Mapping out the Key Security Components in Relational Databases (MK-SCoRe) : Enhancing the Security of Relational Database Technology / Kartläggning av Nyckelkomponenter för Säkerhet i Relationsdatabaser (MK-SCoRe) : Förbättring av Säkerheten i Relationsdatabasteknik

Alobaidi, Murtadha, Trabulsiah, Abdullah

January 2024

Relational database security has become an increasingly important issue for organizations worldwide in the current era of data-driven operations. The urgent need for an extensive knowledge of relational database security components in relational databases is addressed in this thesis. Database security is constantly improving, but there is still a lack of research that analyzes these important factors. Because of this gap, databases are not sufficiently secured from new cyber threats, which endangers its accessibility, confidentiality, and integrity. The problem that the thesis addresses is the lack of comprehensive research covering all key security components in relational databases which, presents a challenge for organizations seeking to comprehensively secure their database systems. The purpose of this thesis is to systematically map the key security components essential to relational databases. The goal is to assist organizations and Database professionals to secure their relational databases against diverse cyber threats. Using a qualitative and exploratory methodology, the research analyzes a wide range of literature on database security. The research offers a balanced and comprehensive perspective on the current security landscape in relational databases by integrating theoretical study with structured interviews. This method guarantees that all essential security components is fully investigated. The results of this thesis involve a detailed mapping of the key security components within relational databases, which are uniquely informed by a combination of academic research and empirical findings from structured interviews with Database security experts. This thesis analyzes these security components based on how well they address current security threats, how well they secure databases, and how well they can adapt to different organizational needs. / Säkerhet i relationsdatabaser har blivit en allt viktigare fråga för organisationer världen över i den nuvarande eran av datadriven verksamhet. I den här avhandlingen behandlas det akuta behovet av en omfattande kunskap om säkerhetskomponenter för relationsdatabaser i relationsdatabaser. Databassäkerheten förbättras ständigt, men det finns fortfarande en brist på forskning som analyserar dessa viktiga faktorer. På grund av denna brist är databaser inte tillräckligt skyddade mot nya cyberhot, vilket äventyrar deras tillgänglighet, konfidentialitet och integritet. Problemet som avhandlingen tar upp är bristen på omfattande forskning som täcker alla viktiga säkerhetskomponenter i relationsdatabaser, vilket utgör en utmaning för organisationer som vill säkra sina databassystem på ett heltäckande sätt. Syftet med denna avhandling är att systematiskt kartlägga de viktigaste säkerhetskomponenterna som är väsentliga för relationsdatabaser. Målet är att hjälpa organisationer och databasspecialister att säkra sina relationsdatabaser mot olika cyberhot. Med hjälp av en kvalitativ och explorativ metod analyseras ett brett spektrum av litteratur om databassäkerhet. Forskningen erbjuder ett balanserat och omfattande perspektiv på det nuvarande säkerhetslandskapet i relationsdatabaser genom att integrera teoretiska studier med strukturerade intervjuer. Denna metod garanterar att alla väsentliga säkerhetskomponenter undersöks fullständigt. Resultatet av denna avhandling innebär en detaljerad kartläggning av de viktigaste säkerhetskomponenterna inom relationsdatabaser, som är unikt informerade av en kombination av akademisk forskning och empiriska resultat från strukturerade intervjuer med databassäkerhetsexperter. Denna avhandling analyserar dessa säkerhetskomponenter utifrån hur väl de hanterar aktuella säkerhetshot, hur väl de säkrar databaser och hur väl de kan anpassas till olika organisatoriska behov.

Relational Database Security

Database Security

Cyber Threats

Data Protection

Access Control

Database Vulnerabilities

Encryption

Network Security.

Säkerhet i Relationsdatabaser

Databassäkerhet

Cyberhot

Datasäkerhet

Åtkomstkontroll

Sårbarheter i Databaser

Kryptering

Nätverkssäkerhet.

