Internship at Be One Solutions

Included in this document is the report of my internship undertaken in the fulfilment of my Master of Cybersecurity and Informatic Forensics degree from the Polytechnic Institute of Leiria, at Be One Solutions. During the internship, I identified several issues regarding security protocols and procedures at the company, more specifically in regards to credential management. After identifying the issues, I started researching enterprise level solutions for credential management, for which the requirements had been established beforehand with the IT manager. After comparing a set of solutions based on the features they provided and the price quoted, it was possible to conclude that all solutions were unsuitable due to either unreasonable pricing or previous security issues. Since the solutions analysed were deemed unsuitable, I started working on a Proof of Concept (PoC) for a custom solution that would be able to integrate with the project structure already present in the company’s in house project management solution. It started with defining the concept of the solutions in regards to how the encryption process would be performed, then the designing of the data structure in order to integrate with the project management solution, an afterwards came the development process of said solution

Implementing reusable solvers : an object-oriented framework for operations research algorithms

Thesis (Ph.D.)--Massachusetts Institute of Technology, Sloan School of Management, Operations Research Center, 1998.Includes bibliographical references (p. 325-338) and indexes.by John Douglas Ruark.Ph.D

Air Traffic Management Abbreviation Compendium

As in all fields of work, an unmanageable number of abbreviations are used today in aviation for terms, definitions, commands, standards and technical descriptions. This applies in general to the areas of aeronautical communication, navigation and surveillance, cockpit and air traffic control working positions, passenger and cargo transport, and all other areas of flight planning, organization and guidance. In addition, many abbreviations are used more than once or have different meanings in different languages. In order to obtain an overview of the most common abbreviations used in air traffic management, organizations like EUROCONTROL, FAA, DWD and DLR have published lists of abbreviations in the past, which have also been enclosed in this document. In addition, abbreviations from some larger international projects related to aviation have been included to provide users with a directory as complete as possible. This means that the second edition of the Air Traffic Management Abbreviation Compendium includes now around 16,500 abbreviations and acronyms from the field of aviation

2013, UMaine News Press Releases

This is a catalog of press releases put out by the University of Maine Division of Marketing and Communications between January 2, 2013 and December 31, 2013

Unmanned Aircraft Systems in the Cyber Domain

Unmanned Aircraft Systems are an integral part of the US national critical infrastructure. The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. This textbook will fully immerse and engage the reader / student in the cyber-security considerations of this rapidly emerging technology that we know as unmanned aircraft systems (UAS). The first edition topics covered National Airspace (NAS) policy issues, information security (INFOSEC), UAS vulnerabilities in key systems (Sense and Avoid / SCADA), navigation and collision avoidance systems, stealth design, intelligence, surveillance and reconnaissance (ISR) platforms; weapons systems security; electronic warfare considerations; data-links, jamming, operational vulnerabilities and still-emerging political scenarios that affect US military / commercial decisions. This second edition discusses state-of-the-art technology issues facing US UAS designers. It focuses on counter unmanned aircraft systems (C-UAS) – especially research designed to mitigate and terminate threats by SWARMS. Topics include high-altitude platforms (HAPS) for wireless communications; C-UAS and large scale threats; acoustic countermeasures against SWARMS and building an Identify Friend or Foe (IFF) acoustic library; updates to the legal / regulatory landscape; UAS proliferation along the Chinese New Silk Road Sea / Land routes; and ethics in this new age of autonomous systems and artificial intelligence (AI).https://newprairiepress.org/ebooks/1027/thumbnail.jp

Cumulative trauma disorders in the workplace: bibliography

"This publication provided a compilation of materials describing research conducted by NIOSH on cumulative trauma disorders in the workplace. Selected references, both NIOSH and nonNIOSH, were provided, concentrating on NIOSH activities in preventing work related musculoskeletal disorders, prevention and intervention research at NIOSH for work related musculoskeletal disorders, comments to the Department of Labor on the OSHA proposed rule on ergonomic safety and health management, a manual for musculoskeletal diseases of the upper limbs, a review of physical exercises recommended for video display tube operators, management of upper extremity cumulative trauma disorders, ergonomics and prevention of musculoskeletal injuries, and carpal tunnel syndrome. A bibliography of NIOSH publications on cumulative trauma disorders in the workplace was provided, including numbered publications, testimony, journal articles, grant reports, contract reports, and health hazard evaluations. NonNiosh references were also listed." - NIOSHTIC-2Part I. Selected NIOSH and non-NIOSH References -- A. NIOSH Activities in Preventing Work-Related Musculoskeletal Disorders -- B. Work-Related Musculoskeletal Disorders: Prevention and Intervention Research at NIOSH -- C. Comments to DOL on the Occupational Safety and Health Administration Proposed Role on Ergonomic Safety and Health Management - Part 1 -- C. Comments to DOL on the Occupational Safety and Health Administration Proposed Role on Ergonomic Safety and Health Management - Part 2 -- D. Cumulative Trauma Disorders: A Manual for Musculoskeletal Diseases of the Upper Limbs -- E. A Review of Physical Exercises Recommended for VDT Operators ) -- F. Management of Upper Extremity Cumulative Trauma Disorders -- G. Preventing Illness and Injury in the Workplace: Ergonomics and Prevention of Musculoskeletal Injuries -- H. Carpal Tunnel Syndrome -- -- Part II. Cumulative Trauma Disorders in the Workplace - Bibliography -- A. NIOSH Publications Reports -- 1. Numbered Publications -- 2. Testimony -- 3. Journal Articles -- 4. Grant Reports -- 5. Contract Reports -- 6. Health Hazard Evaluations -- -- B. Selected non-NIOSH ReferencesAlso available via the World Wide Web

Knowledge Sharing, Maintenance, and Use in Online Support Communities.

