Global ETD Search

91	Intervenções de prevenção positiva: uma revisão de literatura / Not informed by the author Fernando Viana de Carvalho Rocco 22 January 2018 (has links) No campo da prevenção ao HIV, a maior parte dos esforços se dedica as pessoas soronegativas que nos programas e pesquisas aparecem como sinônimo de todos. A noção de Prevenção Positiva produzida no âmbito da resposta brasileira , por outro lado, considerou que as PVHA também necessitam de cuidados preventivos únicos. A presente dissertação se propõe a examinar a produção científica que descreve intervenções de prevenção positiva, bem como as suas possíveis contribuições na resposta à epidemia de HIV/AIDS, analisadas na perspectiva informada pelo quadro das vulnerabilidades e dos direitos humanos, que possibilitou a produção de uma noção singular de prevenção positiva ao longo da 3a década de epidemia. Para tanto, utilizamos como método de pesquisa a revisão de escopo (scoping review) que permitiu sintetizar o conhecimento sobre intervenções de prevenção positiva disponibilizadas nas bases de dados escolhidas (CINAHL, ERIC, Lilacs, MedLine, PsycInf, Scopus, Web of Science e Google Acadêmico). Dos 700 artigos recuperados, foram selecionados 15 artigos, a partir dos critérios de busca. Entre outros achados, os estudos confirmaram o entendimento de que, historicamente, a prevenção do HIV se constituiu no campo sócio-comportamental. Não à toa, as intervenções centraram-se quase inteiramente na prevenção da transmissão do HIV e controle da epidemia, não no bem-estar das pessoas vivendo com HIV. Discutimos que as intervenções disponíveis na literatura, apesar da esperada inovação cunhada como prevenção positiva, sustentam a mesma prioridade de proteger as pessoas HIV negativas de serem infectadas por seus parceiros HIV positivos e perdem a oportunidade de inovar programas existentes, a partir do momento que não levam em conta os contextos diferentes de vulnerabilidade social e ação programática, que excluem os marcadores de [8] desigualdade (como classe ou gênero) e os projetos de cada pessoa vivendo com HIV na sua vida cotidiana e sua vulnerabilidade pessoal. Defendemos a maior produtividade de uma concepção que supere esse modelo que leva à culpabilização das PVHA e à sobreposição de estigmas que enfrentam, para fortalecer uma noção de prevenção solidária e compartilhada realizada em intervenções de prevenção positiva balizadas pela atenção integral à saúde e pela defesa e promoção dos direitos humanos das pessoas afetadas pela AIDS / In the HIV prevention field, most part of the emissions are dedicated as seronegative people that appear in programs and researches as synonymous of all. The notion of Positive Prevention produced within the scope of the Brazilian response, conversely, considered that PLWHA also need single preventive care. This thesis proposes to examine the scientific production that describes positive prevention interventions as well as their possible contributions for the response to HIV/AIDS epidemic, analyzed from an informed perspective by the vulnerability and human rights framework, which made possible the production of single notion about the positive prevention throughout the 3rd epidemics decade. For this purpose, was used as a research method, a scoping review that allowed synthesizing knowledge about positive prevention interventions available in the chosen databases (CINAHL, ERIC, Lilacs, MedLine, PsycInf, Scopus, Web of Science and Google Scholar). Of the 700 recovered articles, were selected 15 articles based on the search criteria. Among other discoveries, the studies confirmed the understanding that, historically, HIV prevention has been in the socio-behavorial field. Not by accident, the interventions focused almost entirely on preventing HIV transmissions and controlling the epidemic, not on the well-being of people living with HIV. Was discussed that interventions available in the literature, despite the expected innovation named as positive prevention, support the same priority in protecting HIV negative people from being infected by their HIV positive partners and miss the opportunity to innovate existing programs, from the moment that they dont consider the distinct contexts of social vulnerability and programmatic action that exclude markers of inequality (such as class or gender) and the projects of each person living with HIV in their daily lives and personal vulnerability. We defend the higher productivity of a conception that [10] overcome this model that blames the PLWHA and the overlapping of stigmas they face in order to strengthen the notion of solidarity and shared prevention carried out in interventions of positive prevention defined by integral health care and the defense and promotion of the Human Rights of people affected by AIDS Direitos humanos HIV Prevenção e controle Prevenção positiva Vulnerabilidades em saúde HIV Human rights Positive prevention Prevention and control Vulnerabilities in health
