Qualidade ambiental : vulnerabilidades e potencialidades no município de Itabaiana-SE / ENVIRONMENTAL QUALITY: vulnerabilities and potential in the city of Itabaiana-Se.

Santos, Clêane Oliveira dos

09 June 2010

Since that environmental and life quality must be equivalents, the aim of the present study was discuss social and environmental indicators, assuming quality of life as the realization of social and environmental conditions in a balanced manner, frequently influenced by environmental, socials, economics and cultural patterns, lifestyle and aspirations. The area of the study was Itabaiana, highlighted within the Sergipe due to its geographical location and economic, social and political expressiveness. Drawing a parallel with urban centers, the city is small but has been showed a growing urban structure, indicative of vulnerabilities. The study then presents the objective assessment of quality of life in the city of Itabaiana-SE, considering social and environmental vulnerabilities and potentials of urban, rural and its territories. Procedures to identify the social and environmental vulnerabilities of availability and access of infrastructure, equipment and urban services, analyze the social and environmental consequences arising from the techniques used in irrigation; present the cultural identity of the population by the perceptual evaluation about the quality of life; make a survey of programs and actions of public intervention in urban and rural, to describe conditions in the territorial definition of urban and rural areas, made the research possible. This thesis was divided into five chapters where the first concerns the theoretical and methodological considerations and the others are linked to social, environmental, socioenvironmental, political, cultural and economic that permeate the quality of life. These dimensions are associated with the diagnosis of social and environmental indicators such as infrastructure and collective welfare, Solid Waste, Health and Technical Education of the farmer and his family, education and citizenship, work and income. The indicators were developed through prior verification of the possibility of research studies on the site associated with the parameters already used in previous research in order to merge environmental, social, economic and cultural, because the scaling of the quality of life running through each these spheres should not be judged from the trial of only one given, parameter or indicator. Overall, the survey pointed to no concern of most individuals involved in research towards social and environmental issues, since the cultural identity of the population is marked on, specifically, the question of economic/commercial. Thus, from the analysis of the indicators found the existence of vulnerabilities and potential socioenvironmental, which influence the quality of life. Thus, programs regarding access to citizenship and require long-term development, because the necessary transformations the quality of life in need of redefinition of cultural values. / Entendendo que qualidade ambiental e qualidade de vida devem ser equivalentes, vimos aqui discutir alguns indicadores reais, pressupondo qualidade de vida como a realização das condições sociais e ambientais de forma equilibrada, constantemente influenciada por padrões ambientais, sociais, econômicos, culturais, estilos de vida e aspirações. Essa pesquisa tem como área de estudo o município de Itabaiana, destaque no interior de Sergipe em decorrência de sua localização geográfica e expressividade econômica, social e política. Fazendo um paralelo com núcleos urbanos, o município é de pequeno porte, mas vem apresentando estrutura urbana crescente, indicativas de vulnerabilidades. O estudo então apresenta como objetivo avaliação da qualidade de vida do município de Itabaiana-SE, considerando vulnerabilidades e potencialidades socioambientais dos espaços urbanos, rurais e seus territórios. Procedimentos como, identificar as vulnerabilidades socioambientais de disponibilidade e acesso da infra-estrutura, dos equipamentos e serviços urbanos; analisar as conseqüências sociais e ambientais decorrentes das técnicas utilizadas na irrigação; apresentar a identidade cultural da população pela avaliação perceptiva acerca da qualidade de vida; efetuar o levantamento de programas e ações públicas de intervenção nos espaços urbanos e rurais; descrever condições de territorialização na definição dos espaços urbanos e rurais, tornaram a pesquisa viável. Esta dissertação foi dividida em cinco capítulos onde um diz respeito às considerações teórico-metodológicas e quatro correspondem às dimensões social, ambiental, socioambiental, político-cultural e econômica que permeiam a qualidade de vida. Essas dimensões estão associadas ao diagnóstico de indicadores socioambientais tais como: Infraestrutura e bem-estar coletivo, Resíduos sólidos, Saúde e Instrução técnica do agricultor e seus familiares, Educação e cidadania, Trabalho e renda. Os indicadores foram elaborados por meio da verificação prévia de possibilidade de pesquisa no local associados a estudos de parâmetros já utilizados em pesquisas anteriores com o intuito de mesclar aspectos ambientais, sociais, econômicos e culturais, pois o dimensionamento da qualidade de vida perpassa por cada uma dessas esferas, não devendo ser avaliada a partir do julgamento isolado de um único dado, parâmetro ou indicador. De forma geral, a pesquisa apontou para a não preocupação da maioria dos indivíduos envolvidos na pesquisa para com as questões socioambientais, uma vez que a identidade cultural marcante da população está ligada, especificamente, a questão do desenvolvimento econômico/comercial. Logo, a partir da análise dos indicadores constatou-se a existência de vulnerabilidades e potencialidades socioambientais, as quais influenciam a qualidade de vida da população. Desse modo, programas de respeito e acesso a cidadania necessitam de desenvolvimento em longo prazo, pois as transformações indispensáveis a qualidade de vida carecem de redefinição dos valores culturais.

