Theses and Dissertations from UMD

Permanent URI for this communityhttp://hdl.handle.net/1903/2

New submissions to the thesis/dissertation collections are added automatically as they are received from the Graduate School. Currently, the Graduate School deposits all theses and dissertations from a given semester after the official graduation date. This means that there may be up to a 4 month delay in the appearance of a give thesis/dissertation in DRUM

More information is available at Theses and Dissertations at University of Maryland Libraries.

Browse

Subject: search.filters.subject.Risk Assessment

Search Results

Now showing 1 - 10 of 10
  • Thumbnail Image
    Item
    A Probabilistic Risk Assessment Based Approach to Understanding and Managing Risks of Natural Gas Distribution Piping in the United States
    (2020) Lyons, Sara; Modarres, Mohammed; Mechanical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Two hundred sixty-nine regulated pipeline system accidents caused fatalities and/or injuries in the United States between 2010 and 2018, resulting in 106 fatalities and 599 injuries requiring hospitalization. About 84% of these serious accidents occurred on gas distribution systems, which primarily transport natural gas. This study adapts probabilistic risk assessment (PRA) methods which are used predominantly in the space and nuclear industries to gas distribution systems in the U.S. Nationwide system and accident data are used to evaluate natural gas distribution system risks, estimate how many additional resources the public would be willing to dedicate to reduce or eliminate these risks, and determine which improvement areas warrant further evaluation. Recommendations regarding the overall PRA-based framework, as well as the scope, quality, and level of detail of the underlying data, are provided.
  • Thumbnail Image
    Item
    The Development of a Qualitative Risk Assessment and Targeted Storage Decline Kinetics Data as Critical Components for Developing a Full Quantitative Risk Assessment of Salmonella Contamination in Milk Chocolate
    (2019) Oni, Ruth Adeola; Buchanan, Robert L; Food Science; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Salmonella enterica infections and outbreaks have been associated with chocolate consumption over the last four decades. The source of contamination for these occasional salmonellosis outbreaks are often unidentified, and typically the level of contamination is only a few salmonellae per serving. The main goals of this dissertation were to collate relevant scientific information regarding microbial safety of milk chocolate, conduct a qualitative assessment of risk factors for Salmonella contamination encountered during the complex processes of cocoa bean cultivation and the subsequent process of milk chocolate manufacturing, and to generate targeted data and survival models for kinetics of Salmonella stored in milk chocolate crumb; all components critical to the development of a stochastic quantitative microbial risk assessment. The farm-to-packaging qualitative assessment provided categorizations of risk for relevant activities and ingredients, identified critical data gaps and “risk spots” and culminated in an Excel-based risk rating tool used to illustrate the usability of the qualitative assessment. Results indicate an overall low residual risk of Salmonella contamination of a packaged milk chocolate product for a base model, provided dictates of process control measures are rigorously adhered to, and the risk rating tool enables the assessment of what-if scenarios for deviations from optimal practices. One of the data gaps identified in the qualitative risk assessment led to investigation into the use of milk chocolate crumb, an intermediate product during milk chocolate processing, and its potential association with Salmonella risk. Evaluation of the survival kinetics of S. enterica in milk crumb showed a significant (p<0.05) dependence of survival on storage temperature, strain and crumb type. Due to the manner in which crumb is generally utilized during milk chocolate processing, findings from this study are the first to link the use of crumb and Salmonella risk, and presents promising opportunities for risk reduction which can be explored through further research into optimization of crumb storage parameters. This study serves as a valuable resource to food safety stakeholders in the chocolate industry as it builds the foundation and provides much-needed data for a quantitative microbial risk assessment model that can be used to optimize food safety control programs.
  • Thumbnail Image
    Item
    EVALUATION OF PUBLIC HEALTH RISK FOR ESCHERICHIA COLI O157:H7 IN CILANTRO
