11,583 research outputs found
Recommended from our members
Ensuring Access to Safe and Nutritious Food for All Through the Transformation of Food Systems
The Viability and Potential Consequences of IoT-Based Ransomware
With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested.
As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed.
For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim.
Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research
Building data management capabilities to address data protection regulations: Learnings from EU-GDPR
The European Unionâs General Data Protection Regulation (EU-GDPR) has initiated a paradigm shift in data protection toward greater choice and sovereignty for individuals and more accountability for organizations. Its strict rules have inspired data protection regulations in other parts of the world. However, many organizations are facing difficulty complying with the EU-GDPR: these new types of data protection regulations cannot be addressed by an adaptation of contractual frameworks, but require a fundamental reconceptualization of how companies store and process personal data on an enterprise-wide level. In this paper, we introduce the resource-based view as a theoretical lens to explain the lengthy trajectories towards compliance and argue that these regulations require companies to build dedicated, enterprise-wide data management capabilities. Following a design science research approach, we propose a theoretically and empirically grounded capability model for the EU-GDPR that integrates the interpretation of legal texts, findings from EU-GDPR-related publications, and practical insights from focus groups with experts from 22 companies and four EU-GDPR projects. Our study advances interdisciplinary research at the intersection between IS and law: First, the proposed capability model adds to the regulatory compliance management literature by connecting abstract compliance requirements to three groups of capabilities and the resources required for their implementation, and second, it provides an enterprise-wide perspective that integrates and extends the fragmented body of research on EU-GDPR. Practitioners may use the capability model to assess their current status and set up systematic approaches toward compliance with an increasing number of data protection regulations
AnuĂĄrio cientĂfico da Escola Superior de Tecnologia da SaĂșde de Lisboa - 2021
Ă com grande prazer que apresentamos a mais recente edição (a 11.ÂȘ) do AnuĂĄrio CientĂfico da Escola Superior de Tecnologia da SaĂșde de Lisboa. Como instituição de ensino superior, temos o compromisso de promover e incentivar a pesquisa cientĂfica em todas as ĂĄreas do conhecimento que contemplam a nossa missĂŁo. Esta publicação tem como objetivo divulgar toda a produção cientĂfica desenvolvida pelos Professores, Investigadores, Estudantes e Pessoal nĂŁo Docente da ESTeSL durante 2021. Este AnuĂĄrio Ă©, assim, o reflexo do trabalho ĂĄrduo e dedicado da nossa comunidade, que se empenhou na produção de conteĂșdo cientĂfico de elevada qualidade e partilhada com a Sociedade na forma de livros, capĂtulos de livros, artigos publicados em revistas nacionais e internacionais, resumos de comunicaçÔes orais e pĂłsteres, bem como resultado dos trabalhos de 1Âș e 2Âș ciclo. Com isto, o conteĂșdo desta publicação abrange uma ampla variedade de tĂłpicos, desde temas mais fundamentais atĂ© estudos de aplicação prĂĄtica em contextos especĂficos de SaĂșde, refletindo desta forma a pluralidade e diversidade de ĂĄreas que definem, e tornam Ășnica, a ESTeSL. Acreditamos que a investigação e pesquisa cientĂfica Ă© um eixo fundamental para o desenvolvimento da sociedade e Ă© por isso que incentivamos os nossos estudantes a envolverem-se em atividades de pesquisa e prĂĄtica baseada na evidĂȘncia desde o inĂcio dos seus estudos na ESTeSL. Esta publicação Ă© um exemplo do sucesso desses esforços, sendo a maior de sempre, o que faz com que estejamos muito orgulhosos em partilhar os resultados e descobertas dos nossos investigadores com a comunidade cientĂfica e o pĂșblico em geral. Esperamos que este AnuĂĄrio inspire e motive outros estudantes, profissionais de saĂșde, professores e outros colaboradores a continuarem a explorar novas ideias e contribuir para o avanço da ciĂȘncia e da tecnologia no corpo de conhecimento prĂłprio das ĂĄreas que compĂ”e a ESTeSL. Agradecemos a todos os envolvidos na produção deste anuĂĄrio e desejamos uma leitura inspiradora e agradĂĄvel.info:eu-repo/semantics/publishedVersio
On the Mechanism of Building Core Competencies: a Study of Chinese Multinational Port Enterprises
This study aims to explore how Chinese multinational port enterprises (MNPEs) build
their core competencies. Core competencies are firmsâspecial capabilities and sources
to gain sustainable competitive advantage (SCA) in marketplace, and the concept led
to extensive research and debates. However, few studies include inquiries about the
mechanisms of building core competencies in the context of Chinese MNPEs.
