Implementation Of Database Security Features Using Bit Matrices

Gopal, K

04 1900

Information security is of utmost concern in a multiuser environment. The importance of security is felt much more with the widespread use of distributed database. Information is by itself a critical resource of an enterprise and thus the successful operation of an enterprise demands that data be made accessible only by authorized users and that the data be made to reflect the state of the enterprise. Since many databases are online, accessed by multiple users concurrently, special mechanisms are needed to insure integrity and security of relevant information, This thesis describes a model for computer database security that supports a wide variety of security policies. The terms security policies and security mechanism are presented in Chapter I. The interrelated topics of security and integrity are discussed in some detail. The importance and means of insuring security of information is also presented in this chapter. In Chapter 2, the work done In the field of Computer Security and related topic has been presented. In general computer security models could be classified broadly under the two categories. (1) Models based on Access Control Matrix and (2) Models based on Information Flow Control. The development of the models baaed on the above two schemes as also the policies supported by some of the schemes are presented in this chapter. A brief description of the work carried out in database security as aim the definition of related terns are given in Chapter 3. The interrelationship between the operating system security and database security is also presented in this chapter. In general the database security mechanism depends on the existing operating system. The database security mechanism are thus only as strong as the underlying operating system on which it is developed. The various schemes used for implementing database security such as access controller and capability lists are described in this chapter. In Chapter 4, a model for database security has been described. The model provides for: (a) Delegation of access rights by a user and (b) Revocation of access rights previously granted by a user. In addition, algorithms for enforcing context dependent and content dependent rules are provided in this cheer. The context-dependent rules are stored in the form of elements of a bit matrix. Context-dependent rules could then be enforced by suitably manipulating the bit matrix and interpreting the value of me elements of the matrix, The major advantage of representing the rules using bit matrices is that the matrix itself could be maintalnet3 in main memory. The time taken to examine if a user is authorized to access an object is drastically reduced because of the reduced time required to inspect main memory. The method presented in this chapter, in addition to reducing the time requirement for enforcing security also presents a method for enforcing decentralized authorization control, a facility that is useful in a distributed database environment. Chapter 5 describes a simulation method that is useful for comparing the various security schemes. The tasks involved in the simulation are – 1. Creation of an arrival (job). 2. Placing the incoming job either in the wait queue or in the run state depending on the type of access needed for: the object. 3. Checking that the user on whose behalf the job is being executed is authorized to access the object in the mode requested. 4. Checking for the successful completion of the job and termination of the job. 5. Collection of important parameters such as number of jobs processed, average connect time. Simulation was carried out for timing both the access controller scheme and bit matrix scheme, The results of the simulation run bear the fact that the bit matrix scheme provides a faster method Six types of access were assumed to be permissible, three of the access types requiring shared lock and the rest requiring exclusive locks on the objects concerned, In addition the only type of operation allowed was assumed to be for accessing the objects. It is be noted that the time taken to check for security violation is but one of the factors for rating the security system. In general, various other factors such as cost of implementing the security system, the flexibility that offers enforcing security policies also have to be taken into account while comparing the security systems. Finally, in Chapter 6, a comparison of the security schemes are made. In conclusion the bit matrix approach is seen to provide the following features. (a) The time required to check if an access request should be honoured is very small. (b) The time required to find a11 users accessing an object viz, accountability is quite small. (c) The time required to find all objects accessible by a user is also quite small. (dl The scheme supports both decentralized and centralized authorization control. (e) Mechanism for enforcing delegation of access rights and revocation of access rights could be built in easily. ( f ) The scheme supports content-dependent, context-dependent controls and also provides a means for enforcing history-dependent control. Finally, some recommendations for further study in the field of Computer Database Security are presented.

Computer and Information Science

Computer Security

Database Security

Information Flow Control

Access Control Model

Security Policies

Simulation Process

Bit matrix

Enforcing virtualized systems security

Benzina, Hedi

17 December 2012

Virtual machine technology is rapidly gaining acceptance as a fundamental building block in enterprise data centers. It is most known for improving efficiency and ease of management. However, the central issue of this technology is security. We propose in this thesis to enforce the security of virtualized systems and introduce new approaches that deal with different security aspects related not only to the technology itself but also to its deployment and maintenance. We first propose a new architecture that offers real-time supervision of a complete virtualized architecture. The idea is to implement decentralized supervision on one single physical host. We study the advantages and the limits of this architecture and show that it is unable to react according to some new stealthy attacks. As a remedy, we introduce a new procedure that permits to secure the sensitive resources of a virtualized system and make sure that families of attacks can not be run at all. We introduce a variant of the LTL language with new past operators and show how policies written in this language can be easily translated to attack signatures that we use to detect attacks on the system. We also analyse the impact that an insecure network communication between virtual machines can have on the global security of the virtualized system. We propose a multilevel security policy model that covers almost all the network operations that can be performed by a virtual machine. We also deal with some management operations and introduce the related constraints that must be satisfied when an operation is performed.

