The Experts below are selected from a list of 1406043 Experts worldwide ranked by ideXlab platform
Samuel Rufat - One of the best experts on this subject based on the ideXlab platform.
-
Social Vulnerability: Conceptual Foundations and Geospatial Modeling
2018Co-Authors: Christopher Burton, Samuel Rufat, Eric TateAbstract:There is a continuing need for disaster risk reduction strategies to shift emphasis from assessing hazard events toward reducing vulnerabilities within social systems. Conceptualizing and measuring social Vulnerability is an important stage along this path. Our current understanding of Vulnerability is guided by theories, methodologies, and measurement standards derived from different schools of thought. This chapter provides a summary of core concepts on Vulnerability, and its measurement from a social perspective (i.e., social Vulnerability). The chapter has three main sections that delve into (1) conceptual frameworks for hazards Vulnerability, 2) approaches for measuring social Vulnerability, and 3) a case study analysis of social Vulnerability in Hurricane Sandy.
-
Social Vulnerability to floods: Review of case studies and implications for measurement
International Journal of Disaster Risk Reduction, 2015Co-Authors: Samuel Rufat, Eric Tate, Christopher Burton, Abu Sayeed MaroofAbstract:A leading challenge in measuring social Vulnerability to hazards is for output metrics to better reflect the context in which Vulnerability occurs. Through a meta-analysis of 67 flood disaster case studies (1997–2013), this paper profiles the leading drivers of social Vulnerability to floods. The results identify demographic characteristics, socioeconomic status, and health as the leading empirical drivers of social Vulnerability to damaging flood events. However, risk perception and coping capacity also featured prominently in the case studies, yet these factors tend to be poorly reflected in many social Vulnerability indicators. The influence of social Vulnerability drivers varied considerably by disaster stage and national setting, highlighting the importance of context in understanding social Vulnerability precursors, processes, and outcomes. To help tailor quantitative indicators of social Vulnerability to flood contexts, the article concludes with recommendations concerning temporal context, measurability, and indicator interrelationships.
-
Spectroscopy of Urban Vulnerability
Annals of the Association of American Geographers, 2012Co-Authors: Samuel RufatAbstract:Despite the considerable work carried out in risk management, Vulnerability indexes and aggregative assessments remain a serious issue. The main challenges facing Vulnerability assessment are the collection, integration, and synthesis of large quantities of heterogeneous data to provide reliable estimations. This situation has led to the neglect of all significant interactions between the considered indicators, despite their being essential to Vulnerability analysis. The scope of the article is to show that most obstacles to Vulnerability assessment can be overcome by shifting the focus from absolute Vulnerability assessment (i.e., the attempt to quantify an absolute level of weakness or resilience) to relative Vulnerability assessment (i.e., the attempt to find out which populations and places are vulnerable and why). We propose a first attempt to assess relative Vulnerability. The spectroscopy of urban Vulnerability reveals the heterogeneity of Vulnerability by focusing on the locally convergent specifi...
-
Spectroscopy of Urban Vulnerability
Annals of the American Association of Geographers, 2012Co-Authors: Samuel RufatAbstract:Despite the considerable work carried out in risk management, Vulnerability indexes and aggregative assessments remain a serious issue. The main challenges facing Vulnerability assessment are the collection, integration, and synthesis of large quantities of heterogeneous data to provide reliable estimations. This situation has led to the neglect of all significant interactions between the considered indicators, despite their being essential to Vulnerability analysis. The scope of the article is to show that most obstacles to Vulnerability assessment can be overcome by shifting the focus from absolute Vulnerability assessment (i.e., the attempt to quantify an absolute level of weakness or resilience) to relative Vulnerability assessment (i.e., the attempt to find out which populations and places are vulnerable and why). We propose a first attempt to assess relative Vulnerability. The spectroscopy of urban Vulnerability reveals the heterogeneity of Vulnerability by focusing on the locally convergent specific characteristics and processes reinforcing (or reducing) Vulnerability to inform the implementation of more targeted mitigation policies. This is a two-step approach, first focusing on the Vulnerability underlying factors and establishing Vulnerability profiles; the second step is to focus on their spatial distribution to confront each Vulnerability profile to its multithreat exposure. The Lyon, France, and Bucharest, Romania, case studies reveal the risk transfers induced by some risk management policies and they highlight that Vulnerability is a multidimensional phenomenon almost impossible to assess by using a single index. The two case studies also permit local multithreat comparisons as well as international comparisons.