Accordingly, answers were sought to three research questions:
1. What are the core competencies of the Chinese MNPEs?
2. What are the mechanisms that the Chinese MNPEs use to build their core
competencies?
3. What are the paths that the Chinese MNPEs pursue to build their resources bases?
The study adopted a multiple-case study design, focusing on building mechanism of
core competencies with RBV. It selected purposively five Chinese leading MNPEs
and three industry associations as Case Companies.
The study revealed three main findings. First, it identified three generic core
competencies possessed by Case Companies, i.e., innovation in business models and
operations, utilisation of technologies, and acquisition of strategic resources. Second,
it developed the conceptual framework of the Mechanism of Building Core
Competencies (MBCC), which is a process of change of collective learning in
effective and efficient utilization of resources of a firm in response to critical events.
Third, it proposed three paths to build core competencies, i.e., enhancing collective
learning, selecting sustainable processes, and building resource base.
The study contributes to the knowledge of core competencies and RBV in three ways:
(1) presenting three generic core competencies of the Chinese MNPEs, (2) proposing
a new conceptual framework to explain how Chinese MNPEs build their core
competencies, (3) suggesting a solid anchor point (MBCC) to explain the links among
resources, core competencies, and SCA. The findings set benchmarks for Chinese
logistics industry and provide guidelines to build core competencies
The determinants of value addition: a crtitical analysis of global software engineering industry in Sri Lanka
It was evident through the literature that the perceived value delivery of the global software
engineering industry is low due to various facts. Therefore, this research concerns global
software product companies in Sri Lanka to explore the software engineering methods and
practices in increasing the value addition. The overall aim of the study is to identify the key
determinants for value addition in the global software engineering industry and critically
evaluate the impact of them for the software product companies to help maximise the value
addition to ultimately assure the sustainability of the industry.
An exploratory research approach was used initially since findings would emerge while the
study unfolds. Mixed method was employed as the literature itself was inadequate to
investigate the problem effectively to formulate the research framework. Twenty-three face-to-face online interviews were conducted with the subject matter experts covering all the
disciplines from the targeted organisations which was combined with the literature findings as
well as the outcomes of the market research outcomes conducted by both government and nongovernment institutes. Data from the interviews were analysed using NVivo 12. The findings
of the existing literature were verified through the exploratory study and the outcomes were
used to formulate the questionnaire for the public survey. 371 responses were considered after
cleansing the total responses received for the data analysis through SPSS 21 with alpha level
0.05. Internal consistency test was done before the descriptive analysis. After assuring the
reliability of the dataset, the correlation test, multiple regression test and analysis of variance
(ANOVA) test were carried out to fulfil the requirements of meeting the research objectives.
Five determinants for value addition were identified along with the key themes for each area.
They are staffing, delivery process, use of tools, governance, and technology infrastructure.
The cross-functional and self-organised teams built around the value streams, employing a
properly interconnected software delivery process with the right governance in the delivery
pipelines, selection of tools and providing the right infrastructure increases the value delivery.
