Global ETD Search

161	A framework for higher academic institutions in the republic of South Africa to mitigate network security threats and attacks. Mohapi, Matrinta Josephine 06 1900 (has links) M. Tech. (Department of Information and Communication Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / The computer networks of higher academic institutions play a significant role in the academic lives of students and staff in terms of offering them an environment for teaching and learning. These institutions have introduced several educational benefits such as the use of digital libraries, cluster computing, and support for distance learning. As a result, the use of networking technologies has improved the ability of students to acquire knowledge, thereby providing a supportive environment for teaching and learning. However, academic networks are constantly being attacked by viruses, worms, and the intent of malicious users to compromise perceived secured systems. Network security threats and cyber-attacks are significant challenges faced by higher academic institutions that may cause a negative impact on systems and Information and Communications Technology (ICT) resources. For example, the infiltration of viruses and worms into academic networks can destroy or corrupt data and by causing excessive network traffic, massive delays may be experienced. This weakens the ability of the institution to function properly, and results in prolonged downtime and the unavailability of Information Technology (IT) services. This research determines challenges faced by higher academic institutions, identifies the type of security measures used at higher academic institutions, and how network security could be addressed and improved to protect against network security threats and attacks. Two research approaches were adopted, namely a survey and an experiment. Survey questionnaires were distributed to IT technical staff at higher academic institutions in Gauteng province to determine the challenges they face in terms of securing their networks. It is crucial that network security takes on a prominent role when managing higher academic institutions‘ networks. The results of the study reveal several challenges such as budget constraints, inadequate security measures, lack of enforcing network security policies, and lack of penetration testing on systems and the network. The results also reveal that the implementation of security measures can and does address network security threats and attacks. It is therefore extremely important for higher academic institutions to implement proper security measures to help mitigate network security threats and attacks. The framework proposed is based on the results from the research study to help mitigate network security threats and attacks at higher academic institutions. Academic networks Cyber-attacks Higher academic institutions Network Network security attacks Network security threats Vulnerabilities Dissertations, Academic -- South Africa Computer networks -- Security measures Computer security Cyberspace -- Security measures Computer crimes -- Prevention
162	Att främja delaktighet hos flerspråkiga barn i språklig sårbarhet : En interventionsstudie om alternativ och kompletterande kommunikation i form av särskilt bildstöd i förskolans undervisning Eriksson, Chantana January 2023 (has links) Att kommunicera är en rättighet som alla har, oavsett funktionsförmåga. I UNICEF Sverige (2021) under artikel 12 i FN:s konvention om barnets rättigheter, Barnkonventionen, tas barns rätt att uttrycka sin mening och höras i alla frågor som rör barnet upp. Detta är tyvärr inte självklart för flerspråkiga barn i språklig sårbarhet eftersom de har svårigheter att uttrycka sig samt att göra sig förstådda. Denna studie handlar om metoden Alternativ och Kompletterande Kommunikation, AKK, och delaktighet. Syftet med studien var att med stöd av interventionen undersöka om AKK, med särskilt fokus på bildstöd är en möjlig väg till ökad delaktighet hos flerspråkiga barn i språklig sårbarhet i förskolan. Studiens syfte var även att undersöka hur förskolepersonal som deltar i interventionen beskriver sitt arbete och hur de upplevde användningen av bildstöd som syftade till att öka barns delaktighet. Med studien önskade jag undersöka om en aktiv användning av bildstöd kunde vara ett arbetssätt för att öka tillgängligheten i förskolans vardagsrutiner och undervisning. Ökad tillgänglighet skulle vara betydelsefullt för samtliga barn, fast särskilt för flerspråkiga barn i språklig sårbarhet. Förhoppningen var att metoden skulle öka barnens möjlighet till delaktighet och lärande i sin utbildning. Intervention genomfördes med två grupper av flerspråkiga barn i språklig sårbarhet på en förskola under fem veckor med två undervisningstillfällen per vecka som ägnades åt interventionen. De två grupperna bestod av en kontrollgrupp som deltog i ordinarie undervisning och en interventionsgrupp som deltog i stödinsatsen (bildstöd). För att besvara studiens syfte och forskningsfrågor valde jag att använda mig av strukturerad observation och kvalitativa intervjuer som metoder för datainsamling. Effekterna av interventionen mättes genom en strukturerad observation med stöd av ett delaktighetsbaserat observationsschema (se bilaga 