Modelling extreme wind speeds in the context of risk analysis for high speed trains

For high speed trains there is a potential risk of derailment when driving very fast and being hit by an extraordinary strong gust at the same time. The risk depends on both the wind speed and the angle between train and gust. Several techniques have been established to minimize this risk to acceptable values. To decide which of these techniques at a given site is most appropriate, precise knowledge of the wind process at extreme levels is necessary. Therefore methods adapted to the special requirements of the application are needed. We discuss directional modelling using an approach proposed by Coles and Walshaw [2]. We focus on estimating extreme quantiles and their confidence intervals. Different types of confidence intervals are compared and we show how these calculations can be used for risk analysis

Shining Light On Shadow Stacks

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge,i.e., indirect calls through function pointers and virtual calls. Protecting the backward edge is left to stack canaries, which are easily bypassed through information leaks. Shadow Stacks are a fully precise mechanism for protecting backwards edges, and should be deployed with CFI mitigations. We present a comprehensive analysis of all possible shadow stack mechanisms along three axes: performance, compatibility, and security. For performance comparisons we use SPEC CPU2006, while security and compatibility are qualitatively analyzed. Based on our study, we renew calls for a shadow stack design that leverages a dedicated register, resulting in low performance overhead, and minimal memory overhead, but sacrifices compatibility. We present case studies of our implementation of such a design, Shadesmar, on Phoronix and Apache to demonstrate the feasibility of dedicating a general purpose register to a security monitor on modern architectures, and the deployability of Shadesmar. Our comprehensive analysis, including detailed case studies for our novel design, allows compiler designers and practitioners to select the correct shadow stack design for different usage scenarios.Comment: To Appear in IEEE Security and Privacy 201

Lockdown: Dynamic Control-Flow Integrity

Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI) is a promising defense mechanism that restricts open control-flow transfers to a static set of well-known locations. We present Lockdown, an approach to dynamic CFI that protects legacy, binary-only executables and libraries. Lockdown adaptively learns the control-flow graph of a running process using information from a trusted dynamic loader. The sandbox component of Lockdown restricts interactions between different shared objects to imported and exported functions by enforcing fine-grained CFI checks. Our prototype implementation shows that dynamic CFI results in low performance overhead.Comment: ETH Technical Repor

Forgery-Resistant Touch-based Authentication on Mobile Devices

Mobile devices store a diverse set of private user data and have gradually become a hub to control users' other personal Internet-of-Things devices. Access control on mobile devices is therefore highly important. The widely accepted solution is to protect access by asking for a password. However, password authentication is tedious, e.g., a user needs to input a password every time she wants to use the device. Moreover, existing biometrics such as face, fingerprint, and touch behaviors are vulnerable to forgery attacks. We propose a new touch-based biometric authentication system that is passive and secure against forgery attacks. In our touch-based authentication, a user's touch behaviors are a function of some random "secret". The user can subconsciously know the secret while touching the device's screen. However, an attacker cannot know the secret at the time of attack, which makes it challenging to perform forgery attacks even if the attacker has already obtained the user's touch behaviors. We evaluate our touch-based authentication system by collecting data from 25 subjects. Results are promising: the random secrets do not influence user experience and, for targeted forgery attacks, our system achieves 0.18 smaller Equal Error Rates (EERs) than previous touch-based authentication.Comment: Accepted for publication by ASIACCS'1

Developing quality in higher education management: The case of the University of Vaasa