Li Xin - One of the best experts on this subject based on the ideXlab platform.
-
Software Vulnerability Analysis
Computer Science, 2003Co-Authors: Li XinAbstract:Software Vulnerability is the root reason that cause computer system security problem. It's a new research topic to analyze Vulnerability based on the essence of software Vulnerability. This paper analyzes the main definitions and taxonomies of Vulnerability .studies Vulnerability database and tools for Vulnerability analysis and detection,and gives the details about what caused the most common vnlnerabilities in the LINUX/UNIX operating systems.
Mehdi Zargham - One of the best experts on this subject based on the ideXlab platform.
-
Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database
IEEE Transactions on Reliability, 2013Co-Authors: Sanaz Rahimi, Mehdi ZarghamAbstract:Predicting software Vulnerability discovery trends can help improve secure deployment of software applications and facilitate backup provisioning, disaster recovery, diversity planning, and maintenance scheduling. Vulnerability discovery models (VDMs) have been studied in the literature as a means to capture the underlying stochastic process. Based on the VDMs, a few Vulnerability prediction schemes have been proposed. Unfortunately, all these schemes suffer from the same weaknesses: they require a large amount of historical Vulnerability data from a database (hence they are not applicable to a newly released software application), their precision depends on the amount of training data, and they have significant amount of error in their estimates. In this work, we propose Vulnerability scrying, a new paradigm for Vulnerability discovery prediction based on code properties. Using compiler-based static analysis of a codebase, we extract code properties such as code complexity (cyclomatic complexity), and more importantly code quality (compliance with secure coding rules), from the source code of a software application. Then we propose a stochastic model which uses code properties as its parameters to predict Vulnerability discovery. We have studied the impact of code properties on the Vulnerability discovery trends by performing static analysis on the source code of four real-world software applications. We have used our scheme to predict Vulnerability discovery in three other software applications. The results show that even though we use no historical data in our prediction, Vulnerability scrying can predict Vulnerability discovery with better precision and less divergence over time.
Somesh Jha - One of the best experts on this subject based on the ideXlab platform.
-
Towards Automatic Generation of Vulnerability-Based Signatures
2018Co-Authors: David Brumley, Hao Wang, James Newsome, Dawn Song, Somesh JhaAbstract:In this paper we explore the problem of creating Vulnerability signatures. A Vulnerability signature matches all exploits of a given Vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and Vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semantics of a Vulnerability define a language which contains all and only those inputs that exploit the Vulnerability. A Vulnerability signature is a representation (e.g., a regular expression) of the Vulnerability language. Unlike exploit-based signatures whose error rate can only be empirically measured for known test cases, the quality of a Vulnerability signature can be formally quantified for all possible inputs. We provide a formal definition of a Vulnerability signature and investigate the computational complexity of creating and matching Vulnerability signatures. We also systematically explore the design space of Vulnerability signatures. We identify three central issues in Vulnerability-signature creation: how a Vulnerability signature represents the set of inputs that may exercise a Vulnerability, the Vulnerability coverage (i.e., number of vulnerable program paths) that is subject to our analysis during signature creation, and how a Vulnerability signature is then created for a given representation and coverage. We propose new data-flow analysis and novel adoption of existing techniques such as constraint solving for automatically generating Vulnerability signatures. We have built a prototype system to test our techniques. Our experiments show that we can automatically generate a Vulnerability signature using a single exploit which is of much higher quality than previous exploit-based signatures. In addition, our techniques have several other security applications, and thus may be of independent interest
-
Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures
