Search for: All records

Controlling wind-induced responses is a challenging and fundamental step in the design of wind-sensitive critical infrastructures (CI). While passive design modifications and passive control devices are effective alternatives to a certain extent, further actions are required to fulfill design specifications under some demanding circumstances. Active countermeasures, such as active dampers, active aerodynamic devices, and operational control systems, stand out as a smart alternative that allows extra control over wind-induced responses of tall buildings, long-span bridges, wind turbines, and solar trackers. To make this possible, CI are equipped with operational technology (OT) and cyber–physical systems (CPS). However, as with any other OT/CPS, these systems can be threatened by cyberattacks. Changing their intended use could result in severe structural damage or even the eventual collapse of the structure. This study analyzes the potential consequences of cyberattacks against wind-sensitive structures equipped with OT/CPS based on case studies reported in the structural control literature. Several cyberattacks, scenarios, and possible defenses, including cyber-secure aero-structural design methods, are discussed. Furthermore, we conceptually introduce and analyze a new cyberattack, the ‘‘Wind-Leveraged False Data Injection’’ (WindFDI), that can be specifically developed by taking advantage of the positive feedback between wind loads and the misuse of active control systems. 

Android applications are extremely popular, as they are widely used for banking, social media, e-commerce, etc. Such applications typically leverage a series of Permissions, which serve as a convenient abstraction for mediating access to security-sensitive functionality within the Android Ecosystem, e.g., sending data over the Internet. However, several malicious applications have recently deployed attacks such as data leaks and spurious credit card charges by abusing the Permissions granted initially to them by unaware users in good faith. To alleviate this pressing concern, we present DyPolDroid, a dynamic and semi-automated security framework that builds upon Android Enterprise, a device-management framework for organizations, to allow for users and administrators to design and enforce so-called Counter-Policies, a convenient user-friendly abstraction to restrict the sets of Permissions granted to potential malicious applications, thus effectively protecting against serious attacks without requiring advanced security and technical expertise. Additionally, as a part of our experimental procedures, we introduce Laverna, a fully operational application that uses permissions to provide benign functionality at the same time it also abuses them for malicious purposes. To fully support the reproducibility of our results, and to encourage future work, the source code of both DyPolDroid and Laverna is publicly available as open-source.