Computer and Information Sciences

Data- och informationsvetenskap

The Human Error : En analys av forskningsläget kring mänskliga faktorer som sårbarhet inom IT-säkerhet / The Human Error : An analysis of the current research on human factors as vulnerabilities in IT security

Olofsson, Emilia, Rasaratnam, Sangeetha

January 2024

Ett samhälle som snabbt förändras av digitaliseringens transformerande kraft är en omfattande och debatterad fråga i vår nutid. Trots de möjligheter den ger, kvarstår utmaningar, särskilt inom IT-säkerhet. Befintlig forskning betonar främst de tekniska aspekterna och försummar det avgörande mänskliga inslaget inom IT-säkerhet. Det rådande forskningsgapet belyser det mänskliga elementet som en betydande sårbarhet för att upprätthålla säkra digitala miljöer. Medan teknologiska skydd är nödvändiga visar de sig ofta otillräckliga utan hänsyn till mänskliga faktorer. Den tänkta studien syftar till att undersöka forskningsläget kring mänskliga faktorer inom IT-säkerhet. Genom en kvalitativ litteraturstudie som primär forskningsstrategi granskas och analyseras vetenskaplig forskning och litteratur systematiskt inom det valda ämnesområdet. Resultatet presenterar i vilken omfattning olika koncept relaterade till mänskliga faktorer inom IT-säkerhet undersöks. Studien bidrar således till en teoretisk kunskapsutveckling för att stärka och skydda digital information och infrastruktur genom att identifiera områden som forskningen är begränsad kring. Denna studie strävar efter att fylla forskningsgapet genom att belysa mänskliga sårbarheter inom IT-säkerhet och vilka koncept som bör undersökas vidare. På så sätt kan studien bidra till en holistisk förståelse av IT-säkerhet, med en balans mellan teknologiska och människocentrerade tillvägagångssätt. / A society rapidly transformed by the transformative power of digitization is a comprehensive and debated issue in our contemporary times. Despite the opportunities it presents, challenges persist, particularly in IT security. Existing research primarily emphasizes the technical aspects while neglecting the crucial human element within IT security. The current research gap highlights the human element as a significant vulnerability in maintaining secure digital environments. While technological safeguards are necessary, they often prove insufficient without consideration of human factors. The intended study aims to investigate the current state of research on human factors in IT security. Through a qualitative literature review as the primary research strategy, scientific research and literature within the chosen subject area are systematically examined and analyzed. The findings present the extent to which various concepts related to human factors in IT security are explored. Thus, the study contributes to theoretical knowledge development to strengthen and protect digital information and infrastructure by identifying areas where research is limited. This study seeks to fill the research gap by highlighting human vulnerabilities in IT security and which concepts should be further investigated. In doing so, the study may contribute to a holistic understanding of IT security, balancing technological and human-centered approaches.

human factors

human error

user error

IT-security

vulnerabilities

risks

prevention measures

security design

user context

mänskliga faktorer

mänskliga fel

användarfel

IT-säkerhet

sårbarheter

risker

förebyggande åtgärder

säkerhetsdesign

användarkontexter

Information Systems, Social aspects

Vivre avec un diabète au Burkina Faso : Pratiques de santé confrontées au modèle global d'autonomie du patient / Living with Diabetes in Burkina Faso : Health practices confronted with the global model of patient autonomy

