The Experts below are selected from a list of 80463 Experts worldwide ranked by ideXlab platform
Lukasz Olejnik - One of the best experts on this subject based on the ideXlab platform.
-
shedding light on web privacy impact assessment a case study of the ambient light sensor api
IEEE European Symposium on Security and Privacy, 2020Co-Authors: Lukasz OlejnikAbstract:As modern web browsers gain new and increasingly powerful features the importance of impact assessments of the new functionality becomes crucial.A web privacy impact assessment of a planned web browser feature, the Ambient Light Sensor API, indicated Risks arising from the exposure of overly precise information about the lighting conditions in the user environment. The analysis led to the demonstration of direct Risks of leaks of user data, such as the list of visited websites or exfiltration of sensitive content across distinct browser contexts.Our work contributed to the creation of web standards leading to decisions by browser vendors (i.e. obsolescence, non-implementation or modification to the operation of browser features). We highlight the need to consider broad Risks when making reviews of new features. We offer practically-driven high-level observations lying on the intersection of web security and privacy Risk Engineering and modeling, and standardization. We structure our work as a case study from activities spanning over three years.
-
EuroS&P Workshops - Shedding light on web privacy impact assessment: A case study of the Ambient Light Sensor API
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2020Co-Authors: Lukasz OlejnikAbstract:As modern web browsers gain new and increasingly powerful features the importance of impact assessments of the new functionality becomes crucial.A web privacy impact assessment of a planned web browser feature, the Ambient Light Sensor API, indicated Risks arising from the exposure of overly precise information about the lighting conditions in the user environment. The analysis led to the demonstration of direct Risks of leaks of user data, such as the list of visited websites or exfiltration of sensitive content across distinct browser contexts.Our work contributed to the creation of web standards leading to decisions by browser vendors (i.e. obsolescence, non-implementation or modification to the operation of browser features). We highlight the need to consider broad Risks when making reviews of new features. We offer practically-driven high-level observations lying on the intersection of web security and privacy Risk Engineering and modeling, and standardization. We structure our work as a case study from activities spanning over three years.
Piotr Cholda - One of the best experts on this subject based on the ideXlab platform.
-
Optimization/simulation-based Risk mitigation in resilient green communication networks
Journal of Network and Computer Applications, 2016Co-Authors: Piotr Cholda, Piotr JaglarzAbstract:This paper proposes a solution to the trade-off between energy-efficiency and resilience in communication networks, where the energy profiles express the decreasing return to scale effect. Risk Engineering is used as a basis to provide the Risk mitigation framework defining various trade-off strategies (Risk minimization, total benefit coverage, cost balance, and profit maximization). As obtaining the exact solution to the assumed trade-off strategy with an analytical or purely optimization approach is impossible in practice, an original method combining iterative optimization procedures with simulations providing updated values to feed the optimization model is proposed to find a satisfactory Risk mitigation option. A numerical example is presented to show the performance of the proposed method. Graphical abstractDisplay Omitted HighlightsWe solve the trade-off between energy-efficiency and network resilience.We base on concave energy profiles supporting the sleep mode.The solution uses Risk Engineering, including mitigation of failure consequences.Mitigation is based on various strategies: total coverage, profit maximization, etc.Strategies are optimized with an original iterative optimization-simulation approach.
-
ARES - Risk-Aware Design and Management of Resilient Networks
2014 Ninth International Conference on Availability Reliability and Security, 2014Co-Authors: Piotr CholdaAbstract:A current view on the design of networks resilient to non-malicious failures supported by Risk Engineering is presented in this keynote. The aspect of Risk response is emphasized.