6) innan och efter interventionsperioden. Efter observationerna användes delaktighetsmodellen av Szönyi och Söderqvist Dunkers (2018), med fokus på de tre delaktighetsaspekterna; tillgänglighet, samhandling och engagemang för analysen. Resultatet beskrivs därefter utifrån dessa aspekter. De semistrukturerade intervjuerna genomfördes med två pedagoger som deltog i intervention efter att interventionsperioden avslutats. Studiens resultat visade, trots att den genomförda interventionen kan betraktas som kortvarig, ändå att en aktiv användning av bildstöd hade ökat barns delaktighet efter interventionsperioden. Resultatet som framkom under intervjuer visade också att pedagogerna hade en positiv inställning till användandet av bildstöd. Pedagoger upplever att bildstöd är ett verktyg som förstärkt det som sägs samt underlättar barnens kommunikation. / Communication is a fundamental human right that everyone should have access to, regardless of their functional ability. Article 12 of the Convention on the rights of the child provides that every child has the right to express freely his/her opinion on all the questions which concern his/her life. Yet, due to difficulties in communicating for multilingual children with linguistic vulnerabilities are at particular risk of not being heard. This study is about Augmentative and Alternative Communication (AAC) and participation. The purpose of this study is to examine about AAC, with specific focus on if picture cards in an intervention study are a possible way for promoting multilingual children with linguistic vulnerabilities’ participation at preschool. With my study I wished to investigate if active use of picture support can be a way to increase accessibility in preschools everyday routines and education. The purpose of the study is also to examine preschool teacher’s description of their work with active use of picture support. This intervention study lasted for a period of five weeks (two lessons a week). To answer the research questions, I have used data sources that consist of observations and interviews. Two groups of children (the control group and the experimental group) have been observed over a period when picture cards are used to help teaching. The data were collected before and after intervention. Intervention effects were analyzed using the participation models of Szönyi and Söderqvist Dunkers (2018) with three aspects: accessibility, interaction, and involvement. Semi-structured interviews were conducted with two preschool teachers at one preschool at the end of intervention. The result of the intervention shows that active use of picture cards has increased multilingual children with linguistic vulnerabilities’ participation. The preschool teachers expressed positive feedback of using picture cards in teaching. Picture cards can support speech and expand children’s ability to communicate. AAC linguistic vulnerabilities multilingualism multilingual children picture cards preschool participation participation model AKK bildstöd delaktighet delaktighetsmodellen flerspråkighet flerspråkiga barn förskola språklig sårbarhet. Pedagogical Work Pedagogiskt arbete Educational Sciences Utbildningsvetenskap Pedagogy Pedagogik Learning Lärande
163	Portabla enheter : Hot, risker, sårbarheter, lösningar och skyddande motåtgärder / Portable devices : Threats, risks, vulnerabilities, solutions and protection countermeasures Moradinia, Pourya, Haule, Godfrey January 2012 (has links) Detta examensarbete har utförts på uppdrag av Försvarsmakten. Arbetets målsättning är att undersöka hot, risker och sårbarheter som portabla enheter kan orsaka eller bidra till inom en organisation. Bärbara datorer med operativsystemet Windows och Mac, samt surfplattor och smartphones med operativsystemet Android, iOS och Windows Phone är de portabla enheter som är utvalda att ingå i denna rapport. Vidare diskuteras förslag på hur man kan förebygga olika säkerhetsrisker. Rapporten tar även upp dagens BYOD-lösningar (Bring Your Own Device). Exempel på olika produkter från kända företag tas upp för att åskådliggöra åtgärder som kan vidtas mot de hot, risker och sårbarheter som orsakas av de portabla enheter som nämns. Förslag på olika metoder och säkerhetslösningar diskuteras för att förenkla förståelsen av hur pass allvarliga problem de säkerhetsrisker som ingår i en portabel enhet kan orsaka. Idag använder en stor mängd företag, myndigheter, organisationer och privatpersoner mobila enheter. Det kan röra sig om antingen företagsägda eller privata mobilenheter. Ökad produktivitet, förbättrad service mot kunder och minskade IT-kostnader är några av många fördelar med att använda portabla enheter i en verksamhet. Men när användning ökar, ökar också riskerna. De flesta mobila enheter har skapats med säkerhetsplattformar som saknar, eller har begränsade säkerhetslösningar, för att de har begränsade resurser i form av minneskapacitet, batteritid och hårddiskutrymme. Dessutom handlar det om ny teknologi som fortfarande är under utveckling. Just detta leder till att mobila enheter är särskilt attraktiva för inkräktare, eftersom de är lätta mål och effekterna blir stora. Det ideala vore en säkerhetslösning som är kompatibel med de flesta mobilplattformar. Dessutom skulle den ha kapacitet att skydda data