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

Sécurity

Virtualization

Security policies

Intrusion detection

Formal languages

Temporal languages

Challenges and possible solutions for ensuring health of urban migrants as a part of India's agenda for a sustainable urban growth story

Borhade, Anjali

January 2018

Internal labour migration is an important livelihood strategy for poor groups worldwide. <b>Aims and objectives</b> This research aims to answer the question "What is appropriate policy framework to address the health needs of the Indian urban migrants?" The research analyses existing policies and compares policies in arrange of countries that have developed mechanisms to address migrant's health needs. Transferable lessons will be drawn to develop a policy framework to address health needs of Indian migrants. Recommendations to improve the health of urban migrants will be made. <b>Methods</b> The research involves a mixed methods approach - literature review, questionnaire survey, qualitative interviews and site visits to understand successes and challenges in the implementation of migration and health policies in India and other countries. A literature review was conducted to understand the impact of migration - its health outcomes and policies in India and abroad. A pre-tested, interviewer-administered questionnaire survey was conducted using random sampling with 4000 migrants in Nashik to understand their access to health care. In-depth interviews were conducted with policy makers in ministries including health and labour, migrant's organizations and international agencies in India, China, Philippines, Sri Lanka and Vietnam to understand the successes and challenges in the implementation of migration and health policies and learn from their experiences. <b>Conclusions</b> Internal migration is rising in India mainly from the scheduled tribes and castes. Lack of migration specific data, state specific programmes/policies linked with state citizenship and lack of federal structures are key challenges to meet the unique needs of Indian migrants. Lessons for India were learnt from other countries included initiating a migration census, introducing a national portable health insurance and a comprehensive 'whole government approach'. Recommendations were made to enable the government to facilitate appropriate policy to improve the health and status of the migrants.

O brasil e a segurança no cone sul no pós-guerra fria / Brazil and the post-cold war international security in the southern cone

Juan Ignacio Albino Roman Castillo

30 January 2009

Quando se considera a Segurança Internacional da América Latina, comprovasse a inexistência de um ator regional com excedente de poder necessário, tanto em Hard power, poderes econômico, militar, e de mobilização, como de Soft power, de liderança passiva pela persuasão da conveniência da emulação e pela convicção de resultados melhores pela cooperação com o líder ou primus inter pares. Portanto, o exercício de um Smart power, o hábil e eficaz equilíbrio dos dois poderes mencionados só poderá acontecer dentro de um condomínio de boa vontade entre os países da região. Uma Segurança Cooperativa Sustentável para América Latina, com participação seminal dos países do Cone Sul será o objeto de análise deste trabalho. O Brasil e seus vizinhos do Cone Sul, com um peso específico importante na região, devem demonstrar Vontade Nacional e capacidade operativa para facilitar a realização de consensos entre os países envolvidos para garantir uma gestão sustentável da agenda regional de segurança. Isto se torna de particular premência numa conjuntura internacional onde ameaças e desafios relativos a região carecem de qualquer prioridade global, enquanto graves crises atuais e futuras imediatas se ensejam em zonas mais críticas ao Sistema Internacional. Como conseqüência caberá aos países da sub-região exercer eficientemente a vigilância, a prevenção e a rápida solução das ameaças e desafios a segurança. / The inexistence of a regional actor with the required excess of power is observed when considering the International Security of Latin America. Both in Hard power, the economical, military and mobilization powers, and in Soft power, the passive leadership obtained by persuasion of the convenience of imitation, as well as by the conviction of better results granted from cooperation with the leader or primus inter pares. Therefore, the exercise of Smart power, the efficient balance of the afore mentioned powers, can only succeed within an ambient of good will among the nations of the region. For Latin America a Sustainable Cooperative Security, with a seminal role of the countries of the Southern Cone will be the object of analysis of this study. Brazil and its Southern Cone neighbors, with their important specific weight in the region, must make explicit their National Will and operative capacity to enable the consensuses needed among the countries involved to assure a sustainable management of the regional security agenda. These factors are of paramount importance in an international context when threats and challenges related to this region lack any global prominence, at a time when the gravest present, and immediate future, crisises happen in most critical regions of the international System. Consequently, the countries of this sub-region will be forced to efficiently manage by themselves the surveillance, the preventive measures, and the swift solution of threats and challenges to the regions security.