Indicadores socioambientais

Qualidade de vida

Potencialidades

Vulnerabilidades

Social and environmental indicators

Quality of life

Capabilities

Vulnerabilities

CNPQ::CIENCIAS HUMANAS::GEOGRAFIA

Intervenções de prevenção positiva: uma revisão de literatura / Not informed by the author

Fernando Viana de Carvalho Rocco

22 January 2018

No campo da prevenção ao HIV, a maior parte dos esforços se dedica as pessoas soronegativas que nos programas e pesquisas aparecem como sinônimo de todos. A noção de Prevenção Positiva produzida no âmbito da resposta brasileira , por outro lado, considerou que as PVHA também necessitam de cuidados preventivos únicos. A presente dissertação se propõe a examinar a produção científica que descreve intervenções de prevenção positiva, bem como as suas possíveis contribuições na resposta à epidemia de HIV/AIDS, analisadas na perspectiva informada pelo quadro das vulnerabilidades e dos direitos humanos, que possibilitou a produção de uma noção singular de prevenção positiva ao longo da 3a década de epidemia. Para tanto, utilizamos como método de pesquisa a revisão de escopo (scoping review) que permitiu sintetizar o conhecimento sobre intervenções de prevenção positiva disponibilizadas nas bases de dados escolhidas (CINAHL, ERIC, Lilacs, MedLine, PsycInf, Scopus, Web of Science e Google Acadêmico). Dos 700 artigos recuperados, foram selecionados 15 artigos, a partir dos critérios de busca. Entre outros achados, os estudos confirmaram o entendimento de que, historicamente, a prevenção do HIV se constituiu no campo sócio-comportamental. Não à toa, as intervenções centraram-se quase inteiramente na prevenção da transmissão do HIV e controle da epidemia, não no bem-estar das pessoas vivendo com HIV. Discutimos que as intervenções disponíveis na literatura, apesar da esperada inovação cunhada como prevenção positiva, sustentam a mesma prioridade de proteger as pessoas HIV negativas de serem infectadas por seus parceiros HIV positivos e perdem a oportunidade de inovar programas existentes, a partir do momento que não levam em conta os contextos diferentes de vulnerabilidade social e ação programática, que excluem os marcadores de [8] desigualdade (como classe ou gênero) e os projetos de cada pessoa vivendo com HIV na sua vida cotidiana e sua vulnerabilidade pessoal. Defendemos a maior produtividade de uma concepção que supere esse modelo que leva à culpabilização das PVHA e à sobreposição de estigmas que enfrentam, para fortalecer uma noção de prevenção solidária e compartilhada realizada em intervenções de prevenção positiva balizadas pela atenção integral à saúde e pela defesa e promoção dos direitos humanos das pessoas afetadas pela AIDS / In the HIV prevention field, most part of the emissions are dedicated as seronegative people that appear in programs and researches as synonymous of all. The notion of Positive Prevention produced within the scope of the Brazilian response, conversely, considered that PLWHA also need single preventive care. This thesis proposes to examine the scientific production that describes positive prevention interventions as well as their possible contributions for the response to HIV/AIDS epidemic, analyzed from an informed perspective by the vulnerability and human rights framework, which made possible the production of single notion about the positive prevention throughout the 3rd epidemics decade. For this purpose, was used as a research method, a scoping review that allowed synthesizing knowledge about positive prevention interventions available in the chosen databases (CINAHL, ERIC, Lilacs, MedLine, PsycInf, Scopus, Web of Science and Google Scholar). Of the 700 recovered articles, were selected 15 articles based on the search criteria. Among other discoveries, the studies confirmed the understanding that, historically, HIV prevention has been in the socio-behavorial field. Not by accident, the interventions focused almost entirely on preventing HIV transmissions and controlling the epidemic, not on the well-being of people living with HIV. Was discussed that interventions available in the literature, despite the expected innovation named as positive prevention, support the same priority in protecting HIV negative people from being infected by their HIV positive partners and miss the opportunity to innovate existing programs, from the moment that they dont consider the distinct contexts of social vulnerability and programmatic action that exclude markers of inequality (such as class or gender) and the projects of each person living with HIV in their daily lives and personal vulnerability. We defend the higher productivity of a conception that [10] overcome this model that blames the PLWHA and the overlapping of stigmas they face in order to strengthen the notion of solidarity and shared prevention carried out in interventions of positive prevention defined by integral health care and the defense and promotion of the Human Rights of people affected by AIDS