92	Retour à l'emploi après un cancer : une situation conflictuelle sur le plan psychologique / Return to work after a cancer : a psychological conflict Blasi, Géraldine de 09 November 2015 (has links) Cette étude exploratoire a pour objectifs de cerner les modalités de réaction des personnes atteintes de cancer face à la reprise du travail et de repérer les ressources ou les facteurs de vulnérabilité face à cette reprise. Quatre-vingts sujets sont répartis en trois groupes : 33 sujets qui ne bénéficient d’aucun accompagnement spécifique, 44 sujets reçus à la consultation d’aide à la reprise du travail après un cancer du CHU de Rouen et 3 sujets qui ne souhaitent plus reprendre le travail. Les caractéristiques psychologiques, médicales et socioprofessionnelles des sujets non consultants et des sujets consultants sont comparées. Les données relatives aux sujets qui ont abandonné leur projet de reprise du travail sont analysées sur un plan qualitatif. Nous nous attendions à ce que les sujets consultants soient plus vulnérables que les sujets non consultants. Nos résultats soulignent que les sujets des deux groupes ne sont pas si différents. Les facteurs de vulnérabilité présentés par les sujets consultants n’ont pas eu d’incidence sur la reprise du travail. L’aide de la consultation a pu favoriser une forme de résilience et l’autonomie psychique chez ces sujets. Les situations des sujets qui ne souhaitent plus reprendre un travail ont amené des éléments de compréhension face à la sortie de l’emploi après le diagnostic de cancer. Ce travail confirme la singularité de chaque situation de cancer et souligne un besoin spécifique à cette population, celui d’un accompagnement individualisé. Celui-ci doit être envisagé tout au long du processus de reprise du travail pour prévenir des difficultés susceptibles d’apparaître bien au-delà de cette reprise. / This exploratory study aims to identify the modalities of reaction of people with cancer who face the resumption of work and identify the resources or the vulnerabilities facing return to work. Eighty persons divided into three groups: 33 persons who return to work without accompaniment, 44 persons who solicit the department of ‘return to work after a cancer’ (University Hospital of Rouen) and 3 persons who no longer wish to return to work. The psychological, medical, social and professional characteristics of non consultants and consultants are compared. A qualitative analysis (case studies) is performed for the results concerning the three persons that have abandoned their plans to return to work. We expected that consultants are more vulnerable than non consultants. Our results emphasize that both groups are not so different. The vulnerability factors presented by consultants did not have any impact on return to work. The help provided by the department had probably promoted a form of resilience and psychological autonomy for these patients. The situations of persons that have no intention to return to work have highlighted elements of understanding of the reasons which encourage them to quit their job after cancer diagnosis. This study confirms the uniqueness of each situation of cancer. Our results highlight a specific need for this population that of an individualized support. The possibility of being supported throughout the return to work process should be considered in order to prevent issues that may appear beyond this resumption. Cancer Retour à l’emploi Vulnérabilités Ressources Conflit vie privée- vie professionnelle Cancer Return to work Vulnerabilities Resources Work-Family conflict
93	La sécurité économique à l’épreuve de la mondialisation / Economic security in a context of globalization Mahjoub, Saad 26 June 2015 (has links) Cette thèse a pour objet d'étudier la sécurité économique dans un contexte de mondialisation. Au sens large du terme la sécurité économique est l’absence de menaces contre le patrimoine économique. La protection de ce patrimoine est effectuée par de nombreuses mesures et politiques et des instruments juridiques. L’intelligence économique avec ses outils a permis le passage d’une sécurité strictement passive à une sécurité active. Les politiques liées à la protection du patrimoine économique s’opèrent par une coopération entre le public et le privé. La recherche met l’accent sur la notion de sécurité économique à l’épreuve de la mondialisation, permettant d’analyser de façon globale les menaces et les politiques de riposte dans un environnement de globalisation économique. / This thesis has for object to study the economic security in a context of globalization. In the broad sense term the economic security is the absence of threats against the economic heritage. The protection of this heritage is carried by many measures and policies and legal instruments. The competitive intelligence with its tools allowed the passage of a strictly passive security an active security. The policies related to economic heritage protection take place by cooperation between the public and the private sector. The search emphasizes the notion of economic security in the event of the globalization, allowing to analyse in a global way the threats and the policies of retort in an environment of economic globalization. Sécurité économique Mondialisation Intelligence économique Patriotisme économique Menaces Vulnérabilités Economic security Globalization Competitive intelligence Economic Patriotism Threats Vulnerabilities 320