Política de segurança

Relações internacionais

International Relations

Security Policies

Indice di sostenibilità e resilienza dei sistemi agroalimentari; Paese di analisi: Libano / Sustainability and Resilience Index of Agro-Food Systems; Country of Analysis: Lebanon / Sustainability and Resilience Index of Agro-Food Systems; Country of Analysis: Lebanon

EL ZMETER, MIRIAM

24 March 2021

La resilienza alimentare, definizione approvata in tutto il mondo a seguito di molti studi che analizzano questo argomento, è la "capacità nel tempo di un sistema alimentare e delle sue unità a più livelli, di fornire cibo sufficiente, appropriato e accessibile a tutti, a fronte di diverse e disturbi anche imprevisti ”1; In Libano, la resilienza e la sostenibilità del sistema agricolo e alimentare sono sempre state discutibili. In una regione instabile con politiche e istituzioni di governance fragili, distorsione del commercio e bassa qualità del cibo, tra molti altri fattori, meritano attenzione la resilienza e la sostenibilità del sistema agricolo e alimentare. Questo studio analizzerà l'impatto di questi sistemi sulla resilienza e sostenibilità alimentare, concentrandosi su 7 sotto-pilastri del sistema agricolo e alimentare in Libano: (1) Economico, (2) Sociale, (3) Governance, (4) Istituzioni, (5) pratiche ambientali, (6) sicurezza alimentare e nutrizione e (7) risorse naturali; fusa in tre capitali: (1) Capitale socioeconomico, (2) Capitale di governance e istituzioni e (3) Pratiche ambientali, Sicurezza alimentare e nutrizione e Capitale delle risorse naturali. Per ogni pilastro verrà analizzata una serie di indicatori e di conseguenza verrà presentato ai ministeri un elenco di raccomandazioni e pianificazione. Le interconnessioni tra tutti questi pilastri / capitali rappresenteranno l'ultimo legame tra tutte le componenti del sistema agricolo e alimentare e come una performance ideale richieda attenzione a molti indicatori. Molti aspetti trascurati dagli indici internazionali, come il GFSI (Global Food Security Index) e il Food Sustainability Index, si aggiungeranno all'indice che andremo a disegnare. Inoltre, verrà effettuata un'analisi comparativa utilizzando l'indice prima e dopo la crisi siriana al fine di testare la capacità di questo indice di anticipare i meccanismi di coping e di capire come funziona il sistema quando è colpito da uno shock. L'indice creato verrà utilizzato per monitorare lo stato ogni anno e non è utilizzabile una tantum. L'indice per il Libano, dopo aver applicato il quadro di analisi, è compreso tra 0,25 e 0,5, indicando che il Paese sta funzionando in modo inadeguato ed è altamente a rischio se non vengono effettuati interventi, e continuerà a comportarsi in questo modo di fronte a un nuovo shock . Ciò supporta la conclusione che il sistema alimentare in Libano non è resiliente e che la sicurezza alimentare e la sicurezza delle persone in Libano sono a rischio, il che potrebbe portare alla conseguenza finale: la fame. Parole chiave: crisi, sostenibilità, resilienza, indice, indicatori, sicurezza alimentare, sicurezza alimentare, politiche, correlazione. / Food resilience, definition approved worldwide as a result of many studies analyzing this topic, is the “capacity over time of a food system and its units at multiple levels, to provide sufficient, appropriate and accessible food to all, in the face of various and even unforeseen disturbances”1; In Lebanon, the resilience and sustainability of the agricultural and food system have always been questionable. In a volatile region with fragile governance policies and institutions, trade distortion, and low food quality, among many other factors, the resilience and the sustainability of the agricultural and food system are worth the attention. This study will analyze the impact of these systems on food resilience and sustainability, focusing on 7 sub-pillars of the agricultural and food system in Lebanon: (1) Economic, (2) Social, (3) Governance, (4) Institutions, (5) Environmental Practices, (6) Food Safety and Nutrition and (7) Natural resources; merged under three capitals: (1) Socio- Economic Capital, (2) Governance and Institutions Capital and (3) Environmental Practices, Food Safety and Nutrition and Natural Resources Capital. For each pillar, a set of indicators will be analyzed and a list of recommendations and planning will be presented to the ministries accordingly. The interlinks between all these pillars/capitals will portray the ultimate link between all components of the agricultural and food system, and how an ideal performance requires attention to many indicators. Many aspects missed from international indexes, such as the GFSI (Global Food Security Index) and the Food Sustainability Index, will be added to the index we will be designing. In addition, a comparative analysis will be done using the index before and after the Syrian crisis in order to test the capacity of this index to anticipate coping mechanisms and to understand how the system works when affected by a shock. The index created will be used to track the status each year and is not of a one-off use. The index for Lebanon, after applying the framework of analysis, is between 0.25 and 0.5, indicating that the country is performing inadequately and is highly at risk if no interventions take place, and will continue to perform this way in the face of a new shock. This supports the conclusion that the food system in Lebanon is not resilient, and that the food security and safety of people in Lebanon is at risk, which overtime might lead to the ultimate consequence – hunger.