som sparas på enheten liksom data som skickas mellan enheter, eller mellan en portabel enhet och företagsnätverk. Denna lösning ska också vara anpassad till de behov som finns i en stor organisation, samtidigt som den också måste vara resurssnål med tanke på mobila enheters begränsade kapacitet. För tillfället saknas en sådan lösning på marknaden. Därför bör ett företag eller myndighet i dagsläget se sig om efter ett flertal lämpliga säkerhetslösningar som kan kombineras för att uppnå bästa möjliga säkerhetsnivå i enlighet med dess rådande säkerhetspolicy. / This thesis has been written on behalf of the Swedish Armed Forces (Försvarsmakten). The objective of this thesis is to investigate the threats, risks and vulnerabilities that can be caused by portable devices within an organization. Laptop computers with operative system Windows and Mac, tablet PCs and smart phones with operating system Android, iOS and Windows Phone are the only portable devices that have been selected to be part of this report. Proposals on how to prevent these risks are discussed in this work. The report also discusses today's BYOD solutions. Examples of different products from known companies are admitted to more easily describe the actions of the threats, risks and vulnerabilities caused by the portable devices mentioned. Different methods and security solutions are discussed to simplify the understanding of the severity of problems and security risks caused by the portable devices. The mobile technology has recently become powerful and as a result large enterprises, government workers, small business and private consumers are all using smart phones or other mobile devices to manage both business and personal interactions. Increased employee productivity, improved client services and reduced IT cost are some of the advantages of using mobile devices in an enterprise. Securing these devices at the enterprise level has become a challenge for many IT security experts due to the fact that mobile devices have limited resources (memory, CPU, hard disk space and battery). Therefore, hackers are discovering the economic potential of attacking mobile devices on a course to compromise both business and personal data contained within mobile. An ideal mobile security solution would be one that is compatible with all the major mobile platforms on the market. Moreover, it would have the capacity to protect data stored on the device as well as data sent between devices or between a portable device and an enterprise network. This solution should also be tailored to the needs of an authority or any large organization, while it also has to be resource-efficient, given that mobile devices tend to have limited resources. Unfortunately at the moment there is no such solution on the market. Therefore, a company or authority at the moment should look around for two or more appropriate mobile security solutions that can be combined to achieve the best possible security level in accordance with their current security policies. portable mobile tablet devices threats risks vulnerabilities solutions protection countermeasures portabla mobila mobil surfplattor enheter hot risker sårbarheter lösningar skyddande motåtgärder Computer Systems Datorsystem Communication Systems Kommunikationssystem Telecommunications Telekommunikation
164	Etisk hackning av en smart foderautomat / Ethical hacking of a Smart Automatic Feed Dispenser Lokrantz, Julia January 2021 (has links) Sakernas internet (IoT) syftar till det nät av enheter som samlar och delar data över internet. De senaste åren har användandet av konsument-IoT ökat explosionsartat och åtföljts av en ökad oro kring säkerheten i dessa enheter, då många system visat sig ha bristande säkerhetsimplementeringar. Denna studie undersöker säkerheten i en smart foderautomat för husdjur och redogör för ekonomiska orsaker till förekomsten av sårbarheter. Metoden bygger på att hotmodellera foderautomaten med STRIDE- och DREAD-modellerna följt av en penetrationstestningsfas för några av de allvarligaste hoten. Resultatet visar på att foderautomaten Trixie TX9 har otillräcklig kryptering av nätverksnamn och lösenord till Wi-Fi, är sårbar mot flödesattacker och att analys av trafiken till/från enheten kan avgöra vilket tillstånd den är i. Vidare har foderautomaten flera öppna nätverkstjänster, där bland annat en Telnettjänst som kan nås genom svaga, hårdkodade inloggningsuppgifter som finns publicerade på internet. Ekonomiska orsaker till förekomsten av sårbarheter är främst asymmetrisk information och motstridande incitament. Det är idag svårt för tillverkare att ta betalt för säkerhet då marknaden drivs av snabba lanseringar och utökade funktioner till ett pressat pris. / Internet of things (IoT) refers to the web of connected devices that collect and share data through the internet. The use of consumer-IoT has increased dramatically in recent years, accompanying an increasing concern about the security of these devices as many systems have proven to have insufficient security measures. This study aims to investigate the security level of a smart food dispenser for pets, and account for the underlying economic reasons for the occurrences of vulnerabilities. The method used in this study consists of conducting threat modeling of the