The research topic of quality management (QM) originates from the private sector literature. For a long time in the production industry, developing high-quality products has been a strategy of winning the competition on the market. The use of the managerial tools developed in the private sector, however, becomes problematic in the QM of service delivery, specifically in the context of public service delivery, because the public sector needs to perceive the democratic values of participation and citizenship in addition to the private sector values of efficiency and productivity. This study investigates the process of developing quality in higher education that should be pioneer in developing successful QM through its key role of connecting the community to knowledge during the process of social interaction. The theoretical problem of QM in the public sector is based on the challenge of developing common quality perspectives of the different organisational stakeholders throughout the diverse phases of the QM process. Maintaining academic freedom and collaboration of the organisational stakeholders, as well as a strong commitment to quality culture are the basis of the QM model in the higher education, which enables improved quality outcomes and continuous quality development of organisational processes in the changing political, social and economic environment. This study follows a qualitative research design, in which the main research methodology is documentary analysis. The empirical analysis investigates the process of QM as a part of the management and operations management system in the case of a Finnish institution of higher education, the University of Vaasa. The findings show that QM can be incorporated into the management and operations management systems of higher education institution, which enables a holistic approach towards the topic of quality development in higher education management. Creating a quality work group with representative members of the various organisational stakeholders provides a solution to involve them in the process of designing quality policy and defining common quality targets of the university. Furthermore, acting according to norms and being committed to quality in the daily routines creates an organisational culture, which is open to maintain and develop the quality of organisational processes and operations at the higher education institution. The most important tool of direction, which enables the collaboration of the various groups of organisational stakeholders is sustaining open communication. Furthermore, supporting human interaction and collegial decision-making enables the organisation to solve quality-related problems in collaboration with its external and internal stakeholders. Finally, the most efficient methods of quality evaluation are the internal feedback system of the organisation and external audits. Involving the organisational stakeholders in the quality evaluation of organisational processes requires, however, a working feedback system. It can be concluded that high-quality organisational outputs and continuous development of long-term quality outcomes can be enabled if QM is a common mission of the various organisational stakeholders.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

"Minimally invasive" lumbar spine surgery: a critical review

Background: Minimal-access technology has evolved rapidly with "tubular" or "percutaneous" approaches for decompression and stabilization in the lumbar spine. Potential benefits (smaller scars, diminished local pain, reduced blood loss, reduced postoperative wound pain, shorter hospital stays) have to be weighed against possible drawbacks (reduced orientation, steep learning curve, increased radiation exposure, dependency on technology, cost). While non-comparative case series are often rather enthusiastic, comparative studies and particularly RCTs are scarce and might convey a more realistic appreciation. Methods: A MEDLINE search via PubMed was performed to find all English-language studies comparing "open" or "traditional" or "conventional" with "minimally invasive" or "percutaneous" or "tubular" approaches in degenerative lumbar spine surgery. Results: Only nine comparative studies could be retrieved altogether. No clear benefit could be found for minimally invasive procedures in lumbar disc herniation, TLIF, or PLIF. There seems to be a slight advantage in terms of hardware safety in open procedures. Conclusions: This review, based solely on the very limited number of available comparative studies, shows no relevant benefit from minimally invasive techniques, and a tendency for more safety in open procedures in lumbar disc herniation, TLIF and PLI

Effects of methamphetamine abuse and serotonin transporter gene variants on aggression and emotion-processing neurocircuitry.

Individuals who abuse methamphetamine (MA) exhibit heightened aggression, but the neurobiological underpinnings are poorly understood. As variability in the serotonin transporter (SERT) gene can influence aggression, this study assessed possible contributions of this gene to MA-related aggression. In all, 53 MA-dependent and 47 control participants provided self-reports of aggression, and underwent functional magnetic resonance imaging while viewing pictures of faces. Participants were genotyped at two functional polymorphic loci in the SERT gene: the SERT-linked polymorphic region (SERT-LPR) and the intron 2 variable number tandem repeat polymorphism (STin2 VNTR); participants were then classified as having high or low risk for aggression according to individual SERT risk allele combinations. Comparison of SERT risk allele loads between groups showed no difference between MA-dependent and control participants. Comparison of self-report scores showed greater aggression in MA-dependent than control participants, and in high genetic risk than low-risk participants. Signal change in the amygdala was lower in high genetic risk than low-risk participants, but showed no main effect of MA abuse; however, signal change correlated negatively with MA use measures. Whole-brain differences in activation were observed between MA-dependent and control groups in the occipital and prefrontal cortex, and between genetic high- and low-risk groups in the occipital, fusiform, supramarginal and prefrontal cortex, with effects overlapping in a small region in the right ventrolateral prefrontal cortex. The findings suggest that the investigated SERT risk allele loads are comparable between MA-dependent and healthy individuals, and that MA and genetic risk influence aggression independently, with minimal overlap in associated neural substrates

A Space of Their Own: Women\u27s Political Involvement in 1790s United States Capitals

This thesis explores women’s political involvement in 1790s United States capitals through their use of space. First exploring the parlor and dining room, then the bedroom, and finally spaces outside the home, the various ways women engaged with politics, visualized American identity, and redefined their role during this formative period are exposed. Though women may not have had the vote in the 1790s, this thesis shows that they were still political actors, incredibly important to the development of the United States