AGR/01: ECONOMIA ED ESTIMO RURALE

Factors Affecting Employee Intentions to Comply With Password Policies

Anye, Ernest Tamanji

01 January 2019

Password policy compliance is a vital component of organizational information security. Although many organizations make substantial investments in information security, employee-related security breaches are prevalent, with many breaches being caused by negative password behavior such as password sharing and the use of weak passwords. The purpose of this quantitative correlational study was to examine the relationship between employees’ attitudes towards password policies, information security awareness, password self-efficacy, and employee intentions to comply with password policies. This study was grounded in the theory of planned behavior and social cognitive theory. A cross-sectional survey was administered online to a random sample of 187 employees selected from a pool of qualified Qualtrics panel members. Participants worked for organizations in the United States and were aware of the password policies in their own organizations. The collected data were analyzed using 3 ordinal logistic regression models, each representing a specific measure of employees’ compliance intentions. Attitudes towards policies and password self-efficacy were significant predictors of employees’ intentions to comply with password policies (odds ratios ≥ 1.257, p < .05), while information security awareness did not have a significant impact on compliance intentions. With more knowledge of the controllable predictive factors affecting compliance, information security managers may be able to improve password policy compliance and reduce economic loss due to related security breaches. An implication of this study for positive social change is that a reduction in security breaches may promote more public confidence in organizational information systems.

Employee Compliance

Information Security Policies

Intention to Comply

Password Policy

Password Self-efficacy

Security Awareness

Databases and Information Systems

SAFE: A Declarative Trust-Agile System with Linked Credentials

Thummala, Vamsidhar

January 2016

<p>Secure Access For Everyone (SAFE), is an integrated system for managing trust</p><p>using a logic-based declarative language. Logical trust systems authorize each</p><p>request by constructing a proof from a context---a set of authenticated logic</p><p>statements representing credentials and policies issued by various principals</p><p>in a networked system. A key barrier to practical use of logical trust systems</p><p>is the problem of managing proof contexts: identifying, validating, and</p><p>assembling the credentials and policies that are relevant to each trust</p><p>decision. </p><p>SAFE addresses this challenge by (i) proposing a distributed authenticated data</p><p>repository for storing the credentials and policies; (ii) introducing a</p><p>programmable credential discovery and assembly layer that generates the</p><p>appropriate tailored context for a given request. The authenticated data</p><p>repository is built upon a scalable key-value store with its contents named by</p><p>secure identifiers and certified by the issuing principal. The SAFE language</p><p>provides scripting primitives to generate and organize logic sets representing</p><p>credentials and policies, materialize the logic sets as certificates, and link</p><p>them to reflect delegation patterns in the application. The authorizer fetches</p><p>the logic sets on demand, then validates and caches them locally for further</p><p>use. Upon each request, the authorizer constructs the tailored proof context</p><p>and provides it to the SAFE inference for certified validation.</p><p>Delegation-driven credential linking with certified data distribution provides</p><p>flexible and dynamic policy control enabling security and trust infrastructure</p><p>to be agile, while addressing the perennial problems related to today's</p><p>certificate infrastructure: automated credential discovery, scalable</p><p>revocation, and issuing credentials without relying on centralized authority.</p><p>We envision SAFE as a new foundation for building secure network systems. We</p><p>used SAFE to build secure services based on case studies drawn from practice:</p><p>(i) a secure name service resolver similar to DNS that resolves a name across</p><p>multi-domain federated systems; (ii) a secure proxy shim to delegate access</p><p>control decisions in a key-value store; (iii) an authorization module for a</p><p>networked infrastructure-as-a-service system with a federated trust structure</p><p>(NSF GENI initiative); and (iv) a secure cooperative data analytics service</p><p>that adheres to individual secrecy constraints while disclosing the data. We</p><p>present empirical evaluation based on these case studies and demonstrate that</p><p>SAFE supports a wide range of applications with low overhead.</p> / Dissertation

