國際能源安全之研究—以美國石油安全政策涉足中亞油源為例

許庭瑜, Hsu, Ting-Yu

Unknown Date

本文由新安全觀角度研究石油能源安全，由安全分析發現，任何影響石油供給的課題，都會成為安全議題的指涉對象；二戰結束後，因戰爭需求的石油使用動機轉變成為經濟發展的目的，因此經濟互動對能源安全的影響，加上自70年代末期後核能使用對環境破壞帶來的不確定性，更加重石油在能源市場的重要性，另一方面，環境議題的重視在90年代以來成為影響石油能源安全的重要「功能性行為者」，所以國際能源安全大致受到能源生產消費自身的限制、經濟發展與能源產業的互動，及環境管制的三面向的領域作用影響。 由區域安全分析的層次來看，資源蘊藏與地域分配有密切關係，在60年代後石油躍升成主要的能源來源，加上石油輸出國家組織的成立，使石油生產集中的情況更加明顯，面對政治夾雜經濟的複雜供需情況，使區域安全分析成為研究能源安全的重要途徑。本文以美國涉足中亞之石油能源安全為例發現，因為能源生產分配集中，使油氣產地對更具戰略意義，然政治因素仍是目前影響美國石油安全的重要變因，但經濟及環境發展在能源安全政策整體制定上仍是不可或缺的內涵。 / The thesis is aimed to make the study of oil energy security in the viewpoint of new security concept. In the framework of security analysis, what may affect the oil security of supply will be possible to be the reference object of security agenda. And after the WW II, the purpose of oil using form the war fighting to economic development emphasize the importance between the energy security and economic interaction. With the environmental destruction uncertainties resulting from the nuclear using, the environmental issue became the main factor— the functional behavior within the framework of energy security analysis. Thus, international energy security is concerned by the aspects of the self-limitation of energy supplier, the interaction between the economic development and energy industries, and the environmental regulation. We can reach the conclusion that there is the close relation between the energy resource and regional distribution with the regional level of security analysis. In 60s, oil raise to be the main global energy source, and phenomenon of oil production centralization became more obvious after the foundation of OPEC. Facing the situation mixed with the energy supply and demand because of the political and economic reasons, it is the best method to take the way of regional security analysis to make the study of energy security. Besides, it concludes that the oil production place become more strategic as making the study of “American oil energy security policy set foot in Central Asia”. At the present time, political factor still ruling guides the American oil energy security; however, the environment development is indispensable in making the whole energy security policy.

非傳統安全

能源安全

美國能源安全

中亞

□海

Nontraditional Security

Energy Security

American Energy Security Policy

Central Asia

Caspian Sea

蘇聯與中共國家安全政策之比較研究-以韓戰為例 / A comparative study on national security policy between USSR and PRC- Focusing on the Korean War(1950-1953)