-
Risk mitigation in resilient networks
2014 6th International Workshop on Reliable Networks Design and Modeling (RNDM), 2014Co-Authors: Piotr Cholda, Piotr Guzik, Krzysztof RusekAbstract:This article proposes shifting the perspective for the design of resilient networks from cost-focused to one suited for business purposes. Risk Engineering is used as a basis to enable us to monetarily express not only the cost of recovery, but also the impact of failures affecting connections (expressed with use of penalties imposed on an operator), and then to find the tradeoff between the cost of the assigned recovery methods and the improved level of resilience. During Risk assessment, monetary quantification of penalties is applied with compensation policies, and business relevant Risk measures are used. Then, Risk response selection is based on various Risk mitigation strategies (involving profit maximization, total benefit coverage, cost balance, and Risk minimization) proposed in the security Risk management. Looking for the cost-Risk trade-off related to the assumed mitigation strategy is a complex optimization problem that cannot be modeled with deterministic linear programming. Therefore, to be able to choose recovery options, we develop a genetic algorithm. The results show diversity of recovery procedures selected for various selected mitigation strategies.
Ralf Günter Mock - One of the best experts on this subject based on the ideXlab platform.
-
Risk Engineering and Beyond
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:In the last forty years, a number of key concepts were promoted that are paradigmatic of the collective Risk taking. From the new key concepts in Risk Engineering, to the interaction with stakeholders these are the latest directions when dealing with “beyond Risk Engineering”. Some of the aspects outlined in this chapter are taken from the debates within the TRUSTNET, an ad hoc European Union group which is dealing with new issues and topics for research in the field of Risk management.
-
Introduction and Background to Risk Engineering
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:Risk Engineering is playing an increasing role in a modern society. It is a field of interdisciplinary methods and models, philosophy and practice. New systematic processes in Risk-based decision making and Risk-based approaches are being used to formulate policy options and assess their various institutional impacts and potential ramifications.
-
Established Methods in Risk Engineering
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:Some methods in Risk Engineering are well known and established in different industries. Their use depends on a variety of aspects, including goals, economic aspects, competition, public interest, resources and changes in safety culture. For example, NASA turned away from a quantitative and probabilistic approach during the Apollo program to qualitative methods as FMEA (Failure Modes and Effects Analysis). After the Challenger accident (January 28, 1986), quantitative approaches are under discussion again /11/. Other key questions are of interest too: The processing industry is intensely competitive and executives consequently want to know “How much can be spent on safety?” In contrast, the nuclear industry must prove that there is no accident exceeding a design basis accident. In the space and aircraft industry the final decision depends on “Is it safe to launch?”
-
Decision Support Systems in Risk Engineering
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:This chapter aims to present work in the field of decision support system and Risk Engineering related to: The design and implementation of an IDSS (Integrated Decision Support System) dedicated to integrated Engineering with application to the transportation of hazardous substances The construction of advanced models to a) estimate the optimal routing for the transportation of hazardous substances and b) optimise plans for emergency preparedness and management in case of potential (severe) accidents The design of tools to represent Risk to the public by using a GIS (Geographic Information System) calculation platform, generically applicable to Switzerland Targeting a hazardous substance (e.g., epichlorohydrin) in the first phase
-
Fuzzy Logic in Risk Engineering
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:Fuzzy logic is a new way of handling with “real world” problems. In a technical sense, this means to manage “inproper” data, including subjectivities and/or modelling of very complex systems with a less heavy analytical instrument. In this connection fuzzy logic is a young discipline (see Table 23).
Piotr Jaglarz - One of the best experts on this subject based on the ideXlab platform.
-
Optimization/simulation-based Risk mitigation in resilient green communication networks
Journal of Network and Computer Applications, 2016Co-Authors: Piotr Cholda, Piotr JaglarzAbstract:This paper proposes a solution to the trade-off between energy-efficiency and resilience in communication networks, where the energy profiles express the decreasing return to scale effect. Risk Engineering is used as a basis to provide the Risk mitigation framework defining various trade-off strategies (Risk minimization, total benefit coverage, cost balance, and profit maximization). As obtaining the exact solution to the assumed trade-off strategy with an analytical or purely optimization approach is impossible in practice, an original method combining iterative optimization procedures with simulations providing updated values to feed the optimization model is proposed to find a satisfactory Risk mitigation option. A numerical example is presented to show the performance of the proposed method. Graphical abstractDisplay Omitted HighlightsWe solve the trade-off between energy-efficiency and network resilience.We base on concave energy profiles supporting the sleep mode.The solution uses Risk Engineering, including mitigation of failure consequences.Mitigation is based on various strategies: total coverage, profit maximization, etc.Strategies are optimized with an original iterative optimization-simulation approach.