    (2019) Horr, Taryn; Pradhan, Albani; Food Science; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    The supply chain of cilantro was modeled for growth and die-off of Escherichia coli (E. coli) O157:H7 from infield and harvesting, transportation and storage and ultimately consumption at home. Using Visual Basic for Applications (VBA) macros and @RISK software, a simulation model was developed for exposure and estimation of illnesses. Test scenarios were modeled to determine the relative importance of different factors on the risk of illness. The developed model was simulated using Monte Carlo technique and Latin Hypercube sampling for 100,000 iterations. Results showed an increase in the mean E. coli O157:H7 concentration along the supply chain for cilantro grown in both winter and summer weather conditions. In the winter, the mean pathogen concentration increased from 5.6×10-5 CFU/g to 24.7 CFU/g from after harvest to after home storage, respectively. In summer conditions, the mean pathogen concentration increased from 3.2×10-4 CFU/g to 5.2×10-2 CFU/g. The inner quartile ranges (IQRs) for the same model conditions showed a decrease in E. coli O157:H7 concentration along the supply chain for cilantro grown in both winter and summer weather conditions. This indicates a majority of situations result in a decrease in E. coli O157:H7 concentration along the supply chain however rare situations can occur where the concentration will increase greatly. With a prevalence of 0.1% E. coli O157:H7 contamination for cilantro post-harvest used for illustration, the model predicted the mean number of illnesses per year due to the consumption of E. coli O157:H7 contaminated cilantro in the United States as 86 and 164 for cilantro grown during winter and summer conditions, respectively. Sensitivity analysis results indicated that transportation temperatures and quality of irrigation water had the largest impact on the number of illnesses per year. Scenario testing results for different risk factors demonstrated the importance of limiting and reducing cross contamination along the production chain, especially at higher initial prevalence levels and preventing temperature abuse during transportation from farm to retail, when reducing overall risk of illness. The developed risk model can be used to estimate the microbiological risks associated with E. coli O157:H7 in cilantro and determine areas along the supply chain with the most effect on the final concentration per serving for future mitigation strategies.
  • Thumbnail Image
    Item
    Some Guidelines for Risk Assessment of Vulnerability Discovery Processes
    (2019) Movahedi, Yazdan; Cukier, Michel; Reliability Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Software vulnerabilities can be defined as software faults, which can be exploited as results of security attacks. Security researchers have used data from vulnerability databases to study trends of discovery of new vulnerabilities or propose models for fitting the discovery times and for predicting when new vulnerabilities may be discovered. Estimating the discovery times for new vulnerabilities is useful both for vendors as well as the end-users as it can help with resource allocation strategies over time. Among the research conducted on vulnerability modeling, only a few studies have tried to provide a guideline about which model should be used in a given situation. In other words, assuming the vulnerability data for a software is given, the research questions are the following: Is there any feature in the vulnerability data that could be used for identifying the most appropriate models for that dataset? What models are more accurate for vulnerability discovery process modeling? Can the total number of publicly-known exploited vulnerabilities be predicted using all vulnerabilities reported for a given software? To answer these questions, we propose to characterize the vulnerability discovery process using several common software reliability/vulnerability discovery models, also known as Software Reliability Models (SRMs)/Vulnerability Discovery Models (VDMs). We plan to consider different aspects of vulnerability modeling including curve fitting and prediction. Some existing SRMs/VDMs lack accuracy in the prediction phase. To remedy the situation, three strategies are considered: (1) Finding a new approach for analyzing vulnerability data using common models. In other words, we examine the effect of data manipulation techniques (i.e. clustering, grouping) on vulnerability data, and investigate whether it leads to more accurate predictions. (2) Developing a new model that has better curve filling and prediction capabilities than current models. (3) Developing a new method to predict the total number of publicly-known exploited vulnerabilities using all vulnerabilities reported for a given software. The dissertation is intended to contribute to the science of software reliability analysis and presents some guidelines for vulnerability risk assessment that could be integrated as part of security tools, such as Security Information and Event Management (SIEM) systems.
  • Thumbnail Image
    Item
    AN EVENT CLASSIFICATION SCHEMA FOR CONSIDERING SITE RISK IN A MULTI-UNIT NUCLEAR POWER PLANT PROBABILISTIC RISK ASSESSMENT
    (2012) Schroer, Suzanne; Modarres, Mohammad; Reliability Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Today, probabilistic risk assessments (PRAs) at multi-unit nuclear power plants consider risk from each unit separately and do not formally consider interactions between the units. These interactions make the operation of multiple units dependent on each other and should be accounted for in the PRAs. In order to effectively account for these risks in a multi-unit PRA, six main dependence classifications have been created: initiating events, shared connections, identical components, proximity dependencies, human dependencies, and organizational dependencies. This thesis discusses these six classifications that could create dependence between multiple units. As a validation of the classification, this thesis will also discuss multi-unit events that have occurred in operating plants. Finally, this thesis will present existing methodologies that could be used to quantify unit-to-unit dependencies in the PRA for each classification.