葉奕葭, Elizabeth Y. C. Yeh

Unknown Date

雖則蘇聯已經解體，世界進入了後冷戰時代。在冷戰時期相互抗衡的美蘇關係，仍是學界研究的熱點之一。自1990年冷戰終結之後，蘇聯、原本在舊蘇聯中的國家及中國大陸檔案資料的陸續開放，對韓戰研究可說有了新的突破。以美國學者John Lewis Gaddis為首的冷戰國際史學派補充或批判了前面包括傳統學派、修正學派等研究的不足之處。 本文引用檔案和韓戰研究學者的論點與分析，重新梳理在韓戰前後蘇中的國家安全政策考量，並深入析論有關下列幾項當今學者尚未分析或深入研究的種種問題。 本研究嘗試結合國際關係與冷戰國際史(Cold War International History Project)兩學門之跨領域研究，藉以澄清韓戰時期國際體系成員的互動及其造成的影響。另外，也試著使用理性決策模式來分析中蘇兩國領導人的國家安全決策。 研究結果顯示中蘇兩國領導人都是以理性判斷認為自己的決策是正確的，然而事實結果卻並非如此。莫斯科對平壤所提之韓戰計畫錯誤地開放了「綠燈」，北京在多次以外交方式警告華盛頓無效之後，認為美國可能進攻中國東北，並對其新興政權造成威脅，以致最後出兵介入韓戰。戰爭的結果最後還是在38度線附近簽署了停戰協定，但南北韓仍舊尚未統一，無數人員卻因此喪失寶貴的生命。 本文結論提出在美軍進逼鴨綠江和蘇聯的雙重壓力下，中共最後決定出兵介入韓戰，主因是國家安全利益。中共軍事戰略因戰局轉變而改變其戰略：前期是「間接路線」與「殲滅戰」，後期則是「消耗戰」。不論是在軍事戰略或是外交戰略上，莫斯科扮演之角色是在背後指揮協調北京和平壤。蘇聯使中共成為「責任承擔者」(buck-catcher)，本國則扮演「離岸平衡者」(offshore balancer)的角色。中共和北韓事事都要通報莫斯科，由莫斯科做出最後決定─即使北京和平壤兩方都想停戰，莫斯科仍堅持不停戰。戰爭後期蘇聯為削弱美國和中共實力，支持中共續戰。 韓戰停戰協議之簽署是因史達林去世之後。莫斯科認為戰爭再繼續有損蘇聯國家利益，乃通知平壤和北京有關停戰的解決方針的策略。韓戰協議的簽署基本上是在莫斯科新政府的領導與調停之下，北京和平壤最後遵循了莫斯科的指示才停戰。 中蘇兩造在共同利益驅使之下為追求個別利益，在利益衝突之間尋求合作利益。兩國且於韓戰之中各自為該國的國家利益著想，盟友關係只是暫時的而非永久的。 / In this study, an attempt is made to clarify the interactions between the members of the international system during the Korean War in an interdisciplinary approach combining the International Relations and the Cold War International History. Based on the materials from opened archives in the former Soviet Union and Communist China, the considerations, objectives and national security strategies of the leaders are analyzed in the light of the rational decision-making model. The results show that although the leaders made their own judgments based on rational thinking, the outcome of the war is the armistice agreement demarcating the 38th parallel as the borderline between the two Koreas with minor changes; North and South Korea are still yet to be reunified, despite numerous soldiers and civilians losing their precious lives. The conclusion is as follows. China decided to send troops to intervene in the Korean War mainly due to national security interest to cope with the threat of the approaching US forces and the Soviet Union pressure. To cope with the varying war situation, China’s military strategy changed from the “war of annihilation” and the “indirect approach strategy” in the former phase, to the “strategy of exhaustion” in the later phase. Whether in the military or diplomatic field, Moscow played a commanding role and coordinated of Beijing and Pyongyang behind. Soviet Union made China the “buck-catcher”, meanwhile played the role as the “offshore balancer”. Soviet Union pushed for the continuation of the war to weaken the strength of United States, in spite of the reluctance of China and North Korea. It was after Joseph V. Stalin’s death than the Armistice Agreement was finally signed. The signing of the agreement was essentially under the lead of the new leadership in Moscow. Both Soviet Union and China sought their own national interest during the Korean war. The Sino- Soviet alliance was only temporary rather than permanent.

蘇聯

中共

北韓

韓戰

中蘇同盟

國家利益

國家安全政策

Soviet Union

Communist China

North Korea

Korean War

Sino-Soviet alliance

national interest

national security policy

Intrusion detection techniques in wireless local area networks

Gill, Rupinder S.

January 2009

This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.

Ryssland - En säker granne eller en anledning till "Motståndskraft"? : En diskursanalys av Försvarsberedningens representation av Ryssland 2003-2017 / Russia - A secure neighbor or a reason for "Resilience"? : A discourse analysis of the Swedish Defense Commissions representation of Russia 2003-2017

Hermansson, Lisa

January 2018

When Sweden 2017 changed the risk valuation of an armed attack against Sweden from not likely to that it can’t be ruled out, it got the swedish peoples and medias attention. Russia has during the last centuries had an extensive impact in Swedish security and defense politics. This study examine if there has been any change in the Swedish representation of Russia and as a consequence may have affected the risk assessment. By analyze the discourse in four reports by the Swedish Defence Commission with the method of framing this study will use the theory of securitization developed by Barry Buzan, Ole Wæver and Jaap de Wilde as it advocates a wide concept of security. Securitization is the process in which an actor turns a subject into a matter of security. The study finds evidence that the representation of Russia in the Swedish discourse has changed for the worse and it is possible that it has affected the changed risk assessment.

Russia

Sweden

Securitization

Threat Construction

Discourse Analysis

Framing

Security Policy

International Relations

Swedish Defense Commission

Ryssland

Sverige

Säkerhetisering

Hotbildskonstruktion

Diskursanalys

Framing

Säkerhetspolitik

Internationella relationer

Försvarsberedningen

Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness

Frangopoulos, Evangelos D.