Computer science

Logic-based access control

authorization

SAFE

Safelog

Safelang

slog

slang

SafeSets

SafeX

Security Policies

Software-as-a-service

Distributed Systems

Trust Logic

Declarative Languages

Trust Management

Synthèse et compilation de services web sécurisés / Synthesis and Compilation of Secured Web Services

Mekki, Mohamed-Anis

19 December 2011

La composition automatique de services web est une tâche difficile. De nombreux travaux ont considérés des modèles simplifiés d'automates qui font abstraction de la structure des messages échangés par les services. Pour le domaine des services sécurisés nous proposons une nouvelle approche pour automatiser la composition des services basée sur leurs politiques de sécurité. Étant donnés, une communauté de services et un service objectif, nous réduisons le problème de la synthèse de l'objectif à partir des services dans la communauté à un problème de sécurité, où un intrus que nous appelons médiateur doit intercepter et rediriger les messages depuis et vers la communauté de services et un service client jusqu'à atteindre un état satisfaisant pour le dernier. Nous avons implémenté notre algorithme dans la plateforme de validation du projet AVANTSSAR et nous avons testé l'outil correspondant sur plusieurs études de cas. Ensuite, nous présentons un outil qui compile les traces obtenues décrivant l'exécution d'un médiateur vers le code exécutable correspondant. Pour cela nous calculons d'abord une spécification exécutable aussi prudente que possible de son rôle dans l'orchestration. Cette spécification est exprimé en ASLan, un langage formel conçu pour la modélisation des services Web liés à des politiques de sécurité. Ensuite, nous pouvons vérifier avec des outils automatiques que la spécification ASLan obtenue vérifie certaines propriétés requises de sécurité telles que le secret et l'authentification. Si aucune faille n'est détectée, nous compilons la spécification ASLan vers une servlet Java qui peut être utilisé par le médiateur pour contrôler l'orchestration / Automatic composition of web services is a challenging task. Many works have considered simplified automata models that abstract away from the structure of messages exchanged by the services. For the domain of secured services we propose a novel approach to automated composition of services based on their security policies. Given a community of services and a goal service, we reduce the problem of composing the goal from services in the community to a security problem where an intruder we call mediator should intercept and redirect messages from the service community and a client service till reaching a satisfying state. We have implemented the algorithm in AVANTSSAR Platform and applied the tool to several case studies. Then we present a tool that compiles the obtained trace describing the execution of a the mediator into its corresponding runnable code. For that we first compute an executable specification as prudent as possible of her role in the orchestration. This specification is expressed in ASLan language, a formal language designed for modeling Web Services tied with security policies. Then we can check with automatic tools that this ASLan specification verifies some required security properties such as secrecy and authentication. If no flaw is found, we compile the specification into a Java servlet that can be used by the mediatior to lead the orchestration

Services Web

Composition

Orchestration

Politiques de sécurité

Propriétés de sécurité

Protocoles Cryptographiques

Web Services

Composition

Orchestration

Security Policies

Security Properties

Cryptographic Protocols

005.8

Análise de políticas de controle de acesso baseado em papéis com rede de Petri colorida. / Policies analysis of role based access control with colored Petri net.