  • Thumbnail Image
    Item
    Risk assessment of email accounts: Difference between perception and reality
    (2012) Zinsou, Merine; Cukier, Michel; Mechanical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    The use of Internet is associated with a growing number of security threats. This thesis analyzes how users perceive the security of their email account based on the email account provider. With our study, we aim to contribute to the information security systems literature in three ways: First, by taking a more complete view on security online, and reviewing the concept of usable security, usability, human-computer interaction, trust and user perception. Second, by performing an analysis of providers of online services specifically emails. Third, by applying a renowned risk analysis method called Information Security Risk Analysis Method (ISRAM) for risk assessment. The ISRAM analysis revealed that Hotmail, Gmail and Yahoo email accounts have a medium risk level, while the reality analysis demonstrated no clearly more secure account provider with only low level risk counts.
  • Thumbnail Image
    Item
    Risk Analysis and Damage Assessment For Flood Prone Areas in Washington DC
    (2011) Lessani, Arian; Baecher, Gregory B; Civil Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    This thesis presents a loss estimation method regarding areas of District of Columbia susceptible to flooding, specifically the Southwest quadrant, the National Mall, and Federal Triangle. This thesis develops data for input to a flood model that considers parameters such as detailed digital elevation data, global warming potential, and storm surge for a category IV hurricane. The main goal of this study is to employ a standard method for estimating flooding damages in Washington by supplying combination of the mentioned parameters to the HAZUS-MH 2.0 program. The results of this research is useful for planning purposes, such as reducing natural hazard losses and preparing emergency response and recovery. It is predicted that in the projected storm surge flood more than 1500 buildings would be damaged and about ten thousand people would seek temporary refuge in public shelters. The estimate of total loss for flooding is approximately $1,300 million dollars.
  • Thumbnail Image
    Item
    Cyber-security Risk Assessment
    (2011) Panjwani, Susmit; Baecher, Gregory B; Civil Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Cyber-security domain is inherently dynamic. Not only does system configuration changes frequently (with new releases and patches), but also new attacks and vulnerabilities are regularly discovered. The threat in cyber-security is human, and hence intelligent in nature. The attacker adapts to the situation, target environment, and countermeasures. Attack actions are also driven by attacker's exploratory nature, thought process, motivation, strategy, and preferences. Current security risk assessment is driven by cyber-security expert's theories about this attacker behavior. The goal of this dissertation is to automatically generate the cyber-security risk scenarios by: * Capturing diverse and dispersed cyber-security knowledge * Assuming that there are unknowns in the cyber-security domain, and new knowledge is available frequently * Emulating the attacker's exploratory nature, thought process, motivation, strategy, preferences and his/her interaction with the target environment * Using the cyber-security expert's theories about attacker behavior The proposed framework is designed by using the unique cyber-security domain requirements identified in this dissertation and by overcoming the limitations of current risk scenario generation frameworks. The proposed framework automates the risk scenario generation by using the knowledge as it becomes available (or changes). It supports observing, encoding, validating, and calibrating cyber-security expert's theories. It can also be used for assisting the red-teaming process. The proposed framework generates ranked attack trees and encodes the attacker behavior theories. These can be used for prioritizing vulnerability remediation. The proposed framework is currently being extended for developing an automated threat response framework that can be used to analyze and recommend countermeasures. This framework contains behavior driven countermeasures that uses the attacker behavior theories to lead the attacker away from the system to be protected.
  • Thumbnail Image
    Item
    Integrated Scenario-Based Methodology for Project Risk Management