31 March 2007

As Information Security (IS) standards do not always effectively cater for Social Engineering (SE) attacks, the expected results of an Information Security Management System (ISMS), based on such standards, can be seriously undermined by uncontrolled SE vulnerabilities. ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of standard not restricted to technical controls, while encompassing proposals from other standards and generally-accepted sets of recommendations in the field. Following an analysis of key characteristics of SE and based on the study of Psychological and Social aspects of SE and IS, a detailed examination of ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its controls with respect to SE is provided. Furthermore, enhancements to existing controls and inclusion of new controls aimed at strengthening the defense against Social Engineering are suggested. Measurement and quantification issues of IS with respect to SE are also dealt with. A novel way of assessing the level of Information Assurance in a system is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)

Information assurance

Influence

Persuasion

Actor-network theory

Objective reality

Subjective reality

ISO 27002

ISO 27001

ISO 17799

Security policy

Information security

Social engineering

005.8

Social engineering

Data protection

Computer security

An investigation of information security policies and practices in Mauritius

Sookdawoor, Oumeshsingh

30 November 2005

With the advent of globalisation and ever changing technologies, the need for increased attention to information security is becoming more and more vital. Organisations are facing all sorts of risks and threats these days. It therefore becomes important for all business stakeholders to take the appropriate proactive measures in securing their assets for business survival and growth. Information is today regarded as one of the most valuable assets of an organisation. Without a proper information security framework, policies, procedures and practices, the existence of an organisation is threatened in this world of fierce competition. Information security policies stand as one of the key enablers to safeguarding an organisation from risks and threats. However, writing a set of information security policies and procedures is not enough. If one really aims to have an effective security framework in place, there is a need to develop and implement information security policies that adhere to established standards such as BS 7799 and the like. Furthermore, one should ensure that all stakeholders comply with established standards, policies and best practices systematically to reap full benefits of security measures. These challenges are not only being faced in the international arena but also in countries like Mauritius. International researches have shown that information security policy is still a problematic area when it comes to its implementation and compliance. Findings have shown that several major developed countries are still facing difficulties in this area. There was a general perception that conditions in Mauritius were similar. With the local government's objective to turn Mauritius into a "cyber-island" that could act as an Information Communication & Technology (ICT) hub for the region, there was a need to ensure the adoption and application of best practices specially in areas of information security. This dissertation therefore aims at conducting a research project in Mauritius and assessing whether large Mauritian private companies, that are heavily dependent on IT, have proper and reliable security policies in place which comply with international norms and standards such as British Standard Organisation (BSO) 7799/ ISO 17799/ ISO 27001. The study will help assess the state of, and risks associated with, present implementation of information security policies and practices in the local context. Similarities and differences between the local security practices and international ones have also been measured and compared to identify any specific characteristics in local information security practices. The findings of the study will help to enlighten the security community, local management and stakeholders, on the realities facing corporations in the area of information security policies and practices in Mauritius. Appropriate recommendations have been formulated in light of the findings to improve the present state of information security issues while contributing to the development of the security community / Computing / M.Sc. (Information Systems)

Adherence to established standards

Information security framework

Information security policy

Information security practices

Security standards

Compliance

Information security risk

Procedures

005.8096982

Information policy -- Mauritius

A política previdenciária e as imagens do envelhecimento: um estudo do processo de aposentadoria rural. / Social security policy and images of aging: a study of the rural retirement process.

NASCIMENTO, Adriana Soares.