94	Cyber-security protection techniques to mitigate memory errors exploitation Marco Gisbert, Héctor 04 November 2016 (has links) [EN] Practical experience in software engineering has demonstrated that the goal of building totally fault-free software systems, although desirable, is impossible to achieve. Therefore, it is necessary to incorporate mitigation techniques in the deployed software, in order to reduce the impact of latent faults. This thesis makes contributions to three memory corruption mitigation techniques: the stack smashing protector (SSP), address space layout randomisation (ASLR) and automatic software diversification. The SSP is a very effective protection technique used against stack buffer overflows, but it is prone to brute force attacks, particularly the dangerous byte-for-byte attack. A novel modification, named RenewSSP, has been proposed which eliminates brute force attacks, can be used in a completely transparent way with existing software and has negligible overheads. There are two different kinds of application for which RenewSSP is especially beneficial: networking servers (tested in Apache) and application launchers (tested on Android). ASLR is a generic concept with multiple designs and implementations. In this thesis, the two most relevant ASLR implementations of Linux have been analysed (Vanilla Linux and PaX patch), and several weaknesses have been found. Taking into account technological improvements in execution support (compilers and libraries), a new ASLR design has been proposed, named ASLR-NG, which maximises entropy, effectively addresses the fragmentation issue and removes a number of identified weaknesses. Furthermore, ASLR-NG is transparent to applications, in that it preserves binary code compatibility and does not add overheads. ASLR-NG has been implemented as a patch to the Linux kernel 4.1. Software diversification is a technique that covers a wide range of faults, including memory errors. The main problem is how to create variants, i.e. programs which have identical behaviours on normal inputs but where faults manifest differently. A novel form of automatic variant generation has been proposed, using multiple cross-compiler suites and processor emulators. One of the main goals of this thesis is to create applicable results. Therefore, I have placed particular emphasis on the development of real prototypes in parallel with the theoretical study. The results of this thesis are directly applicable to real systems; in fact, some of the results have already been included in real-world products. / [ES] La creación de software supone uno de los retos más complejos para el ser humano ya que requiere un alto grado de abstracción. Aunque se ha avanzado mucho en las metodologías para la prevención de los fallos software, es patente que el software resultante dista mucho de ser confiable, y debemos asumir que el software que se produce no está libre de fallos. Dada la imposibilidad de diseñar o implementar sistemas libres de fallos, es necesario incorporar técnicas de mitigación de errores para mejorar la seguridad. La presente tesis realiza aportaciones en tres de las principales técnicas de mitigación de errores de corrupción de memoria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) y Automatic Software Diversification. SSP es una técnica de protección muy efectiva contra ataques de desbordamiento de buffer en pila, pero es sensible a ataques de fuerza bruta, en particular al peligroso ataque denominado byte-for-byte. Se ha propuesto una novedosa modificación del SSP, llamada RenewSSP, la cual elimina los ataques de fuerza bruta. Puede ser usada de manera completamente transparente con los programas existentes sin introducir sobrecarga. El RenewSSP es especialmente beneficioso en dos áreas de aplicación: Servidores de red (probado en Apache) y lanzadores de aplicaciones eficientes (probado en Android). ASLR es un concepto genérico, del cual hay multitud de diseños e implementaciones. Se han analizado las dos implementaciones más relevantes de Linux (Vanilla Linux y PaX patch), encontrándose en ambas tanto debilidades como elementos mejorables. Teniendo en cuenta las mejoras tecnológicas en el soporte a la ejecución (compiladores y librerías), se