Understanding the Spatial Distribution of Forest Fires in a Growing Urban Region: Socioeconomic Indicators Tell You More

The present study analyzes the spatial distribution of 881 forest fires recorded during four recent years (2009-2012) in 59 municipalities of a Mediterranean region (Attica, Greece) characterized by high fire risk and relevant human pressure due to uneven urban expansion. The hypothesis that a defined fire profile (in terms of density, severity and land-use selectivity) on a local scale was associated to a specific set of socioeconomic and territorial variables, was tested explicitly using six fires’ indicators and eight contextual indicators under a multivariate analysis framework. Analysis identified two main dimensions for both forest fires (dimension and selectivity) and the socioeconomic context (demographic variables associated to the urban-rural gradient and average income). Fire density and forest/pastures burnt areas did not correlated to any socioeconomic variable. At the same time, average declared income and elevation of each municipality did not correlated to any fires’ variable. To the contrary, the average fire size, the percentage of burnt area per municipality and the proportion of cropland affected by fires correlated positively with the distance from the inner city and the total surface area of each municipality and negatively with the proportion of compact settlements, population density and growth. These results confirm the importance of the urban-rural divide determining the spatial distribution of forest fires in Attica while pointing out the modest influence of variables such as the socioeconomic status of resident population

Static analysis for dummies: experiencing LiSA

Semantics-based static analysis requires a significant theoretical background before being able to design and implement a new analysis. Unfortunately, the development of even a toy static analyzer from scratch requires to implement an infrastructure (parser, control flow graphs representation, fixpoint algorithms, etc.) that is too demanding for bachelor and master students in computer science. This approach difficulty can condition the acquisition of skills on software verification which are of major importance for the design of secure systems. In this paper, we show how LiSA (Library for Static Analysis) can play a role in that respect. LiSA implements the basic infrastructure that allows a non-expert user to develop even simple analyses (e.g., dataflow and numerical non-relational domains) focusing only on the design of the appropriate representation of the property of interest and of the sound approximation of the program statements

Complexity in action: Untangling latent relationships between land quality, economic structures and socio-spatial patterns in Italy

Land quality, a key economic capital supporting local development, is affected by biophysical and anthropogenic factors. Taken as a relevant attribute of economic systems, land quality has shaped the territorial organization of any given region influencing localization of agriculture, industry and settlements. In regions with long-established human-landscape interactions, such as the Mediterranean basin, land quality has determined social disparities and polarization in the use of land, reflecting the action of geographical gradients based on elevation and population density. The present study investigates latent relationships within a large set of indicators profiling local communities and land quality on a fine-grained resolution scale in Italy with the aim to assess the potential impact of land quality on the regional socioeconomic structure. The importance of land quality gradients in the socioeconomic configuration of urban and rural regions was verified analyzing the distribution of 149 socioeconomic and environmental indicators organized in 5 themes and 17 research dimensions. Agriculture, income, education and labour market variables discriminate areas with high land quality from areas with low land quality. While differential land quality in peri-urban areas may reflect conflicts between competing actors, moderate (or low) quality of land in rural districts is associated with depopulation, land abandonment, subsidence agriculture, unemployment and low educational levels. We conclude that the socioeconomic profile of local communities has been influenced by land quality in a different way along urban-rural gradients. Policies integrating environmental and socioeconomic measures are required to consider land quality as a pivotal target for sustainable development. Regional planning will benefit from an in-depth understanding of place-specific relationships between local communities and the environment

Cross-Programming Language Taint Analysis for the IoT Ecosystem

The Internet of Things (IoT) is a key component for the next disruptive technologies. However, IoT merges together several diverse software layers: embedded, enterprise, and cloud programs interact with each other. In addition, security and privacy vulnerabilities of IoT software might be particularly dangerous due to the pervasiveness and physical nature of these systems. During the last decades, static analysis, and in particular taint analysis, has been widely applied to detect software vulnerabilities. Unfortunately, these analyses assume that software is entirely written in a single programming language, and they are not immediately suitable to detect IoT vulnerabilities where many different software components, written in different programming languages, interact. This paper discusses how to leverage existing static taint analyses to a cross-programming language scenario