Direitos humanos

HIV

Prevenção e controle

Prevenção positiva

Vulnerabilidades em saúde

HIV

Human rights

Positive prevention

Prevention and control

Vulnerabilities in health

Retour à l'emploi après un cancer : une situation conflictuelle sur le plan psychologique / Return to work after a cancer : a psychological conflict

Blasi, Géraldine de

09 November 2015

Cette étude exploratoire a pour objectifs de cerner les modalités de réaction des personnes atteintes de cancer face à la reprise du travail et de repérer les ressources ou les facteurs de vulnérabilité face à cette reprise. Quatre-vingts sujets sont répartis en trois groupes : 33 sujets qui ne bénéficient d’aucun accompagnement spécifique, 44 sujets reçus à la consultation d’aide à la reprise du travail après un cancer du CHU de Rouen et 3 sujets qui ne souhaitent plus reprendre le travail. Les caractéristiques psychologiques, médicales et socioprofessionnelles des sujets non consultants et des sujets consultants sont comparées. Les données relatives aux sujets qui ont abandonné leur projet de reprise du travail sont analysées sur un plan qualitatif. Nous nous attendions à ce que les sujets consultants soient plus vulnérables que les sujets non consultants. Nos résultats soulignent que les sujets des deux groupes ne sont pas si différents. Les facteurs de vulnérabilité présentés par les sujets consultants n’ont pas eu d’incidence sur la reprise du travail. L’aide de la consultation a pu favoriser une forme de résilience et l’autonomie psychique chez ces sujets. Les situations des sujets qui ne souhaitent plus reprendre un travail ont amené des éléments de compréhension face à la sortie de l’emploi après le diagnostic de cancer. Ce travail confirme la singularité de chaque situation de cancer et souligne un besoin spécifique à cette population, celui d’un accompagnement individualisé. Celui-ci doit être envisagé tout au long du processus de reprise du travail pour prévenir des difficultés susceptibles d’apparaître bien au-delà de cette reprise. / This exploratory study aims to identify the modalities of reaction of people with cancer who face the resumption of work and identify the resources or the vulnerabilities facing return to work. Eighty persons divided into three groups: 33 persons who return to work without accompaniment, 44 persons who solicit the department of ‘return to work after a cancer’ (University Hospital of Rouen) and 3 persons who no longer wish to return to work. The psychological, medical, social and professional characteristics of non consultants and consultants are compared. A qualitative analysis (case studies) is performed for the results concerning the three persons that have abandoned their plans to return to work. We expected that consultants are more vulnerable than non consultants. Our results emphasize that both groups are not so different. The vulnerability factors presented by consultants did not have any impact on return to work. The help provided by the department had probably promoted a form of resilience and psychological autonomy for these patients. The situations of persons that have no intention to return to work have highlighted elements of understanding of the reasons which encourage them to quit their job after cancer diagnosis. This study confirms the uniqueness of each situation of cancer. Our results highlight a specific need for this population that of an individualized support. The possibility of being supported throughout the return to work process should be considered in order to prevent issues that may appear beyond this resumption.