ha propuesto un nuevo diseño del ASLR, llamado ASLR-NG, el cual: maximiza la entropía, soluciona el problema de la fragmentación y elimina las debilidades encontradas. Al igual que la solución propuesta para el SSP, la nueva propuesta de ASLR es transparente para las aplicaciones y compatible a nivel binario sin introducir sobrecarga. ASLR-NG ha sido implementado como un parche del núcleo de Linux para la versión 4.1. La diversificación software es una técnica que cubre una amplia gama de fallos, incluidos los errores de memoria. La principal dificultad para aplicar esta técnica radica en la generación de las "variantes", que son programas que tienen un comportamiento idéntico entre ellos ante entradas normales, pero tienen un comportamiento diferenciado en presencia de entradas anormales. Se ha propuesto una novedosa forma de generar variantes de forma automática a partir de un mismo código fuente, empleando la emulación de sistemas. Una de las máximas de esta investigación ha sido la aplicabilidad de los resultados, por lo que se ha hecho especial hincapié en el desarrollo de prototipos sobre sistemas reales a la par que se llevaba a cabo el estudio teórico. Como resultado, las propuestas de esta tesis son directamente aplicables a sistemas reales, algunas de ellas ya están siendo explotadas en la práctica. / [CAT] La creació de programari suposa un dels reptes més complexos per al ser humà ja que requerix un alt grau d'abstracció. Encara que s'ha avançat molt en les metodologies per a la prevenció de les fallades de programari, és palès que el programari resultant dista molt de ser confiable, i hem d'assumir que el programari que es produïx no està lliure de fallades. Donada la impossibilitat de dissenyar o implementar sistemes lliures de fallades, és necessari incorporar tècniques de mitigació d'errors per a millorar la seguretat. La present tesi realitza aportacions en tres de les principals tècniques de mitigació d'errors de corrupció de memòria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) i Automatic Software Diversification. SSP és una tècnica de protecció molt efectiva contra atacs de desbordament de buffer en pila, però és sensible a atacs de força bruta, en particular al perillós atac denominat byte-for-byte. S'ha proposat una nova modificació del SSP, RenewSSP, la qual elimina els atacs de força bruta. Pot ser usada de manera completament transparent amb els programes existents sense introduir sobrecàrrega. El RenewSSP és especialment beneficiós en dos àrees d'aplicació: servidors de xarxa (provat en Apache) i llançadors d'aplicacions eficients (provat en Android). ASLR és un concepte genèric, del qual hi ha multitud de dissenys i implementacions. S'han analitzat les dos implementacions més rellevants de Linux (Vanilla Linux i PaX patch), trobant-se en ambdues tant debilitats com elements millorables. Tenint en compte les millores tecnològiques en el suport a l'execució (compiladors i llibreries), s'ha proposat un nou disseny de l'ASLR: ASLR-NG, el qual, maximitza l'entropia, soluciona el problema de la fragmentació i elimina les debilitats trobades. Igual que la solució proposada per al SSP, la nova proposta d'ASLR és transparent per a les aplicacions i compatible a nivell binari sense introduir sobrecàrrega. ASLR-NG ha sigut implementat com un pedaç del nucli de Linux per a la versió 4.1. La diversificació de programari és una tècnica que cobrix una àmplia gamma de fa\-llades, inclosos els errors de memòria. La principal dificultat per a aplicar esta tècnica radica en la generació de les "variants", que són programes que tenen un comportament idèntic entre ells davant d'entrades normals, però tenen un comportament diferenciat en presència d'entrades anormals. S'ha proposat una nova forma de generar variants de forma automàtica a partir d'un mateix codi font, emprant l'emulació de sistemes. Una de les màximes d'esta investigació ha sigut l'aplicabilitat dels resultats, per la qual cosa s'ha fet especial insistència en el desenrotllament de prototips sobre sistemes reals al mateix temps que es duia a terme l'estudi teòric. Com a resultat, les propostes d'esta tesi són directament aplicables a sistemes reals, algunes d'elles ja estan sent explotades en la pràctica. / Marco Gisbert, H. (2015). Cyber-security protection techniques to mitigate memory errors exploitation [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/57806 / TESIS