-
Energy-efficiency versus resilience: Risk awareness view on dimensioning of optical networks with a sleep mode
Photonic Network Communications, 2015Co-Authors: Piotr Chołda, Piotr JaglarzAbstract:This article proposes to solve the trade-off between energy-efficiency and resilience with a focus on business mechanisms. Risk Engineering is used as a foundation. Financial impact (penalty) quantification with various compensation policies is applied, and business-relevant Risk measures are used during the Risk assessment. Then, Risk mitigation strategies are evaluated to select the appropriate Risk response. The approach is presented in networks with energy profiles supporting a sleep mode. An effective heuristic is used to assign flows, and it is shown that the energy-efficiency performance is substantially independent of the recovery methods selected for Risk mitigation. It is also demonstrated that backup resources can be switched off in the normal state without having a considerable impact from a financial viewpoint.
Adrian V. Gheorghe - One of the best experts on this subject based on the ideXlab platform.
-
The Case for Sihl Dam
Critical Infrastructures Key Resources Key Assets, 2017Co-Authors: Adrian V. Gheorghe, Dan V. Vamanu, Polinpapilinho F. Katina, Roland PulferAbstract:This chapter presents a case and results that were undertaken at the request of the Swiss Risk Engineering Company, regarding the potential consequences of a virtual Sihl Dam break event. Note that the modeling is limited to a ‘worst case scenario’ describing a full destruction of the dam wall within a short time span and the consequent release of the whole water reservoir volume. To compare results and show the strength of the proposed model and the associated decision support system, a similar consequence assessment published on the Internet by the Polizei department, Zurich was used as a frame of reference.
-
Risk Engineering and Beyond
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:In the last forty years, a number of key concepts were promoted that are paradigmatic of the collective Risk taking. From the new key concepts in Risk Engineering, to the interaction with stakeholders these are the latest directions when dealing with “beyond Risk Engineering”. Some of the aspects outlined in this chapter are taken from the debates within the TRUSTNET, an ad hoc European Union group which is dealing with new issues and topics for research in the field of Risk management.
-
Introduction and Background to Risk Engineering
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:Risk Engineering is playing an increasing role in a modern society. It is a field of interdisciplinary methods and models, philosophy and practice. New systematic processes in Risk-based decision making and Risk-based approaches are being used to formulate policy options and assess their various institutional impacts and potential ramifications.
-
Established Methods in Risk Engineering
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:Some methods in Risk Engineering are well known and established in different industries. Their use depends on a variety of aspects, including goals, economic aspects, competition, public interest, resources and changes in safety culture. For example, NASA turned away from a quantitative and probabilistic approach during the Apollo program to qualitative methods as FMEA (Failure Modes and Effects Analysis). After the Challenger accident (January 28, 1986), quantitative approaches are under discussion again /11/. Other key questions are of interest too: The processing industry is intensely competitive and executives consequently want to know “How much can be spent on safety?” In contrast, the nuclear industry must prove that there is no accident exceeding a design basis accident. In the space and aircraft industry the final decision depends on “Is it safe to launch?”
-
Decision Support Systems in Risk Engineering
Risk Engineering, 1999Co-Authors: Adrian V. Gheorghe, Ralf Günter MockAbstract:This chapter aims to present work in the field of decision support system and Risk Engineering related to: The design and implementation of an IDSS (Integrated Decision Support System) dedicated to integrated Engineering with application to the transportation of hazardous substances The construction of advanced models to a) estimate the optimal routing for the transportation of hazardous substances and b) optimise plans for emergency preparedness and management in case of potential (severe) accidents The design of tools to represent Risk to the public by using a GIS (Geographic Information System) calculation platform, generically applicable to Switzerland Targeting a hazardous substance (e.g., epichlorohydrin) in the first phase