20 September 2018

Submitted by Johnny Rodrigues (johnnyrodrigues@ufcg.edu.br) on 2018-09-20T21:31:56Z No. of bitstreams: 1 ADRIANA SOARES NASCIMENTO - DISSERTAÇÃO PPGCS 2009..pdf: 6306736 bytes, checksum: 6d2a6bd5dc6ec60e216efd3ec8e22f72 (MD5) / Made available in DSpace on 2018-09-20T21:31:56Z (GMT). No. of bitstreams: 1 ADRIANA SOARES NASCIMENTO - DISSERTAÇÃO PPGCS 2009..pdf: 6306736 bytes, checksum: 6d2a6bd5dc6ec60e216efd3ec8e22f72 (MD5) Previous issue date: 2009-03-13 / Capes / O objetivo dessa dissertação é conhecer as imagens do idoso agricultor construídas no campo das políticas públicas, tendo como foco principal para apreensão destas imagens o processo de concessão da aposentadoria rural que tramita pela previdência social e o sindicato dos trabalhadores rurais do município de Lagoa Seca. Enfocamos as imagens, enquanto categoria de análise e, para situar o tema das imagens do idoso agricultor, privilegiamos a abordagem sobre a modernidade sob o fato de que o processo de modernização de alta intensidade tem invadido todas as esferas da vida social, inclusive a esfera dos direitos e das políticas públicas. Constata-se que a teia de relações formata a política de Previdência Social, resignifica, legitima e elabora diferentes imagens dos idosos em geral, e dos idosos agricultores em particular. Estas novas imagens, criadas no contexto da modernidade tensionam e imprimem mudanças na racionalidade, que permeia a concessão dos benefícios previdenciários aos idosos agricultores no momento de receber a aposentadoria. Deste modo, as imagens foram analisadas, levando-se em consideração os processos sociais modernos e globais, traduzidos localmente, possibilitando, visualizar traços e características definidoras das imagens dos idosos agricultores na área em estudo, tentando mostrar a diversidade de interpretações e conflitos que se manifestam no processo de concessão do benefício. Como recurso metodológico, privilegiamos os relatos orais e as manifestações de como o elemento simbólico e material do benefício alteram as imagens dos sujeitos, no sentido de atribuir significados e resignificar as imagens do idoso. (QUEIROZ (1998), THOMPSOM (1992), LANG, 2006). Os dados foram analisados à luz dos conceitos sobre imaginário social, modernidade e políticas públicas. Percebemos que o INSS como instituição de concessão de benefícios elabora imagens do idoso agricultor pela atividade laboral exclusiva na terra, pelo aspecto físico desgastado pelo sol, referenciada pela caricatura histórica do "Jeca-tatu" e que não dá conta da real identidade do agricultor que hoje se apresenta no mundo moderno. Já o sindicato, enquanto órgão de representação dos agricultores e, portanto, um mediador no processo de aposentadoria legitima essas imagens. Para nós, abordar as imagens dos idosos agricultores permitiu concluir que estas fomentam um campo conflituoso acerca de saber quem é o idoso agricultor para a política pública de previdência em um cenário moderno. / The intent of this dissertation is to be informed about the images concerning the aged agriculturist that are formed in the field of public policies. In order to apprehend these images, the work have as main focus the process of concession of the old age pension whích goes through the social welfare and the union of rural workers in the city of Lagoa Seca. We focus the images as a category of analysis, and to situate the subject of the images of the aged agriculturist, we favored the discussion about modernity, because of the fact that high intensity modernization have been invading ali the áreas of social life, mcluding the area of rights and public policy. It is evidenced that the web of relations shapes the policy of social welfare, and signifies, legitimates and elaborates different images of the old aged in general and of the aged agriculturist in particular. These new images, created in the context of modernity intensify and implant changes within the rationality, which penetrates the concession of social welfare benefits to the old aged, at the moment to receive the old age pension. Therefore, the images were analyzed, taking into consideration the global and modern social processes, which are translated locally, making possible to visualize traces and defining characteristics of the old aged agriculturist in the area studied, trying to show the diversity of interpretations and conflicts that are manifested in the process of concession of the benefits. As a methodological resource, we privileged the oral accounts and the manifestations of how the symbolic and material element of the benefits, changes the images of the subjects, in the sense of attribute meanings and (re)signify the images of the old aged. The data were analyzed with the help of the concepts about social imaginary, modernity and public policy. We noticed that the INSS, as an institution to concede benefits elaborates images of the old aged agriculturist by the exclusive working activity at the land, by the wasted physical aspect, with the reference of the historical caricature of the "Jeca Tatu" (name and symbol of the simple Brazilian countryman), and it doesn't concerns the real identity of the agriculturist, that presents today in the modern world. As for the union, as an agency that represents the agriculturist and, therefore, mediates the process of retirement, legitimates these images. For us, to approach the images of the old aged agriculturist, it aílowed to conclude that these images create a field of conflicts that concerns who is the old aged agriculturist for the social welfare public policy in a modern scenario.

Sociologia.