food dispenser using STRIDE as well as DREAD models. This is then followed by a penetration-testing phase for some of the more serious threats. The results indicate that the food-dispenser Trixie TX9 has insufficient encryption of network names and passwords, is susceptible to flooding-attacks, and analysis of the incoming/outgoing data traffic from the device can deduct which state it is currently in. Furthermore, the food dispenser has several open network services, Telnet is one among them, which can be accessed through weak, hardcoded credentials that are published on the internet. The economic reasons for these security weaknesses are asymmetrical information and misaligned economic incentives. Manufacturers struggle to charge consumers for an increased level of security as the main market driving factors are swift and regular product launches as well as an expansion of new features available at competitively low prices. Ethical hacking Internet of things Penetration testing Thread modeling STRIDE DREAD Smart food dispenser Security Vulnerabilities Etisk hackning Sakernas internet Penetrationstestning Hotmodellering STRIDE DREAD Smart foderautomat Säkerhet Sårbarheter Computer and Information Sciences Data- och informationsvetenskap
165	ASSESSING COMMON CONTROL DEFICIENCIES IN CMMC NON-COMPLIANT DOD CONTRACTORS Vijayaraghavan Sundararajan (12980984) 05 July 2022 (has links) <p> As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800-171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This thesis examines the most commonly identified security control deficiencies faced, the attacks mitigated by addressing these deficiencies, and suggested remediations, to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. By working with a compliance service provider, an analysis is done on how companies are undergoing and implementing important changes in their processes, to protect crucial information from ever-growing and looming cyber threats. </p> Data security and protection Hardware security Software and application security System and network security Information security management Security Control Deficiency Mitigation CMMC NIST SP 800-171 Assessment Control Family Cybersecurity Remediation Cyber-attacks Vulnerabilities
166	Static Analysis Of Client-Side JavaScript Code To Detect Server-Side Business Logic Vulnerabilities / Statisk analys av JavaScript-kod på klientsidan för att upptäcka sårbarheter i affärslogiken på serversidan van der Windt, Frederick January 2023 (has links) In the real world, web applications are crucial in various domains, from e-commerce to finance and healthcare. However, these applications are not immune to vulnerabilities, particularly in business logic. Detecting such vulnerabilities can be challenging due to the complexity and diversity of application functionality. Consequently, there is a growing need for automated tools and techniques to aid in identifying business logic vulnerabilities. This research study investigates the efficacy of static analysis techniques in detecting server-side business logic vulnerabilities through the analysis of client-side JavaScript code. The study explores various analysis techniques, including code parsing, data flow analysis as detection methods, and their application in identifying potential vulnerabilities. This thesis also identifies common flaws contributing to business logic vulnerabilities, such as insufficient input validation, insecure access controls, and flawed decision-making logic. The effectiveness of static analysis techniques in pinpointing server-side business logic vulnerabilities is evaluated, revealing promising results, particularly in detecting parameter manipulation vulnerabilities. Notably, the study discovered vulnerabilities in two live applications that could lead to severe financial problems, underscoring the real-world implications of these vulnerabilities. However, challenges such as false positives and the need for manual verification are also acknowledged. The study concludes by proposing improvements and future research directions, including exploring advanced techniques like machine learning and natural language processing and integrating dynamic analysis and real-world testing scenarios to enhance the accuracy and efficiency of static analysis. The findings contribute to the understanding of utilizing static analysis techniques for detecting server-side business logic vulnerabilities, offering insights for developing more robust and efficient vulnerability detection tools. / I den verkliga världen är webbapplikationer avgörande inom olika områden, från e-handel till finans och sjukvård. Dessa applikationer är dock inte immuna mot sårbarheter, särskilt inte i affärslogiken. Att upptäcka sådana sårbarheter kan vara en utmaning på grund av komplexiteten och mångfalden i applikationernas funktionalitet. Därför finns det ett växande behov av automatiserade verktyg och tekniker som kan hjälpa till att identifiera sårbarheter i affärslogiken. Denna forskningsstudie undersöker hur effektiva statiska analystekniker är för att upptäcka sårbarheter i affärslogiken på serversidan genom analys av JavaScript-kod på klientsidan. Studien utforskar olika analystekniker, inklusive kodparsing, dataflödesanalys som