IEEE Transactions on Dependable and Secure Computing, 2008Co-Authors: David Brumley, Hao Wang, James Newsome, Dawn Song, Somesh JhaAbstract:In this paper, we explore the problem of creating \emph{Vulnerability signatures}. A Vulnerability signature is based on a program Vulnerability, and is not specific to any particular exploit. The advantage of Vulnerability signatures is that their quality can be guaranteed. In particular, we create Vulnerability signatures which are guaranteed to have zero false positives. We show how to automate signature creation for any Vulnerability that can be detected by a runtime monitor. We provide a formal definition of a Vulnerability signature, and investigate the computational complexity of creating and matching Vulnerability signatures. We systematically explore the design space of Vulnerability signatures. We also provide specific techniques for creating Vulnerability signatures in a variety of language classes. In order to demonstrate our techniques, we have built a prototype system. Our experiments show that we can, using a single exploit, automatically generate a Vulnerability signature as a regular expression, as a small program, or as a system of constraints. We demonstrate techniques for creating signatures of vulnerabilities which can be exploited via multiple program paths. Our results indicate that our approach is a viable option for signature generation, especially when guarantees are desired.
-
IEEE Symposium on Security and Privacy - Towards automatic generation of Vulnerability-based signatures
2006 IEEE Symposium on Security and Privacy (S&P'06), 2006Co-Authors: David Brumley, Hao Wang, James Newsome, Dawn Song, Somesh JhaAbstract:In this paper we explore the problem of creating Vulnerability signatures. A Vulnerability signature matches all exploits of a given Vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and Vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semantics of a Vulnerability define a language which contains all and only those inputs that exploit the Vulnerability. A Vulnerability signature is a representation (e.g., a regular expression) of the Vulnerability language. Unlike exploit-based signatures whose error rate can only be empirically measured for known test cases, the quality of a Vulnerability signature can be formally quantified for all possible inputs. We provide a formal definition of a Vulnerability signature and investigate the computational complexity of creating and matching Vulnerability signatures. We also systematically explore the design space of Vulnerability signatures. We identify three central issues in Vulnerability-signature creation: how a Vulnerability signature represents the set of inputs that may exercise a Vulnerability, the Vulnerability coverage (i.e., number of vulnerable program paths) that is subject to our analysis during signature creation, and how a Vulnerability signature is then created for a given representation and coverage. We propose new data-flow analysis and novel adoption of existing techniques such as constraint solving for automatically generating Vulnerability signatures. We have built a prototype system to test our techniques. Our experiments show that we can automatically generate a Vulnerability signature using a single exploit which is of much higher quality than previous exploit-based signatures. In addition, our techniques have several other security applications, and thus may be of independent interest.
Lefteris Angelis - One of the best experts on this subject based on the ideXlab platform.
-
a multi target approach to estimate software Vulnerability characteristics and severity scores
Journal of Systems and Software, 2018Co-Authors: Georgios Spanos, Lefteris AngelisAbstract:Abstract Software vulnerabilities constitute a great risk for the IT community. The specification of the Vulnerability characteristics is a crucial procedure, since the characteristics are used as input for a plethora of Vulnerability scoring systems. Currently, the determination of the specific characteristics -that represent each Vulnerability- is a process that is performed manually by the IT security experts. However, the Vulnerability description can be very informative and useful to predict Vulnerability characteristics. The primary goal of this research is the enhancement, the acceleration and the support of the manual procedure of the Vulnerability characteristic assignment. To achieve this goal, a model, which combines texts analysis and multi-target classification techniques was developed. This model estimates the Vulnerability characteristics and subsequently, calculates the Vulnerability severity scores from the predicted characteristics. To perform the present research, a dataset that contains 99,091 records from a large -publicly available- Vulnerability database was used. The results are encouraging, since they show accuracy in the prediction of the Vulnerability characteristics and scores.