Widespread adoption of information technologies has fostered new social arrangements and opportunities for large-scale collaboration. Many of these new collaborations occur in online support communities where members help each other make sense of, and deal with, a particular topic (e.g., website design, cancer treatment). Many of these communities struggle with meeting the divergent needs of novices, experts, and those who overhear their conversations. A few communities have recently augmented their existing threaded conversations (e.g., email list discussions) with a wiki repository which serves a similar purpose as an FAQ document. I demonstrate how a threaded conversation and wiki repository can complement each other by describing in detail a technical support community (css-d) where they do. Using a mixed method approach I empirically examine how activity is organized to leverage both resources through an analysis of the governance structure, social roles and norms, information genres, participation patterns, and technical features. I also use an action research methodology to help 3 online medical support communities implement a wiki repository. I first the limitations of using a community conversation for reuse by arguing that the very same characteristics that make community conversations useful to their participants (e.g., their personalized, immediate, and social nature) make their reuse by onlookers problematic. I then describe how a wiki repository was used by the css-d community to create reusable content that complements the discussion. I characterize the wiki genres most useful to the community (e.g., Annotated Links, Debate summaries, How To pages, Articles) and describe the processes important to their creation, and how they lead to content that fills information gaps, is reusable, and relevant to the masses. I describe how the synergistic relationship between community conversation and wiki repositories helps overcome some of the information sharing and maintenance challenges common to help-based communities, as well as how it helps overcome some of the common social maintenance challenges of online communities such as keeping the discussion on topic and avoiding contentious debates. Finally, I characterize some of the challenges of implementing wiki repositories and collaborative authoring, such as the hesitancy of members to edit others’ work.Ph.D.InformationUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/57608/2/shakmatt_1.pd

Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem

Transport Layer Security (TLS) is one of the most widely deployed cryptographic protocols on the Internet that provides confidentiality, integrity, and a certain degree of authenticity of the communications between clients and servers. Following Snowden's revelations on US surveillance programs, the adoption of TLS has steadily increased. However, encrypted traffic prevents legitimate inspection. Therefore, security solutions such as personal antiviruses and enterprise firewalls may intercept encrypted connections in search for malicious or unauthorized content. Therefore, the end-to-end property of TLS is broken by these TLS proxies (a.k.a. middleboxes) for arguably laudable reasons; yet, may pose a security risk. While TLS clients and servers have been analyzed to some extent, such proxies have remained unexplored until recently. We propose a framework for analyzing client-end TLS proxies, and apply it to 14 consumer antivirus and parental control applications as they break end-to-end TLS connections. Overall, the security of TLS connections was systematically worsened compared to the guarantees provided by modern browsers. Next, we aim at exploring the non-public HTTPS ecosystem, composed of locally-trusted proxy-issued certificates, from the user's perspective and from several countries in residential and enterprise settings. We focus our analysis on the long tail of interception events. We characterize the customers of network appliances, ranging from small/medium businesses and institutes to hospitals, hotels, resorts, insurance companies, and government agencies. We also discover regional cases of traffic interception malware/adware that mostly rely on the same Software Development Kit (i.e., NetFilter). Our scanning and analysis techniques allow us to identify more middleboxes and intercepting apps than previously found from privileged server vantages looking at billions of connections. We further perform a longitudinal study over six years of the evolution of a prominent traffic-intercepting adware found in our dataset: Wajam. We expose the TLS interception techniques it has used and the weaknesses it has introduced on hundreds of millions of user devices. This study also (re)opens the neglected problem of privacy-invasive adware, by showing how adware evolves sometimes stronger than even advanced malware and poses significant detection and reverse-engineering challenges. Overall, whether beneficial or not, TLS interception often has detrimental impacts on security without the end-user being alerted

Towards Certified Compilation of RTFM-core Applications

Work in Progress Session, 21st International Conference on Emerging Technologies and Factory Automation (ETFA 2016). 6 to 9, Sep, 2016. Berlin, Germany.Concurrent programming is dominated by thread based solutions with lock based critical sections. Careful attention has to be paid to avoid race and deadlock conditions. Real-Time for The Masses (RTFM) takes an alternative language approach, introducing tasks and named critical sections (via resources) natively in the RTFM-core language. RTFM-core programs can be compiled to native C-code, and efficiently executed onto single-core platforms under the Stack Resource Policy (SRP) by the RTFM-kernel. In this paper we formally define the well-formedness criteria for SRP based resource management, and develop a certified (formally proven) implementation of the corresponding compilation from nested critical sections of the input RTFM-core program to a resulting flat sequence of primitive operations and scheduling primitives. Moreover we formalise the properties for resource ceilings under SRP and develop a certified algorithm for their computation. The feasibility of the described approach is shown through the adoption of the Why3 platform, which allows the necessary verification conditions to be automatically generated and discharged through a variety of automatic external SMT-solvers and interactive theorem provers. Moreover, Why3 supports the extraction of certified Ocaml code for proven implementations in WhyML. As a proof of concept the certified extracted development is demonstrated on an example system.info:eu-repo/semantics/publishedVersio