detektionsmetoder, och deras tillämpning för att identifiera potentiella sårbarheter. Avhandlingen identifierar också vanliga brister som bidrar till sårbarheter i affärslogiken, såsom otillräcklig validering av indata, osäkra åtkomstkontroller och bristfällig logik för beslutsfattande. Effektiviteten hos statiska analystekniker för att hitta sårbarheter i affärslogiken på serversidan utvärderas och visar på lovande resultat, särskilt när det gäller att upptäcka sårbarheter i parametermanipulation. I studien upptäcktes sårbarheter i två live-applikationer som kan leda till allvarliga ekonomiska problem, vilket understryker de verkliga konsekvenserna av dessa sårbarheter. Utmaningar som falska positiva resultat och behovet av manuell verifiering erkänns dock också. Studien avslutas med förslag på förbättringar och framtida forskningsinriktningar, inklusive utforskning av avancerade tekniker som maskininlärning och naturlig språkbehandling och integrering av dynamisk analys och verkliga testscenarier för att förbättra noggrannheten och effektiviteten hos statisk analys. Resultaten bidrar till förståelsen för att använda statiska analystekniker för att upptäcka sårbarheter i affärslogik på serversidan, och ger insikter för att utveckla mer robusta och effektiva verktyg för sårbarhetsdetektering. JavaScript Static Analysis Business Logic Vulnerabilities Client-side Fuzzing Black-box JavaScript statisk analys sårbarheter i affärslogiken klientsidan Fuzzing Black-box Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
167	Études des leucémies de l’enfant induites par les oncogènes de fusion NUP98::KDM5A et CBFA2T3::GLIS2 Roussy, Mathieu 12 1900 (has links) Acute myeloid leukemia (AML) is a genetically heterogeneous disease and represents about 20% of pediatric leukemias. Survival rates vary depending on subtypes but are particularly unfavorable for acute megakaryoblastic leukemia (AMKL), a rare subtype of AML that usually affects children under 3 years old (≤ 30% survival for certain subtypes of AMKL). In pediatrics, genetic rearrangement leading to the expression of a chimeric fusion gene are present in many cases and are considered initiator events in the development of leukemia. In AMKL cases, more than 70% of them exhibit such rearrangement. Several of these chimeric transcripts, such as NUP98::KDM5A and CBFA2T3::GLIS2, occur in a higher proportion of cases. The analysis of the transcriptome from pediatric leukemic cases allowed us to identify new chimeric fusion transcripts in pediatric leukemias. Specifically, we discovered BPTF as a new fusion partner of NUP98 in the case of acute megakaryoblastic leukemia (AMKL), and the ACIN1::NUTM1 fusion in B-cell lymphoid leukemias. These studies have refined the molecular classification of these leukemias and provided tools for diagnosis and disease monitoring. The hypothesis of my thesis is that the NUP98::KDM5A and CBFA2T3::GLIS2 fusions are oncogenic and their expression in normal human hematopoietic and progenitor cells leads to transformation into acute megakaryoblastic leukemia in immunodeficient recipient mice, allowing for the generation of renewable xenograft models. My work has contributed to the generation of AMKL models with NUP98::KDM5A (N5A) and CBFA2T3::GLIS2 (CG2) fusions. To do this, we optimized a pipeline for transducing these chimeric genes in CD34+ cells isolated from cord blood, followed by transplantation into immunodeficient mice. These xenograft models phenocopy the leukemia of patients from a morphological, immunophenotypic, and transcriptomic standpoint. These synthetic AMKL models can be serially transplanted into mice and have a high frequency of leukemic stem cells. I also contributed to the development of a unique patient-derived xenograft (PDX) model derived from primary cells of a patient with an NUP98::BPTF genotype AMKL leukemia. These synthetic and PDX models then served as substrates for my experiments and those of several members of our laboratory. My research has allowed us to identify and characterize new biomarkers specific to NUP98- rearranged and CBFA2T3::GLIS2 positive AMKL. Taking advantage of the biomass generated by these AMKL leukemia models, we conducted transcriptomic and proteomic studies of the membrane surface. These results were compared to normal cells isolated from cord blood to identify several surface proteins specific to each leukemia genotype and shed light on new potential biomarkers. Furthermore, we confirmed the sensitivity of our AMKL models to JAK-STAT pathway inhibitors and performed synergy assays between JAK-STAT and the PI3K-AKT-mTOR pathway inhibitors. These experiments demonstrated the synergistic induction of apoptosis in our models upon the combine exposure to JAK-STAT and PI3K-AKT-mTOR pathway inhibitors. These works allowed us to identify potential therapeutic vulnerabilities of AMKL. Finally, since research on AMKL is affected by the limited number of patient samples, the human models and molecular data presented in this thesis constitute an invaluable resource to accelerate translational research for these high-risk leukemias. / La leucémie myéloïde aiguë (LMA) est une maladie hétérogène sur le plan génétique et représente environ 20% des leucémies pédiatriques. Les taux de survie varient selon les