Surel-Meley, Marie

12 December 2013

Cette thèse propose d’interroger les conditions locales d’insertion d’un modèle de gestion autonome de la maladie chronique dans le contexte d’émergence du diabète comme problème de santé publique au Burkina Faso. La réflexion prend appui sur un corpus ethnographique qui croise des récits d’expérience de la maladie, l’observation d’activités médicales et de pratiques de soins, ainsi que l’expérience singulière de l’anthropologue impliqué dans la quête thérapeutique de son logeur. Une approche socio-ethnologique d’un village bwa permet de caractériser un espace social alimentaire local et d’identifier les dimensions culturelles et sociales de la santé et de la maladie. Des éclairages historiques et politiques sont convoqués pour penser le rapport des patients au système de soins local. Les savoirs ordinaires sur le diabète sont interrogés dans leurs modalités de construction et leurs finalités pratiques. Les itinéraires thérapeutiques des patients révèlent la perception de risques sociaux liés à une individualisation des comportements alimentaires. Une logique de la “débrouillardise“ permet de “contenir“ le diabète dans un contexte d’incertitudes que majore le coût rédhibitoire des traitements. Les limites actuelles d’une médicalisation du diabète sont analysées en regard de la qualité de vie des patients. Cette approche du contexte laisse penser que l’application locale du projet global d’autonomisation des patients fait émerger de nouveaux enjeux au cœur même de la relation de soins. La thèse ouvre sur une réflexion concernant l’articulation des pratiques locales, du modèle global, et du paradigme du care dans la perspective d’une amélioration du quotidien des patients. / This PhD dissertation proposes to examine local conditions of the insertion of a model of self-management of chronic disease in the context of the emergence of diabetes as a public health problem in Burkina Faso. The reflection is based on an ethnographic corpus that includes stories of illness experience, observation of medical activities and care practices, as well as the singular experience of the anthropologist involved in a therapeutic quest for his host. A socio-anthropological approach of a bwa village (Dédougou area) characterizes the local food social space and identifies the cultural and social dimensions of health and disease. Historical and political insights are invited to think about the relationship between patients and the local health system. The modalities of construction and practical purposes of lay knowledge about diabetes are questioned. Therapeutic itineraries of patients reveal the perception of social risks related to individualized eating behaviors. A logic of "resourcefulness" can "manage" diabetes in a context of uncertainty that increases the prohibitive cost of treatment. The current limits of medicalization of diabetes are analyzed with respect to patients’ quality of life. This contextualisation suggests that the local application of the global project to empower patients produces the emergence of new issues at the heart of care relationship. The thesis opens a reflection on the articulation between local practices, global model, and the paradigm of care, understood in the perspective of improving patients’ lives.

Diabète

Anthropologie de la santé

Maladie chronique

Burkina Faso

Expérience de la maladie

Pratiques de santé

Itinéraires thérapeutiques

Savoirs ordinaires

Réseau sémantique

Risque social

Médicalisation

Vulnérabilités

Diabetes

Anthropology of health

Chronic illness

Burkina Faso

Experience of illness

Health practices

Therapeutic quest

Lay knowledge

Semantic network

Social risk

Medicalization

Vulnerabilities

Blockchain Technology : a new domain for Cyber Forensics

Rasool, Muhammad Ahsan, Muhammad Shafiq, Hafiz

January 2018

Traditional database with no prior security measures is becoming challenging in the era of data technology. Database storage on a central location with single point of failure and vulnerable to cyber attacks is getting exposed to big risk of being hacked with the evolution of powerful machines and modern hacking techniques. Since its commencement, the BlockChain technology has shown a promising performance for application buildup in diversed fields of life from cryptocurrency to smart contracts and decentralized applications. Although multiple studies on privacy, data confidentiality and security issues of BlockChain are performed but a systematic examination is still needs attention. In this thesis work we conduct a systematic study about the vulnerabilities of BlockChain system and review the security enhancement solutions that may point to a good future direction for further research into the area of BlockChain technology and its applications. Smart contracts are self-executable objects hosted on the 2nd generation blockchain like Ethereum, carry billions of SEK worth of cryptocoins and cannot be updated once deployed. Smart contracts are generally considered secure objects but the systematic analysis of technology and source code exposes a new class of vulnerabilities which are more likely an ethical aspect of programming than the software coding errors. Besides the literature review we empower our results with a static code analysis especially with the perspective of cyber forensics.

Blockchain

Bitcoin

Ethereum

Ethereum Virtual Machine

Smart Contracts

vulnerabilities

Securify

Remix IDE

Solidity

Locked Funds

Initial Coin Offering

cryptocurrency

attacks

bytecode analysis

wallet

Public Key

Untested Code

Elektroteknik och elektronik

Other Engineering and Technologies

Annan teknik

Computer Systems

Datorsystem

Exchange rate regimes and crises : insights for developing and emerging market economies / Régimes de change et crises : perspectives pour les pays émergents et en voie de développement

