internal space is preserved for subsequent usage. In this paper, we present the results of a set of experimental and computational models that are designed to provide proof of concept for lattice skins as a deployment mechanism in SFF and to demonstrate the effect of lattice structure on deployed shape.Mechanical Engineerin

IT process architectures for enterprises development: A survey from a maturity model perspective

During the last years much has been published about IT governance. Close to the success of many governance efforts are the business frameworks, quality models, and technology standards that help enterprises improve processes, customer service, quality of products, and control. In this paper we i) survey existing frameworks, namely ITIL, ASL and BiSL, ii) find relations with the IT Governance framework CobiT to determine if the maturity model of CobiT can be used by ITIL, ASL and BiSL, and (iii) provide an integrated vista of IT processes viewed from a maturity model perspective. This perspective can help us understand the importance of maturity models for increasing the efficiency of IT processes for enterprises development and business-IT alignment

A Hybrid Approach to Privacy-Preserving Federated Learning

Federated learning facilitates the collaborative training of models without the sharing of raw data. However, recent attacks demonstrate that simply maintaining data locality during training processes does not provide sufficient privacy guarantees. Rather, we need a federated learning system capable of preventing inference over both the messages exchanged during training and the final trained model while ensuring the resulting model also has acceptable predictive accuracy. Existing federated learning approaches either use secure multiparty computation (SMC) which is vulnerable to inference or differential privacy which can lead to low accuracy given a large number of parties with relatively small amounts of data each. In this paper, we present an alternative approach that utilizes both differential privacy and SMC to balance these trade-offs. Combining differential privacy with secure multiparty computation enables us to reduce the growth of noise injection as the number of parties increases without sacrificing privacy while maintaining a pre-defined rate of trust. Our system is therefore a scalable approach that protects against inference threats and produces models with high accuracy. Additionally, our system can be used to train a variety of machine learning models, which we validate with experimental results on 3 different machine learning algorithms. Our experiments demonstrate that our approach out-performs state of the art solutions

(SAKM) Software Architecture Knowledge Management and its recent Practices, Models, Tools and Challenges

Management of knowledge for software architecture means to capture convenient experience and then translating it in generalized architectural knowledge. For refining the organizational architectural competences, architectural knowledge management is very much important. Architectural knowledge is valuable in the Software Architecture design process. This knowledge will help the stakeholders for communication in different phases of software development life cycle(SDLC). Properly managing the architectural knowledge is very much important as it is progressively more regarded the same as an organizational positive feature and that is why so many researchers around the world are proposing tools, methods, models and different frameworks for the effective knowledgemanagement [1]. This article contributes in exploring current work in field of software architectural knowledge management (AKM) from 2010 to 2017. This article highlights recent architectural AKM challenges and issues which are still not settled and here we also discuss different AKM tools, practicesand models

Design of the shared Environmental Information System (SEIS) and development of a web-based GIS interface

Chapter 5The Shared Environmental Information System (SEIS) is a collaborative initiative of the European Commission (EC) and the European Environment Agency (EEA) aimed to establish an integrated and shared EU-wide environmental information system together with the Member States. SEIS presents the European vision on environmental information interoperability. It is a set of high-level principles & workflow-processes that organize the collection, exchange, and use of environmental data & information aimed to: • Modernise the way in which information required by environmental legislation is made available to member states or EC instruments; • Streamline reporting processes and repeal overlaps or obsolete reporting obligations; • Stimulate similar developments at international conventions; • Standardise according to INSPIRE when possible; and • Introduce the SDI (spatial database infrastructure) principle EU-wide. SEIS is a system and workflow of operations that offers technical capabilities geared to meet concept expectations. In that respect, SEIS shows the way and sets up the workflow effectively in a standardise way (e.g, INSPIRE) to: • Collect Data from Spatial Databases, in situ sensors, statistical databases, earth observation readings (e.g., EOS, GMES), marine observation using standard data transfer protocols (ODBC, SOS, ft p, etc). • Harmonise collected data (including data check/data integrity) according to best practices proven to perform well, according to the INSPIRE Directive 2007/2/EC (1) Annexes I: II: III: plus INSPIRE Implementation Rules for data not specified in above mentioned Annexes. • Harmonise collected data according to WISE (Water Information System from Europe) or Ozone-web. • Process, aggregate harmonise data so to extract information in a format understandable by wider audiences (e.g., Eurostat, enviro-indicators). • Document information to fulfi l national reporting obligations towards EU bodies (e.g., the JRC, EEA, DGENV, Eurostat) • Store and publish information for authorised end-users (e.g., citizens, institutions). This paper presents the development and integration of the SEIS-Malta Geoportal. The first section outlines EU Regulations on INSPIRE and Aarhus Directives. The second covers the architecture and the implementation of SEIS-Malta Geoportal. The third discusses the results and successful implementation of the Geoportal.peer-reviewe