sous- types mais sont particulièrement défavorables pour les leucémies aiguës mégacaryoblastiques (AMKL), un sous-type rare de LMA touchant généralement les enfants de moins de 3 ans (≤ 30% de survie pour certains sous-types d’AMKL). En pédiatrie, les réarrangements génétiques entraînant l’expression d’un gène de fusion chimérique sont présentes dans un grand nombre de cas et sont considérées comme des événements initiateurs à l’origine de la leucémie. Chez les leucémies de type AMKL, c’est plus de 70% des cas qui présentent un tel réarrangement. Quelques-uns de ces transcrits chimériques, tels que NUP98::KDM5A et CBFA2T3::GLIS2, surviennent dans une plus grande proportion des cas. Dans le cadre de mes recherches, l’analyse du transcriptome de leucémies pédiatriques nous ont permis de mettre en évidence de nouveaux transcrits chimériques. Notamment, nous avons découvert BPTF comme étant un nouveau partenaire de fusion de NUP98 dans le cas d’une AMKL, ainsi que la fusion ACIN1::NUTM1 chez des leucémies lymphoïdes à cellules B. Ces travaux ont permis de raffiner la classification moléculaire de ces leucémies et propose de nouvelles approches pour le diagnostic et le suivi de la maladie. L’hypothèse de ma thèse est que les fusions NUP98::KDM5A et CBFA2T3::GLIS2 sont oncogéniques et leur expression chez des cellules souches hématopoïétiques et progénitrices humaines normales entraîne une transformation en leucémie aiguë mégacaryoblastique dans les souris receveuses immunodéficientes, permettant de générer des modèles de xénogreffe. Mes travaux ont contribué à la génération de modèles d’AMKL arborant les fusions NUP98::KDM5A ainsi que CBFA2T3::GLIS2. Pour ce faire, nous avons optimisé un processus de transduction de ces gènes chimériques chez des cellules CD34+ isolées de sang de cordon, suivi de transplantation chez la souris immunodéficiente. Ces modèles de xénogreffe récapitulent la leucémie des patients aux points de vue morphologique, immunophenotypique et transcriptomique. Ces modèles synthétiques d’AMKL peuvent être transplantés de manière sériée en souris et présentent une fréquence élevée de cellules souches leucémiques. De plus, nous avons aussi développé un modèle pdx unique (patient derived xenograft) dérivé des cellules primaires d’un patient atteint d’une leucémie AMKL présentant la fusions NUP98::BPTF. Ces modèles synthétiques et pdx ont ensuite servi de substrats à mes expériences ainsi que celles de plusieurs membres du laboratoire. Mes recherches ont permis d’identifier et de caractériser de nouveaux biomarqueurs spécifiques aux AMKL présentant un transcrit de NUP98 réarrangé et CBFA2T3::GLIS2. Tirant avantage de la biomasse générée par ces modèles de leucémie AMKL, nous avons fait des études transcriptomiques et protéomiques de la surface membranaire de nos modèles. Ces résultats furent comparés aux cellules normales isolées de sang de cordon afin d’identifier plusieurs protéines de surface spécifiques aux leucémies initiées par NUP98 réarrangé et CBFA2T3::GLIS2 afin de mettre en lumière de nouveaux biomarqueurs potentiels. De plus, nous avons aussi confirmé la sensibilité de nos modèles AMKL aux inhibiteurs de la voie JAK-STAT ainsi que démontré l’induction synergique de l’apoptose de nos modèles en présence des inhbitieurs combinés des voies JAK-STAT et PI3K-AKT-mTOR. Finalement, puisque la recherche sur les AMKL est ralentie par la quantité limitante d’échantillons de patient, les modèles humains et les données moléculaires présentés dans cette thèse constituent une ressource inestimable afin d’accélérer la recherche translationnelle pour ces leucémies à haut risque. Leucémie Mégacaryoblastique NUP98::KDM5A NUP98::BPTF CBFA2T3::GLIS2 Biomarqueurs PI3K-AKT-mTOR JAK-STAT Outils diagnostic vulnérabilités thérapeutiques Leukemia Megakaryoblastic Diagnostic tools Biomarker Therapeutic vulnerabilities Oncology / Oncologie (UMI : 0992)
168	PREVENTING DATA POISONING ATTACKS IN FEDERATED MACHINE LEARNING BY AN ENCRYPTED VERIFICATION KEY Mahdee, Jodayree 06 1900 (has links) Federated learning has gained attention recently for its ability to protect data privacy and distribute computing loads [1]. It overcomes the limitations of traditional machine learning algorithms by allowing computers to train on remote data inputs and build models while keeping participant privacy intact. Traditional machine learning offered a solution by enabling computers to learn patterns and make decisions from data without explicit programming. It opened up new possibilities for automating tasks, recognizing patterns, and making predictions. With the exponential growth of data and advances in computational power, machine learning has become a powerful tool in various domains, driving innovations in fields such as image recognition, natural language processing, autonomous vehicles, and personalized recommendations. traditional machine learning, data is usually transferred to a central server, raising concerns about privacy and security. Centralizing data exposes sensitive information, making it vulnerable to breaches or unauthorized access. Centralized machine learning assumes that all data is available at a central location, which is only sometimes practical or feasible. Some data may be distributed across different locations, owned