95	JamaicaEye : What does cyber security look like in one of the most recently developed CCTV networks? Svensson, Elina, Rydén, Annika January 2019 (has links) The issue approached in this study is the possible gaps in cybersecurity in the Closed-Circuit TV system (CCTV) currently being implemented in Jamaica. During 2018, the government of Jamaica together with systems developers from MSTech Solutions developed and started to implement a video surveillance system with the aim to cover the entire nation to reduce criminal activities and create a safer society. To address potential problems of cybersecurity in this system, the purpose of this study was to explore which cybersecurity domains and factors were the most important in the JamaicaEye project. In order to examine such a purpose, the cybersecurity of the system is put into contrast with the cybersecurity domains of the C2M2 model to unveil similarities and differences in cybersecurity strategy and application. To be able to collect in-depth data of the JamaicaEye project, a hybrid of a field-and a case- study took place in Ocho Rios, Jamaica, during approximately 9 weeks. Data collection was carried out through interviews with representatives from the Jamaican government and the systems developer, MSTech Solutions. After compiling and transcribing the collected data from the interview the color coding and comparison of the results with the cybersecurity capability maturity model, C2M2, started. The C2M2 model was chosen as the theoretical framework for this study. The results of mapping the theoretical data with the empirical data gave underlying material and a perspective on the most important cybersecurity factors in the JamaicaEye system. This study will be a foundation for future expansion of the project in Jamaica, but also similar projects in other nations that are in need for cybersecurity development, management and assessment. Mainly, this study will be useful for those in the industry of development, analysis and assessment, and cybersecurity of CCTV systems. Cybersecurity CCTV system CCTV network CCTV surveillance risk management threats vulnerabilities JamaicaEye implementation Computer and Information Sciences Data- och informationsvetenskap
96	Personnaliser le soin, encadrer l’autonomie, produire des vulnérabilités. Une reconnaissance idéologique des adolescents et jeunes adultes atteints de cancer en France. / Personalizing care, framing autonomy, producing vulnerabilities. An ideological recognition of adolescents and young adults with cancer in France. Pombet, Thibaud 20 January 2017 (has links) En investissant des dispositifs dédiés à la prise en charge des adolescents et jeunes adultes atteints de cancer en France (« AJA », 15-25 ans), cette thèse étudie les pratiques de personnalisation des soins. Les programmes personnalisés prévoient d’accompagner le processus d’autonomisation de ces jeunes malades, lors de cette période de la vie perçue comme située entre l’enfance et l’âge adulte. Comment cette considération structure-t-elle l’expérience que les jeunes font de la maladie et des soins ? Quelles formes particulières les injonctions d’autonomie prennent-elles ? L’enquête de terrain s’appuie sur quinze entretiens semi-directifs menés avec des professionnels dédiés aux « AJA » en France et en Angleterre, ainsi que sur une trentaine d’entretiens conduits avec des jeunes, leurs proches et leurs soignants au cours de deux observations participantes : l’une de cinq mois effectuée en tant qu’animateur dans la première unité française dédiée à cette population clinique à l’hôpital Saint-Louis, la seconde de deux mois en tant que socio-anthropologue au sein du programme « AJA » de Gustave Roussy. L’analyse du matériel recueilli démontre en premier lieu que la catégorie « AJA » est tributaire d’un processus de biomédicalisation. Elle met ensuite en évidence la présence de normes organisationnelles et psychosociales qui encadrent l’accompagnement de l’autonomie des « AJA ». En mobilisant le modèle de la reconnaissance, la thèse développe alors le concept d’idéologie de la personnalisation des soins pour proposer une interprétation renouvelée des situations observées, et interroger la production de vulnérabilités identitaires pour les sujets du soin. / This thesis examines the practices of care personalization through the study of units dedicated to the care of teenagers and young adults with cancer in France (“TYA”, 15-25 years). The personalized programs are designed to support the process of autonomy of these young patients, during this period of life perceived as being between childhood and adulthood. How can this consideration structure these young people’s experience of the disease and care ? Which forms do the injunctions to autonomy take ? The ethnographic survey is based on fifteen semi-structured interviews carried out by professionals dedicated to «TYA» in France and England, and on thirty interviews conducted with young people, their families and their caregivers during two participant observations : the first over five months, carried out as an activity-coordinator in the first French unit dedicated to this population at the Saint-Louis hospital, and the second over two months, as a socio-anthropologist within the Gustave Roussy «TYA» program. The analysis of the information collected demonstrates first of all that the «TYA» category is dependent on a biomedicalization process. It then highlights the existence of organizational and psychosocial norms which formalize support of the «TYA» autonomy. By mobilizing the recognition theory, the thesis finally develops the concept of ideology of the personalization of care to propose a reinterpretation of observed situations, and to question the production of identity vulnerabilities for the subjects of care. Adolescents et jeunes adultes Personnalisation des soins Cancer Autonomie Reconnaissance Idéologie Vulnérabilités Teenagers and young adults Personalized care Cancer Autonomy Recognition Ideology Vulnerabilities