Static analysis for discovering IoT vulnerabilities

The Open Web Application Security Project (OWASP), released the \u201cOWASP Top 10 Internet of Things 2018\u201d list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia\u2019s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies

In-between forest expansion and cropland decline: A revised USLE model for soil erosion risk under land-use change in a Mediterranean region

The present study illustrates an original approach for the long-term assessment of soil erosion risk under land-use changes in a Mediterranean region (Matera, southern Italy). The study has been focused on the implementation of a modified Universal Soil Loss Equation (USLE) model at three time points (1960, 1990, 2010) with the objective to evaluate the contribution of each component to model's performance and model outcomes’ reliability. A modified USLE model was proposed for the assessment of soil erosion risk, based on the simplification of model's parameters and the use of high spatial resolution datasets. Spatio-temporal variability in the model's outcomes was analyzed for basic land-use classes. Our approach has improved model's flexibility with the use of high spatial resolution layers, producing reliable long-term estimates of soil loss for the study area

SAILS: static analysis of information leakage with Sample

ABSTRACT In this paper, we introduce Sails, a new tool that combines Sample, a generic static analyzer, and a sophisticated domain for leakage analysis. This tool does not require to modify the original language, since it works with mainstream languages like Java, and it does not require any manual annotation. Sails can combine the information leakage analysis with different heap abstractions, inferring information leakage over programs dealing with complex data structures. We applied Sails to the analysis of the SecuriBench-micro suite. The experimental results show the effectiveness of our approach

CIL to Java-bytecode translation for static analysis leveraging

A formal translation of CIL (i.e., .Net) bytecode into Java bytecode is introduced and proved sound with respect to the language semantics. The resulting code is then analyzed with Julia, an industrial static analyzer of Java bytecode. The overall process of translation and analysis is fast, scales up to industrial programs, and introduces a negligible number of false alarms. The main result of this work is to leverage existing, mature, and sound analyzers for Java bytecode by applying them to the (translated) CIL bytecode

Information Flow Analysis for Detecting Non-Determinism in Blockchain

A mandatory feature for blockchain software, such as smart contracts and decentralized applications, is determinism. In fact, non-deterministic behaviors do not allow blockchain nodes to reach one common consensual state or a deterministic response, which causes the blockchain to be forked, stopped, or to deny services. While domain-specific languages are deterministic by design, general purpose languages widely used for the development of smart contracts such as Go, provide many sources of non-determinism. However, not all non-deterministic behaviours are critical. In fact, only those that affect the state or the response of the blockchain can cause problems, as other uses (for example, logging) are only observable by the node that executes the application and not by others. Therefore, some frameworks for blockchains, such as Hyperledger Fabric or Cosmos SDK, do not prohibit the use of non-deterministic constructs but leave the programmer the burden of ensuring that the blockchain application is deterministic. In this paper, we present a flow-based approach to detect non-deterministic vulnerabilities which could compromise the blockchain. The analysis is implemented in GoLiSA, a semantics-based static analyzer for Go applications. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to non-determinism on a significant set of applications, with better results than other open-source analyzers for blockchain software written in Go

Information Flow Analysis for Detecting Non-Determinism in Blockchain (Artifact)

A mandatory feature for blockchain software, such as smart contracts and decentralized applications, is determinism. In fact, non-deterministic behaviors do not allow blockchain nodes to reach one common consensual state or a deterministic response, which causes the blockchain to be forked, stopped, or to deny services. While domain-specific languages are deterministic by design, general-purpose languages widely used for the development of smart contracts such as Go, provide many sources of non-determinism. However, not all non-deterministic behaviours are critical. In fact, only those that affect the state or the response of the blockchain can cause problems, as other uses (for example, logging) are only observable by the node that executes the application and not by others. Therefore, some frameworks for blockchains, such as Hyperledger Fabric or Cosmos SDK, do not prohibit the use of non-deterministic constructs but leave the programmer the burden of ensuring that the blockchain application is deterministic. In this paper, we present a flow-based approach to detect non-deterministic vulnerabilities which could compromise the blockchain. The analysis is implemented in GoLiSA, a semantics-based static analyzer for Go applications. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to non-determinism on a significant set of applications, with better results than other open-source analyzers for blockchain software written in Go