by different entities, or subject to legal or privacy restrictions. Training a global model in traditional machine learning involves frequent communication between the central server and participating devices. This communication overhead can be substantial, particularly when dealing with large-scale datasets or resource-constrained devices. / Recent studies have uncovered security issues with most of the federated learning models. One common false assumption in the federated learning model is that participants are the attacker and would not use polluted data. This vulnerability enables attackers to train their models using polluted data and then send the polluted updates to the training server for aggregation, potentially poisoning the overall model. In such a setting, it is challenging for an edge server to thoroughly inspect the data used for model training and supervise any edge device. This study evaluates the vulnerabilities present in federated learning and explores various types of attacks that can occur. This paper presents a robust prevention scheme to address these vulnerabilities. The proposed prevention scheme enables federated learning servers to monitor participants actively in real-time and identify infected individuals by introducing an encrypted verification scheme. The paper outlines the protocol design of this prevention scheme and presents experimental results that demonstrate its effectiveness. / Thesis / Doctor of Philosophy (PhD) / federated learning models face significant security challenges and can be vulnerable to attacks. For instance, federated learning models assume participants are not attackers and will not manipulate the data. However, in reality, attackers can compromise the data of remote participants by inserting fake or altering existing data, which can result in polluted training results being sent to the server. For instance, if the sample data is an animal image, attackers can modify it to contaminate the training data. This paper introduces a robust preventive approach to counter data pollution attacks in real-time. It incorporates an encrypted verification scheme into the federated learning model, preventing poisoning attacks without the need for specific attack detection programming. The main contribution of this paper is a mechanism for detection and prevention that allows the training server to supervise real-time training and stop data modifications in each client's storage before and between training rounds. The training server can identify real-time modifications and remove infected remote participants with this scheme. Federated Learning Data Poisoning Attacks Security Vulnerabilities Model Aggregation Edge Server Supervision Attack Evaluation Prevention Scheme Real-time Monitoring Encrypted Verification Protocol Design Experimental Results Participant Identification Robustness in FL Machine Learning Security Model Integrity
169	Étude de la régulation des profils métaboliques par la méthyltransférase Enhancer of Zeste Homologue 2 dans le cancer du sein triple négatif St-Arnaud, Myriame 12 1900 (has links) Les cancers du sein triple-négatifs (CSTN) présentent un taux élevé de récidive dû à la résistance aux chimiothérapies. Les adaptations du métabolisme cellulaire dans les CSTN contribuent à la résistance thérapeutique. Des changements du métabolisme de la glycolyse ou des acides aminés, peuvent permettre aux cellules de CSTN de s’adaptent rapidement en situation de stress. Toutefois, de nouvelles vulnérabilités peuvent être exposées chez les cellules du CSTN au cours de ces adaptations métaboliques. La méthyltransférase Enhancer of Zest Homologe 2 (EZH2) est connue pour son rôle dans l’identité cellulaire et la régulation de l’expression génique. Récemment, il a été montré qu’EZH2 joue un rôle dans la reprogrammation cellulaire des CSTN et contribue au développement de la résistance à la chimiothérapie. Mais les implications de cette reprogrammation sur le métabolisme des cellules CSTN, ne sont pas encore clairement identifiées. Ce projet a pour but d’étudier si les modifications épigénétiques résultant de l’activité d’EZH2 contribuent à la régulation du métabolisme cellulaire et permet les adaptations métaboliques dans les CSTN. Dans cette étude, nous utilisons les molécules UNC1999 et EPZ-4638, deux inhibiteurs sélectifs de l’activité enzymatique d’EZH2. Par des approches génomiques, transcriptomiques et métabolomiques, nous montrons que l’inhibition pharmacologique d’EZH2 induit des changements métaboliques caractérisés par une perturbation de la glycolyse et une résistance accrue à la privation de glucose. Nous observons aussi une augmentation de la dépendance à la glutamine et une utilisation accrue de la glutamine intracellulaire lors de l’inhibition d’EZH2. Ces vulnérabilités constituent des cibles potentielles pour un traitement concomitant avec le UNC1999. Finalement, nous proposons un mécanisme impliquant le facteur de transcription Estrogen Related Receptor-alpha (ERR) comme médiateur contribuant à l’effet métabolique résultant de l’inhibition d’EZH2 dans les CSTN. Les données préliminaires présentées dans ce mémoire proposent pour la première fois que les inhibiteurs d’EZH2 pourraient être utilisés pour induire des vulnérabilités métaboliques qui