Trabalhador rural - aposentadoria

Aposentadoria rural

Política previdenciária

Envelhecimento do homem do campo

Idoso agricultor

Previdência Social

Benefícios previdenciários

Direitos do idoso

Social security policy

Elderly farmer

Aging of man from the field

A dimensão humana no processo de gestão da segurança da informação: um estudo aplicado à Pró-Reitoria de Gestão de Pessoas da Universidade Federal da Paraíba

Araujo, Sueny Gomes Leda

21 March 2016

Submitted by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2017-04-26T12:11:40Z No. of bitstreams: 1 arquivototal.pdf: 4891600 bytes, checksum: e47187dc1816954c4d1cf20a19490124 (MD5) / Made available in DSpace on 2017-04-26T12:11:40Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 4891600 bytes, checksum: e47187dc1816954c4d1cf20a19490124 (MD5) Previous issue date: 2016-03-21 / The information is presented as an important asset for institutions and needs to be protected adequately against undue destruction, temporary unavailability, adulteration or unauthorized disclosure. Various forms of physical, virtual and human threats jeopardize the security of information. Although the technology is responsible for providing part of the solution to these problems, many of the vulnerabilities of information systems can be attributed to man's actions. In this sense, it is salutary to study the human dimension in these processes. Concerned about the security of information in Federal Public Institutions the government published a series of laws, decrees, rules and reports that guides the implementation of information security management actions in public institutions. Thus, this study aimed to analyze the human dimension in the information security management process in the Dean of Personnel Management (Progep) of the Federal University of Paraíba (UFPB) from the perspective of the rules of the federal government. This research is characterized as descriptive research with qualitative and quantitative approach and case study as the method of investigation. Therefore, the documentary research was used, participant observation and interview as data collection techniques. From the triangulation of the three collection methods for data analysis was applied to content analysis. The sample was made up of nine directors who compose the Dean of Personnel Management. The results allowed identifying the need of UFPB on elaborate a policy of information classification, since its absence turns impossible the management of information security. As for information security awareness, it was noted the absence of actions that could contribute in the awareness of the public employee process, such as information security mentioned at the time of entry / ownership of public employees and collaborators; preparation of the responsibility and confidentiality term; formal disciplinary proceedings for breach of information security; and actions as informative manuals, campaigns, lectures and meetings. In the use of information security controls, there were initiatives of implementation of certain controls, however, the procedures were eventually made in error, without compliance of the regulatory guidelines. Based on the above, the results of this research can help minimize the impact of threats to information security in Progep /UFPB and, as well, contribute to the creation of a safety culture in federal institutions. / A informação apresenta-se como um importante ativo para as instituições, necessitando ser protegida de forma adequada contra destruição indevida, indisponibilidade temporária, adulteração ou divulgação não autorizada. Várias formas de ameaças físicas, virtuais e humanas, comprometem a segurança das informações. Apesar de a tecnologia ser responsável por fornecer parte da solução para esses problemas, muitas das vulnerabilidades dos sistemas de informação podem ser atribuídas às ações do homem. Nesse sentido, torna-se salutar estudar a dimensão humana nesses processos. Preocupado com a segurança da informação nas Instituições Públicas Federais, o governo publicou uma série de leis, decretos, normas e relatórios que orientam a implementação de ações de gestão de segurança da informação nas instituições públicas. Assim, o presente estudo teve por objetivo analisar a dimensão humana no processo de gestão de segurança da informação na Pró-Reitoria de Gestão de Pessoas (Progep) da Universidade Federal da Paraíba (UFPB) sob a ótica das normas do governo federal. Esta pesquisa caracteriza-se como pesquisa descritiva, com abordagem quali-quantitativa e, quanto ao método de investigação, estudo de caso. Para tanto, foi utilizada a pesquisa documental, observação participante e entrevista, como instrumentos de coleta de dados. A partir da triangulação dos três instrumentos de coleta, para a análise dos dados, foi aplicada a análise de conteúdo. A amostra desta pesquisa foi constituída pelos nove diretores que compõem a Pró-Reitoria de Gestão de Pessoas. Os resultados possibilitaram identificar a necessidade da UFPB em elaborar uma política de classificação da informação, uma vez que sua inexistência impossibilita a gestão da segurança da informação. Quanto à conscientização em segurança da informação, observou-se a inexistência de ações que poderiam contribuir no processo de conscientização dos servidores, como: menção à segurança da informação no momento de ingresso/posse de colaboradores e servidores; elaboração do termo de responsabilidade e confidencialidade; processo disciplinar formal para a violação da segurança da informação; e ações como manuais informativos, campanhas, palestras e reuniões. Na utilização dos controles de segurança da informação, observaram-se iniciativas de implantação de determinados controles, entretanto, os procedimentos acabaram sendo realizados de forma equivocada, sem a observância das orientações normativas. Com base no exposto, os resultados desta pesquisa podem auxiliar a minimizar a incidência de ameaças à segurança da informação na Progep/UFPB, bem como contribuir com a criação de uma cultura de segurança em instituições federais.