Parameterizable Views for Process Visualization

In large organizations different users or user groups usually have distinguished perspectives over business processes and related data. Personalized views on the managed processes are therefore needed. Existing BPM tools, however, do not provide adequate mechanisms for building and visualizing such views. Very often processes are displayed to users in the same way as drawn by the process designer. To tackle this inflexibility this paper presents an advanced approach for creating personalized process views based on well-defined, parameterizable view operations. Respective operations can be flexibly composed in order to reduce or aggregate process information in the desired way. Depending on the chosen parameterization of the applied view operations, in addition, different "quality levels" with more or less relaxed properties can be obtained for the resulting process views (e.g., regarding the correctness of the created process view scheme). This allows us to consider the specific needs of the different applications utilizing process views (e.g., process monitoring tools or process editors). Altogether, the realized view concept contributes to better deal with complex, long-running business processes with hundreds up to thousands of activities

The importance to manage data protection in the right way: Problems and solutions

Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of \u201cManaging data protection\u201d. The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization\u2019s information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It also proposes an approach that aims to support companies seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites a SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers\u2019 solutions. At the end, a research activity was carried out aiming classify web attacks on the network level, since any information about the attackers might be helpful and worth a lot to the cyber security analysts. And so, using network statistical fingerprints and machine learning techniques, a two-layers classification system is designed to detect the type of the web attack and the type of software used by the attackers

Behind the Code: Identifying Zero-Day Exploits in WordPress

The rising awareness of cybersecurity among governments and the public underscores the importance of effectively managing security incidents, especially zero-day attacks that exploit previously unknown software vulnerabilities. These zero-day attacks are particularly challenging because they exploit flaws that neither the public nor developers are aware of. In our study, we focused on dynamic application security testing (DAST) to investigate cross-site scripting (XSS) attacks. We closely examined 23 popular WordPress plugins, especially those requiring user or admin interactions, as these are frequent targets for XSS attacks. Our testing uncovered previously unknown zero-day vulnerabilities in three of these plugins. Through controlled environment testing, we accurately identified and thoroughly analyzed these XSS vulnerabilities, revealing their mechanisms, potential impacts, and the conditions under which they could be exploited. One of the most concerning findings was the potential for admin-side attacks, which could lead to multi-site insider threats. Specifically, we found vulnerabilities that allow for the insertion of malicious scripts, creating backdoors that unauthorized users can exploit. We demonstrated the severity of these vulnerabilities by employing a keylogger-based attack vector capable of silently capturing and extracting user data from the compromised plugins. Additionally, we tested a zero-click download strategy, allowing malware to be delivered without any user interaction, further highlighting the risks posed by these vulnerabilities. The National Institute of Standards and Technology (NIST) recognized these vulnerabilities and assigned them CVE numbers: CVE-2023-5119 for the Forminator plugin, CVE-2023-5228 for user registration and contact form issues, and CVE-2023-5955 for another critical plugin flaw. Our study emphasizes the critical importance of proactive security measures, such as rigorous input validation, regular security testing, and timely updates, to mitigate the risks posed by zero-day vulnerabilities. It also highlights the need for developers and administrators to stay vigilant and adopt strong security practices to defend against evolving threats