Andreou, Irene

09 December 2010

L’objectif de ce travail est d’analyser les implications du choix de régime de change dans les pays émergents et en développement, ainsi que d’apporter des éclaircissements sur les facteurs jouant un rôle important dans le déclenchement des crises (de change, bancaires, financières…) dans ces pays. Pour cela, l’analyse se tourne, dans un premier temps, vers la question du choix de régime de change optimal. Cette partie du travail s’appuie principalement sur un grand nombre de travaux théoriques et empiriques traitant de cette question, pour mettre en lumière les implications de ce choix, tout en tenant compte des particularités du groupe de pays qui font l’objet de cette étude. Dans une deuxième partie nous nous intéressons aux crises et les facteurs qui jouent un rôle majeur dans leur incidence. Ainsi, après une revue des différents modèles de crises afin d’identifier les variables d’intérêt, nous construisons deux modèles de prédiction des crises, ou « d’alarme précoce ». Enfin, la troisième partie du travail rassemble les enseignements tirés des deux parties précédentes pour traiter d’une question qui prend une ampleur croissante dans ces pays : étant donné la logique d’intégration financière mondiale et les avantages présentés par un régime de changes flottants dans un tel contexte, de quelle manière un pays envisageant un sortie vers ce régime de change peut-il la planifier, et à quel moment doit-il l’entreprendre, pour réussir une sortie sans crise majeure, que nous qualifions de sortie « ordonnée » ? Pour répondre à cette question, nous nous appuyons sur des expériences passées qui nous permettent de construire un modèle identifiant les variables susceptibles d’accroître la probabilité d’une sortie ordonnée. Nous complétons ce modèle par quelques considérations supplémentaires qui constituent des conditions importantes à la réussite d’une sortie ordonnée. L’objectif est d’apporter des recommandations susceptibles de faciliter cette transition. / The aim of this work is to analyze the implications of exchange rate regime choice in developing and emerging market economies, as well as highlight the factors that play a major role in the incidence of crises (currency, banking, financial…) in these countries. With this aim in mind, we start our analysis by turning to the question of the choice of the optimal exchange rate regime. This part of our work draws on a large number of both theoretical and empirical works evoking this question in order to determine the implications of this choice, all the while keeping in mind the fact that this particular group of countries present certain characteristics that are usually absent in their industrial counterparts. The second part of our work concentrates more specifically on crises and the factors that play a major role in their occurrence. Therefore, following a brief overview of different crisis models in order to identify the variables of interest, we propose two models for crisis prediction, or “Early Warning Systems”. Finally, the third and final part of our work brings together the conclusions of the earlier parts in order to address an issue that is becoming increasingly important in developing and emerging market economies: given their greater integration in international financial and capital markets, as well as the incontestable advantages of a floating exchange rate regime in such a context, how can a country wishing to exit to a more flexible exchange rate arrangement undertake such a transition, and when, in order to achieve an “orderly” exit, that is, an exit that is not accompanied by a crisis? To answer this question we draw on past experiences to construct a model indentifying the economic variables that might increase the probability of an orderly exit. We complete this model with a number of additional considerations that have recently emerged as important preconditions for an orderly exit, in order to provide some useful policy recommendations facilitating this transition.

Pays Emergents

Régime de Change

Système d’Alarme Précoce

Vulnérabilités Financières

Crise de Change

Crises Jumelles

Politique de Change

Politique Monétaire

Sortie Ordonnée

Zmo

Peur du Flottement

Solutions en Coins

Emerging Economies

Exchange Rate Regimes

Early Warning System

Financial Vulnerabilities

Currency Crises

Twin Crises

Exchange Rate Policy

Monetary Policy

Orderly Exit

Oca

Fear of Floating

Bipolar View

Integrating Trust-Based Adaptive Security Framework with Risk Mitigation to enhance SaaS User Identity and Access Control based on User Behavior