Segurança da Informação

Política de Segurança da Informação

Normas de Segurança da Informação

Information Security

Information Security Policy

Standards of Information Security

Le contrôle juridictionnel de la coopération intergouvernementale dans l'Union européenne. Contribution au processus de juridictionnalisation de l’Union. / The judicial control of the intergovernmental cooperation in the European Union. Contribution to the process of judicialization of the European Union.

Bachoué-Pedrouzo, Géraldine

21 November 2012

Le contrôle juridictionnel de la coopération intergouvernementale dans l'Union européenne a longtemps fait difficulté. Initialement, la mise à l'écart du juge a conditionné le recours à cette coopération organisée "dans" l'Union. Pourtant, chaque avancée des traités a entraîné un progrès du juge de l'Union et, dès l'origine, la coopération a donné lieu à la formation d'une jurisprudence significative. La coopération intergouvernementale dans l'Union constitue un terrain privilégié d'investigation, susceptible de contribuer à enrichir l'étude d'un processus, celui de la juridictionnalisation de l'Union. Loin de stériliser cette hypothèse, le traité de Lisbonne l'a confirmée et valorisée. L'analyse de la jurisprudence révèle l'existence d'un modèle de contrôle juridictionnel de la coopération intergouvernementale dans l'Union. Celui-ci repose sur le principe d'un contrôle. Forme d'aboutissement du processus, dont elle permet de saisir l'implantation et la portée, l'admission du principe au niveau constitutionnel marque aussi une nouvelle étape dans ce processus. Le juge de l'Union progresse au sein d'un système de contrôle, composé du juge national et de la Cour européenne des droits de l'Homme. Les interactions entre juges sont essentielles pour comprendre l'évolution de l'office du juge de l'Union. S'il est classique d'attendre d'un juge constitutionnel qu'il régule le système institutionnel et qu'il assure la protection des droits fondamentaux, les exigences matérielles et opérationnelles de l'action intergouvernementale contribuent au déploiement d'une fonction juridictionnelle ordinaire. Ces deux axes de travail, principe et fonctions, jettent un éclairage d'ensemble sur le modèle en construction et permettent d'appréhender dans toute sa complétude le processus de juridictionnalisation de la coopération intergouvernementale dans l'Union. / During a long time, the judicial control of the intergovernmental cooperation in the European Union remained a difficulty. Initially, the sideline of the judge conditioned the use of this cooperation, organised “in” the European Union. However, each step forward of the Treaties led to a progress of the judge of the Union and, from the very beginning, cooperation has resulted in the creation of a significant jurisprudence. Indeed, intergovernmental cooperation in the European Union constitutes a privileged field for investigation, which may contribute to enrich the study of a process, the process of judicialization of the European Union. Away from sterilizing this hypothesis, it was eventually confirmed and valued by the Lisbon Treaty. The analyse of the jurisprudence concerning the common foreign and security policy and the police and judicial cooperation in criminal matters reveals the existence of a model of judicial control over the intergovernmental cooperation in the European Union. This model is based on the principle of control. The admission of the principle, at the constitutional level, is a form of outcome of the process; it allows understanding the establishment and the extent of the process, as well as it materializes a new step in this process. The European judge evolves in a system of control, constituted by the national Court and the European Court of Human Rights. The judges’ interactions are essential in order to understand the evolution of the role of the European Union judge. Although it appears classical to expect from a constitutional judge that he rules the institutional system and that he ensures the protection of fundamental rights, the intergovernmental action material and operational requirements contribute to the deployment of an ordinary judicial function. These two axes of research, principle and functions, project a comprehensive highlight on the model under construction, and allow apprehending, in its entirety, the process of judicialization of the intergovernmental cooperation in the European Union.

Contrôle juridictionnel

Coopération intergouvernementale

Union européenne

Cour de justice

Processus de juridictionnalisation

Judicial control

Intergovernmental cooperation

European Union

Court of justice

Process of judicialization

Common foreign and security policy

Securing Network Connected Applications with Proposed Security Models

Konstantaras, Dimitrios, Tahir, Mustafa

January 2008

In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies. However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications. By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies. An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.

Security service

security mechanism

security protocol

security policy

X.800 standard

attacks

application proxy

firewall

Virtual Private Network (VPN)

plugin

filter

Team Software Process (TSP)

IPsec

Common Criteria (CC)

DMZ

Computer Sciences

Datavetenskap (datalogi)