97	Investigating Security Issues in Industrial IoT: A Systematic Literature Review Milinic, Vasilije January 2021 (has links) The use of Internet-of-Things (IoT) makes it possible to inter-connect Information Technology (IT) and Operational Technology (OT) into a completely new system. This convergence is often known as Industrial IoT (IIoT). IIoT brings a lot of benefits to industrial assets, such as improved efficiency and productivity, reduced cost, and depletion of human error. However, the high inter-connectivity opens new possibilities for cyber incidents. These incidents can cause major damage like halting of production on the manufacturing line, or catastrophic havoc to companies, communities, and countries causing power outages, floods, and fuel shortages. Such incidents are important to be predicted, stopped, or alleviated at no cost. Moreover, these incidents are a great motive for researchers and practitioners to investigate known security problems and find potential moderation strategies. In this thesis work, we try to identify what types of IIoT systems have been investigated in the literature. We seek out to find if software-related issues can yield security problems. Also, we make an effort to perceive what are the proposed methods to mitigate the security threats.We employ the systematic literature review (SLR) methodology to collect this information. The results are gathered from papers published in the last five years and they show an increased interest in research in this domain. We find out software vulnerabilities are a concern for IIoT systems, mainly firmware vulnerabilities and buffer overflows, and there are a lot of likely attacks that can cause damage, mostly injection and DDoS attacks. There are a lot of different solutions which offer the possibility to stop the identified problems and we summarize them. Furthermore, the research gap considering the update process in these systems and devices, as well as a problem with the unsupervised software supply chain is identified. Internet-of-Things (IoT) Industrial Internet of Things (IIoT) Systematic Literature Review (SLR) security vulnerabilities attacks mitigation Computer Sciences Datavetenskap (datalogi)
98	Protecting Web Applications from SQL Injection Attacks- Guidelines for Programmers Master Thesis Gopali, Gopali January 2018 (has links) Injektionsattack är den mest kritiska säkerhetsapplikationen för webbapplikationer, och SQL-injektion (SQLi) -attack är den mest rapporterade injektionsattacken på webbapplikationer. I denna avhandling har vi identifierat angreppsteknikerna som används av angripare och vi ger också riktlinjer så att programmerarna kan skriva webbapplikationskoder på ett säkert sätt för att förhindra SQLi-attackerna.Metoden som tillämpas för forskningen är litteraturstudie och vi använde vägen bevis genom demonstration för att få den tydliga bilden. Det första steget var att ta reda på kodningsfelen, då utformade vi riktlinjer som kan hjälpa till att skydda webbapplikationer från SQLi-attacker. Denna avhandling kommer att hjälpa programmerarna att förstå de olika kodningsbristerna och hur dessa kodningsfel kan förhindras och för detta har vi använt bevis genom demonstration. Denna avhandling kommer också att bidra till den allmänna medvetenheten om SQLi-attacker, attacker och riktlinjer för programmerare som designar, utvecklar och testar webbapplikationer. / Injection attack is the most critical web application security risk, and SQL-injection (SQLi) attack is the most reported injection attack on web applications. In this thesis, we have identified the attacking techniques used by attackers and we are also providing guidelines so that the programmers can write web application code in a secure way, to prevent the SQLi attacks.The methodology applied for the research is literature study and we used the way proof by demonstration to get the clear picture. The first step was to find out the coding flaws, then we designed guidelines that can help to protect web applications from SQLi attacks. This thesis will help the programmers to understand the various coding flaws and how those coding flaws can be prevented and for this, we have used proof by demonstration. This thesis will also contribute to the general awareness of SQLi attacks, attack types and guidelines for the programmers who are designing, developing and testing web applications. Web application attacks SQLi coding flaws SQLi attack SQL-Injection Top vulnerabilities Cyber Security Engineering and Technology Teknik och teknologier