Ueda, Eduardo Takeo

24 May 2012

Controle de acesso é um tópico de pesquisa importante tanto para a academia quanto para a indústria. Controle de Acesso Baseado em Papéis (CABP) foi desenvolvido no início dos anos 1990, tornando-se um padrão generalizado para controle de acesso em vários produtos e soluções computacionais. Embora modelos CABP sejam largamente aceitos e adotados, ainda existem questões para responder. Um dos principais desafios de pesquisa em segurança baseada em papéis é determinar se uma política de controle de acesso é consistente em um ambiente altamente dinâmico. Nossa pesquisa visa preencher essa lacuna fornecendo um método para analisar políticas CABP com respeito a dois aspectos significativos: segurança e dinamismo envolvendo papéis e objetos. Para este propósito, desenvolvemos um modelo de descrição e simulação de política usando rede de Petri colorida e CPN Tools. O modelo descreve e é capaz de simular vários estados CABP em um contexto de educação a distância típico. Usando este modelo, foi possível analisar o espaço de estados produzido pela rede de Petri colorida em um cenário dinâmico envolvendo a criação de novos papéis e objetos. O resultado da análise de alcançabilidade da rede de Petri da política demonstrou que é possível verificar a consistência de políticas de controle de acesso considerando a dinamicidade de papéis e objetos, e apontou vantagens de aplicabilidade da modelagem de políticas de segurança em ambientes distribuídos utilizando rede de Petri colorida. / Access control is an important research topic both for academia and industry. Role Based Access Control (RBAC) was developed in the early 1990s, becoming a generalized standard of access control for many products and computing solutions. Although RBAC models have been widely accepted and adopted, there are issues to answer. One of the key challenges for role-based security research is to characterize whether an access control policy is consistent in a highly dynamic environment. Our research aims filling this gap providing a method to analyze RBAC policies with respect to two significant aspects: security and dynamics involving roles and objects. For this purpose, we developed a policy description and simulation model using colored Petri net and the CPN Tools. The model describes and is capable to simulate many RBAC states in a typical distance education context. Using this model it was possible to analyze the state space provided by colored Petri net that simulates a dynamic environment and the creation of new roles and objects. The result of the reachability analysis of Petri net policy showed that it is possible to check the consistency of access control policies considering dynamic of roles and objects, and point out the advantages and applicability of modeling security policies in distributed environments using colored Petri net.

Colored Petri net

Controle de acesso baseado em papéis

Modelagem

Modelling

Políticas de segurança

Rede de Petri colorida

Role based access control

Security policies

Simulação

Simulation

Les réseaux criminels entre logiques économiques et logiques ethno-culturelles / Criminal networks between economic and cultural logics

Sartini, Tony

28 November 2018

La tradition criminologique conçoit volontiers le crime comme un fait individuel. A rebours de cette conception, cette thèse se propose de comprendre le crime comme un fait social et politique. Les modèles matérialistes et culturalistes classiques ont pu rendre compte des variables économiques et culturelles explicatives du crime. Pour autant, ils ont insuffisamment pris en compte ce fait fondamental que l’activité criminelle est, dans sa masse, une activité de groupe. En particulier, ils peinent à expliquer la surreprésentation des minorités -notamment ethniques- dans le crime. Un modèle sociométrique dit d’ « encastrement criminel » permet de montrer en quoi la sociabilité des minorités donne des avantages comparatifs auxdites minorités dans la criminalité organisée.Parce qu’elle est d’abord un phénomène de réseaux, la criminalité s’explique donc en comprenant les logiques économiques qui motivent les membres des réseaux criminels, mais également les logiques ethno-culturelles qui les structurent. De telles logiques sont toujours prédominantes dans le monde contemporain, marqué par la globalisation, le caractère plus virtuel des échanges, le communautarisme et le terrorisme. Ces logiques économiques et culturelles ont insuffisamment été prises en compte par les politiques publiques de sécurité en France, en particulier les politiques de la ville et de renseignement criminel. Cela tient en bonne partie au modèle français, qui peine à appréhender les logiques du crime de façon pragmatique, et à prendre en compte l’ethnicité. / Criminal networks between economic and cultural logics The criminological tradition readily conceives crime as an individual fact. Unlike this conception, this thesis proposes to understand the crime as a social and political fact. The traditional materialistic and culturalist models were able to account for the explanatory economic and cultural variables of the crime. However, they have insufficiently taken into account this fundamental fact that criminal activity is, in its mass, a group activity. In particular, they are struggling to explain the over-representation of minorities-especially ethnic-in crime. A sociometric model called "Criminal embeddedness" shows how the sociability of minorities gives comparative advantages to such minorities in organized crime.Because it is primarily a phenomenon of networks, crime is thus explained by understanding the economic logics that motivate members of criminal networks, but also the ethno-cultural logics that structure them. Such logics are always prevalent in the contemporary world, characterized by globalization, the more virtual nature of trade, communitarianism and terrorism. These economic and cultural logics were not sufficiently taken into account by public security policies in France, in particular in urban governance and in criminal intelligence policies. This is largely due to the French model, which is struggling to grasp the logic of crime in a pragmatic way, and to take into account ethnicity.

Réseaux criminels

Criminalité organisée

Sociologie du crime

Matérialisme

Culturalisme

Ethnicité

Renseignement criminel

Politiques publiques de sécurité

Criminal networks

Organisez crime

Crime sociology

Materialism

Culturalism

Ethnicity

Criminal intelligence

Security policies