Moreover, the constraints for value addition are poor interconnection in the internal processes,
rigid functional hierarchies, inaccurate selections and uses of tools, inflexible team
arrangements and inadequate focus for the technology infrastructure. The findings add to the
existing body of knowledge on increasing the value addition by employing effective processes,
practices and tools and the impacts of inaccurate applications the same in the global software
engineering industry
Embodying entrepreneurship: everyday practices, processes and routines in a technology incubator
The growing interest in the processes and practices of entrepreneurship has
been dominated by a consideration of temporality. Through a thirty-six-month
ethnography of a technology incubator, this thesis contributes to extant
understanding by exploring the effect of space. The first paper explores how
class structures from the surrounding city have appropriated entrepreneurship
within the incubator. The second paper adopts a more explicitly spatial analysis
to reveal how the use of space influences a common understanding of
entrepreneurship. The final paper looks more closely at the entrepreneurs within
the incubator and how they use visual symbols to develop their identity. Taken
together, the three papers reject the notion of entrepreneurship as a primarily
economic endeavour as articulated through commonly understood language and
propose entrepreneuring as an enigmatic attractor that is accessed through the
ambiguity of the non-verbal to develop the ânewâ. The thesis therefore contributes
to the understanding of entrepreneurship and proposes a distinct role for the non-verbal in that understanding
Defining Service Level Agreements in Serverless Computing
The emergence of serverless computing has brought significant advancements to the delivery of computing resources to cloud users. With the abstraction of infrastructure, ecosystem, and execution environments, users could focus on their code while relying on the cloud provider to manage the abstracted layers. In addition, desirable features such as autoscaling and high availability became a providerâs responsibility and can be adopted by the user\u27s application at no extra overhead.
Despite such advancements, significant challenges must be overcome as applications transition from monolithic stand-alone deployments to the ephemeral and stateless microservice model of serverless computing. These challenges pertain to the uniqueness of the conceptual and implementation models of serverless computing. One of the notable challenges is the complexity of defining Service Level Agreements (SLA) for serverless functions. As the serverless model shifts the administration of resources, ecosystem, and execution layers to the provider, users become mere consumers of the providerâs abstracted platform with no insight into its performance. Suboptimal conditions of the abstracted layers are not visible to the end-user who has no means to assess their performance. Thus, SLA in serverless computing must take into consideration the unique abstraction of its model.
This work investigates the Service Level Agreement (SLA) modeling of serverless functions\u27 and serverless chainsâ executions. We highlight how serverless SLA fundamentally differs from earlier cloud delivery models. We then propose an approach to define SLA for serverless functions by utilizing resource utilization fingerprints for functions\u27 executions and a method to assess if executions adhere to that SLA. We evaluate the approachâs accuracy in detecting SLA violations for a broad range of serverless application categories. Our validation results illustrate a high accuracy in detecting SLA violations resulting from resource contentions and providerâs ecosystem degradations. We conclude by presenting the empirical validation of our proposed approach, which could detect Execution-SLA violations with accuracy up to 99%
'Exarcheia doesn't exist': Authenticity, Resistance and Archival Politics in Athens
My thesis investigates the ways people, materialities and urban spaces interact to form affective ecologies and produce historicity. It focuses on the neighbourhood of Exarcheia, Athensâ contested political topography par excellence, known for its production of radical politics of discontent and resistance to state oppression and eoliberal capitalism. Embracing Exarcheiaâs controversial status within Greek vernacular, media and state discourses, this thesis aims to unpick the neighbourhoodsâ socio-spatial assemblage imbued with affect and formed through the numerous (mis)understandings and (mis)interpretations rooted in its turbulent political history. Drawing on theory on urban spaces, affect, hauntology and archival politics, I argue for Exarcheia as an unwavering archival space composed of affective chronotopes â (in)tangible loci that defy space and temporality. I posit that the interwoven narratives and materialities emerging in my fieldwork are persistently â and perhaps obsessively â reiterating themselves and remaining imprinted on the neighbourhoodâs landscape as an incessant reminder of violent histories that the state often seeks to erase and forget. Through this analysis, I contribute to understandings of place as a primary ethnographic âobjectâ and the ways in which place forms complex interactions and relationships with social actors, shapes their subjectivities, retains and bestows their memories and senses of historicity
- âŠ