Akpotor Scott, Johnson

January 2022

In recent years, the emerging trends in cloud computing technologies have given rise to different computing services through the Internet. Organizations across the globe have seized this opportunity as a critical business driver for computing resource access and utilities that will indeed support significant business operations. Embracing SaaS as a crucial business factor enhances corporate business strategy through economies of scale, easy manageability, cost-effectiveness, non-geographical dependence, high reliability, flexible resources, and fast innovation. However, this has also come with various risks due to the limitation of traditional user identity and access control solutions’ inability to effectively identify and manage cloud users’ authorization process when interacting with the cloud. The limit can result in a legitimate user account's impersonation to carry out malicious activities after the user account is compromised to go undetected since traditional solutions seldom function based on user behavior trust level behind any account. Furthermore, the limitation is a significant vulnerability to the cloud environment. This vulnerability is known to be exploited by threats that can eventually lead to substantial unacceptable risks that can undermine security principles or requirements such as confidentiality, integrity, and availability. Significant consequences of this risk are categorized into financial damages, legal implications, reputational damages, and regulatory implications to the cloud environment. As a result, a solution that could contribute to the remediation of these potential risks incurred due to the limitation of user identity and access control management was proposed and designed as User Behavior Trust-Based Adaptive Security framework. The design aims to enhance how cloud users' identity and access control might be managed effectively based on a user behavior trust context and adaptation of corresponding access control measures through adaptive security. The design capability was manifested by integrating it into the standard ISO/2705:2018 Risk Management process. Although, there have been several good information security frameworks such as ISO/IEC 27005:2018 and other technical countermeasures such as SaaS Identity & Access Management (IDaaS) to deal with this risk on the public cloud services. However, they are based on static mitigation approaches, so there is a solid need to shift towards a more dynamic strategical approach. The presented design work, User Behavior Trust-Based Adaptive Security framework, intends to serve as a proposed guideline for risk mitigation that would enhance user identity and access control limitations across the cloud. The solution functions by a trust modeling process that evaluates cloud user activities to compute a user behavior comprehensive trust degree. The resulting data is further used as input feeds parameters into a policy decision point process. The policy decision point process adapts the input parameters to user behavior trust level and behavior risk rating to determine the appropriate access control decision. Ultimately, the adaptive security solution consults the policy decision points to dynamically enforce the corresponding controls measures based on the access control decision received as input feed. The report also conducts a risk assessment process to identify vulnerabilities, threats, and risks related to user behavior trust level and risk rating regarding SaaS resources. Then adapt the mitigation solution, User Behavior Trust-Based Adaptive Security framework, as a possible risk treatment within the risk management process ISO/2705:2018. This report uses a design methodology derived from User Behavior Trust Modelling scientific research work, Gartner Adaptive Security Architecture Model, and eXtensible Access Control Markup Language's policy decision point concept. The design evaluates user behavior trust level by the trust modeling, while the integrated policy decision point processes the trust level to make the access control decision which is later enforced by the adaptive security solution. The report further adapts the risk management procedure ISO/2705:2018 to identify risk from user behavior and trust level, then implements the design solution as a possible risk treatment. The research findings were documented as Results and Discussion, where the functional and operational aspects of the designed framework were provided. In addition, the effects of applying the framework as a possible risk treatment solution were observed through conducting an ISO/2705:2018 risk management procedure. The notable outcome of a reduction of identified risk levels was an improvement in user attitude or behavior, which eventually increased user behavior trust level and reduced associated behavior risk. At the same time, the discussion detailed the interpretation of the results, implications, and limitation of the research, why the framework could be considered a remediation solution beyond the state-of-the-art for cloud user identity and access management—precisely by integrating user behavior, trust, policy decision making with adaptive security into risk management process to reduce IDM-associated risk in the SaaS. Finally, this study has outlined the significance of adopting the designed framework as a possible mitigation solution to enhance the shortcomings of user identity and access control management in the cloud. It has demonstrated that SaaS identified risk can be reduced to an acceptable level when user behavior and activities are taken seriously. Insight into the current trust state and associated risk level of cloud users are vital for continuous risk monitoring and reduction. The solution is to be used as a recommended guideline that might significantly contribute to the research community and information security field of cloud security. Future research direction to consider the possibility of simulating and transforming this conceptual and abstract framework into a real-world working solution due to research work limitations. The framework was designed based on recognized and accepted scientific and technological principles and concepts, from user behavior trust modeling, eXtensible access control markup language, and adaptive security architecture. In addition, to extend this concept to a future research area that will focus exclusively on application-processes behavior.

Risk Assessment

Security countermeasure

Risk Management

Risk Mitigation

Adaptive Security Controls

Threats

Risk

Vulnerabilities

User Behavior Trust Degree

User Behavior Risk Rating

Policy Decision Point

Policy Enforcement Point

User Behavior Trust Model

Adaptive Security Architecture

SaaS

Public Cloud.

Computer Systems

Datorsystem

Telecommunications

Telekommunikation

Communication Systems

Kommunikationssystem

Annan elektroteknik och elektronik