99	A Method for Recommending Computer-Security Training for Software Developers Nadeem, Muhammad 12 August 2016 (has links) Vulnerable code may cause security breaches in software systems resulting in financial and reputation losses for the organizations in addition to loss of their customers’ confidential data. Delivering proper software security training to software developers is key to prevent such breaches. Conventional training methods do not take the code written by the developers over time into account, which makes these training sessions less effective. We propose a method for recommending computer–security training to help identify focused and narrow areas in which developers need training. The proposed method leverages the power of static analysis techniques, by using the flagged vulnerabilities in the source code as basis, to suggest the most appropriate training topics to different software developers. Moreover, it utilizes public vulnerability repositories as its knowledgebase to suggest community accepted solutions to different security problems. Such mitigation strategies are platform independent, giving further strength to the utility of the system. This research discussed the proposed architecture of the recommender system, case studies to validate the system architecture, tailored algorithms to improve the performance of the system, and human subject evaluation conducted to determine the usefulness of the system. Our evaluation suggests that the proposed system successfully retrieves relevant training articles from the public vulnerability repository. The human subjects found these articles to be suitable for training. The human subjects also found the proposed recommender system as effective as a commercial tool. FindBugs Static code analysis Jaccard index tf–idf training NVD CWE software vulnerabilities software security Recommender system
100	Partnervåld utanför (cis)normerna och transpersoners särskilda utsatthet : En scoping review om transpersoners utsatthet för våld i parrelationer / Intimate partner violence outside of the (cis)norms and transgender specific vulnerabilities Svedman, Saga, Vega Larsson, Anita January 2022 (has links) Syfte: Syftet var att undersöka det vetenskapliga kunskapsläget beträffande transpersoners utsatthet för partnervåld med avseende på våldets karaktär samt för transpersoners särskilda utsatthet och tillgång till stöd. Metod: Genom utförandet av en scoping review inkluderades tretton artiklar som analyserades utifrån innehållsanalys (manifest och latent). Resultat: Analysen resulterade i tre huvudteman med tillhörande underteman, (1) partnervåld i samband med transidentitet; transpecifikt partnervåld, psykiskt partnervåld, (2) särskild utsatthet i samband med partnervåld; samhällsnormer, ytterligare riskfaktorer, (3) stöd från samhället och närstående; formellt stöd från samhället, informellt stöd från närstående, normativa roller för offer och förövare. Slutsats: Förekomsten av partnervåld bland transpersoner var omfattade och det fanns särskilda omständigheter som många gånger var kopplad till offrets transidentitet. Därmed uppstår ett behov av att transspecifika stödresurser utformas, samtidigt som professionellas kunskap och förståelse om målgruppen behöver öka. / Purpose: The aim was to explore the current state of knowledge within scientific research regarding transgender people’s exposure to intimate partner violence. Moreover to study the structure of the violence, transgender specific vulnerabilities and access to support. Method: Through scoping review, thirteen scientific articles were included and analyzed through content analysis (manifest and latent). Results: Three main themes emerged with appurtenant sub-themes, (1) intimate partner violence in relation to trans identity; transspecific intimate partner violence, psychological intimate partner violence, (2) specific vulnerabilities inrelation to intimate partner violence; societal norms, additional risk factors, (3) Support from society and personal network; formal support from society, informal support from personal network, normative roles for victims and perpetrators. Conclusion: Prevalence of intimate partner violence was extensive among transgender people, specific circumstances emerged related to the victims trans identity, which calls for transspecific support services and increased knowledge of the target group amongst professionals. transgender intimate partner violence LGBTQIA+ specific vulnerabilities ranspersoner våld i parrelationer HBTQIA+ särskild utsatthet Social Work Socialt arbete

Search results