    (2011) Smith, Clayton Arthur; Mosleh, Ali; Mechanical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Project risk management is currently used in several industries and mandated by government acquisition agencies around the world to manage uncertainty in an effort to improve a project's probability of success. Common practice involves developing a list of risk items scored with probability and consequence ordinal scales by committee usually focusing on cost and schedule issues. A scenario based process modeling construct is introduced using a hybrid Probabilistic Risk Assessment and Decision Analysis framework integrating project development risks with operational system risks. Project management's decisions are explicitly modeled and ranked based on risk importance to the project. Multiple consequence attributes are unified providing a basis for computing total project risk. This study shows that such an approach leads to an analysis system where scenarios tracing risk items to many possible consequences are explicitly understood; the interaction between cost, schedule, and performance models drive the analysis; probabilities for overruns, delays, increased system hazards are determined directly; and state-of-the-art quantification techniques are directly applicable. All these enhance project management's capability to respond with more effective decisions.
  • Thumbnail Image
    Item
    Hybrid Causal Logic Methodology for Risk Assessment
    (2007-11-27) Wang, Chengdong; Mosleh, Ali; Mechanical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Probabilistic Risk Assessment is being increasingly used in a number of industries such as nuclear, aerospace, chemical process, to name a few. Probabilistic Risk Assessment (PRA) characterizes risk in terms of three questions: (1) What can go wrong? (2) How likely is it? (3) What are the consequences? Probabilistic Risk Assessment studies answer these questions by systematically postulating and quantifying undesired scenarios in a highly integrated, top down fashion. The PRA process for technological systems typically includes the following steps: objective and scope definition, system familiarization, identification of initiating events, scenario modeling, quantification, uncertainty analysis, sensitivity analysis, importance ranking, and data analysis. Fault trees and event trees are widely used tools for risk scenario analysis in PRAs of technological systems. This methodology is most suitable for systems made of hardware components. A more comprehensive treatment of risks of technical systems needs to consider the entire environment within which such systems are designed and operated. This environment includes the physical environment, the socio-economic environment, and in some cases the regulatory and oversight environment. The technical system, supported by an organization of people in charge of its operation, is at the cross-section of these environments. In order to develop a more comprehensive risk model for these systems, an important step is to extend the modeling capabilities of the conventional Probabilistic Risk Assessment methodology to also include risks associated with human activities and organizational factors in addition to hardware and software failures and adverse conditions of the physical environment. The causal modeling should also extend to the influence of regulatory and oversight functions. This research offers such a methodology. It proposes a multi-layered modeling approach so that most the appropriate techniques are applied to different individual domains of the system. The approach is called the Hybrid Causal Logic (HCL) methodology. The main layers include: (a) A model to define safety/risk context. This is done using a technique known as event sequence diagram (ESD) method that helps define the kinds of accidents and incidents that can occur in relation to the system being considered; (b) A model that captures the behaviors of the physical system (hardware, software, and environmental factors) as possible causes or contributing factors to accidents and incidents delineated by the event sequence diagrams. This is done by common system modeling techniques such as fault tress (FT); and (c) A model to extend the causal chain of events to their potential human and organizational roots. This is done using Bayesian belief networks (BBN). Bayesian belief networks are particularly useful as they do not require complete knowledge of the relation between causes and effects. The integrated model is therefore a hybrid causal model with the corresponding sets of taxonomies and analytical and computational procedures. In this research, a methodology to combine fault trees, event trees or event sequence diagrams, and Bayesian belief networks has been introduced. Since such hybrid models involve significant interdependencies, the nature of such dependencies are first determined to pave the way for developing proper algorithmic solutions of the logic model. Major achievements of this work are: (1) development of the Hybrid Causal Logic model concept and quantification algorithms; (2) development and testing of computer implementation of algorithms (collaborative work); (3) development and implementation of algorithms for HCL-based importance measures, an uncertainty propagation method the BBN models, and algorithms for qualitative-quantitative Bayesian belief networks; and (4) development and testing of the Integrated Risk Information System (IRIS) software based on HCL methodology.