pourraient potentiellement être exploitées dans les CSTN. / Triple-negative breast cancers (TNBC) have a high rate of recurrence due to resistance to chemotherapy. Adaptations of cellular metabolism in TNBCs contribute to therapeutic resistance. Changes in glycolysis or amino acid metabolism may allow TNBC cells to adapt rapidly under stress. However, new and potentially targetable vulnerabilities may be exposed in TNBC cells during these metabolic adaptations. Methyltransferase Enhancer of Zest Homologue 2 (EZH2) is known for its role in cell identity and regulation of gene expression. Recently, EZH2 was shown to play a role in the cellular reprogramming of TNBCs and to contribute to the development of resistance to chemotherapy. But the implications of this reprogramming on the TNBC metabolism are not yet clearly identified. This project aims to investigate whether epigenetic modifications resulting from EZH2 activity contribute to the regulation of cellular metabolism and enable metabolic adaptations in TNBCs. In this study, we use the molecules UNC1999 and EPZ-4638, two selective inhibitors of the enzymatic activity of EZH2. Using genomic, transcriptomic and metabolomic approaches, we show that pharmacological inhibition of EZH2 induces metabolic changes characterized by disruption of glycolysis and increased resistance to glucose starvation. We also observe an increase in glutamine dependence and increased use of intracellular glutamine upon inhibition of EZH2. We show that these vulnerabilities are potential targets for concurrent treatment with UNC1999. Finally, we propose a mechanism proposing that the transcription factor Estrogen Related Receptor-alpha (ERR) contributes to the metabolic effect resulting from EZH2 inhibition in TNBCs. The preliminary data presented in this thesis propose for the first time that EZH2 inhibitors could be used to induce metabolic vulnerabilities that may potentially be exploited in TNBC. Cancer du sein triple négatif EZH2 Métabolisme Épigénétique Glutamine UNC1999 EPZ-4638 Vulnérabilités métaboliques Cibles thérapeutiques Triple Negative Breast Cancer Metabolism Epigenetic Metabolic Vulnerabilities Therapeutic Targets
170	Towards Understanding and Securing the OSS Supply Chain Vu Duc, Ly 14 March 2022 (has links) Free and Open-Source Software (FOSS) has become an integral part of the software supply chain in the past decade. Various entities (automated tools and humans) are involved at different stages of the software supply chain. Some actions that occur in the chain may result in vulnerabilities or malicious code injected in a published artifact distributed in a package repository. At the end of the software supply chain, developers or end-users may consume the resulting artifacts altered in transit, including benign and malicious injection. This dissertation starts from the first link in the software supply chain, ‘developers’. Since many developers do not update their vulnerable software libraries, thus exposing the user of their code to security risks. To understand how they choose, manage and update the libraries, packages, and other Open-Source Software (OSS) that become the building blocks of companies’ completed products consumed by end-users, twenty-five semi-structured interviews were conducted with developers of both large and small-medium enterprises in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. Although there are many observations about developers’ attitudes on selecting dependencies for their projects, additional quantitative work is needed to validate whether behavior matches or whether there is a gap. Therefore, we provide an extensive empirical analysis of twelve quality and popularity factors that should explain the corresponding popularity (adoption) of PyPI packages was conducted using our tool called py2src. At the end of the software supply chain, software libraries (or packages) are usually downloaded directly from the package registries via package dependency management systems under the comfortable assumption that no discrepancies are introduced in the last mile between the source code and their respective packages. However, such discrepancies might be introduced by manual or automated build tools (e.g., metadata, Python bytecode files) or for evil purposes (malicious code injects). To identify differences between the published Python packages in PyPI and the source code stored on Github, we developed a new approach called LastPyMile . Our approach has been shown to be promising to integrate within the current package dependency management systems or company workflow for vetting packages at a minimal cost. With the ever-increasing numbers of software bugs and security vulnerabilities, the burden of secure software supply chain management on developers and project owners increases. Although automated program repair approaches promise to reduce the burden of bug-fixing tasks by suggesting likely correct patches for software bugs, little is known about the practical aspects of using APR tools, such as how long one should wait for a tool to generate a bug fix. To provide a realistic evaluation of five state-of-the-art APR tools, 221 bugs from 44 open-source Java projects were run within a reasonable developers’ time and effort.

Search results