Cancer

Retour à l’emploi

Vulnérabilités

Ressources

Conflit vie privée- vie professionnelle

Cancer

Return to work

Vulnerabilities

Resources

Work-Family conflict

La sécurité économique à l’épreuve de la mondialisation / Economic security in a context of globalization

Mahjoub, Saad

26 June 2015

Cette thèse a pour objet d'étudier la sécurité économique dans un contexte de mondialisation. Au sens large du terme la sécurité économique est l’absence de menaces contre le patrimoine économique. La protection de ce patrimoine est effectuée par de nombreuses mesures et politiques et des instruments juridiques. L’intelligence économique avec ses outils a permis le passage d’une sécurité strictement passive à une sécurité active. Les politiques liées à la protection du patrimoine économique s’opèrent par une coopération entre le public et le privé. La recherche met l’accent sur la notion de sécurité économique à l’épreuve de la mondialisation, permettant d’analyser de façon globale les menaces et les politiques de riposte dans un environnement de globalisation économique. / This thesis has for object to study the economic security in a context of globalization. In the broad sense term the economic security is the absence of threats against the economic heritage. The protection of this heritage is carried by many measures and policies and legal instruments. The competitive intelligence with its tools allowed the passage of a strictly passive security an active security. The policies related to economic heritage protection take place by cooperation between the public and the private sector. The search emphasizes the notion of economic security in the event of the globalization, allowing to analyse in a global way the threats and the policies of retort in an environment of economic globalization.

Sécurité économique

Mondialisation

Intelligence économique

Patriotisme économique

Menaces

Vulnérabilités

Economic security

Globalization

Competitive intelligence

Economic Patriotism

Threats

Vulnerabilities

320

Cyber-security protection techniques to mitigate memory errors exploitation

Marco Gisbert, Héctor

04 November 2016

[EN] Practical experience in software engineering has demonstrated that the goal of building totally fault-free software systems, although desirable, is impossible to achieve. Therefore, it is necessary to incorporate mitigation techniques in the deployed software, in order to reduce the impact of latent faults. This thesis makes contributions to three memory corruption mitigation techniques: the stack smashing protector (SSP), address space layout randomisation (ASLR) and automatic software diversification. The SSP is a very effective protection technique used against stack buffer overflows, but it is prone to brute force attacks, particularly the dangerous byte-for-byte attack. A novel modification, named RenewSSP, has been proposed which eliminates brute force attacks, can be used in a completely transparent way with existing software and has negligible overheads. There are two different kinds of application for which RenewSSP is especially beneficial: networking servers (tested in Apache) and application launchers (tested on Android). ASLR is a generic concept with multiple designs and implementations. In this thesis, the two most relevant ASLR implementations of Linux have been analysed (Vanilla Linux and PaX patch), and several weaknesses have been found. Taking into account technological improvements in execution support (compilers and libraries), a new ASLR design has been proposed, named ASLR-NG, which maximises entropy, effectively addresses the fragmentation issue and removes a number of identified weaknesses. Furthermore, ASLR-NG is transparent to applications, in that it preserves binary code compatibility and does not add overheads. ASLR-NG has been implemented as a patch to the Linux kernel 4.1. Software diversification is a technique that covers a wide range of faults, including memory errors. The main problem is how to create variants, i.e. programs which have identical behaviours on normal inputs but where faults manifest differently. A novel form of automatic variant generation has been proposed, using multiple cross-compiler suites and processor emulators. One of the main goals of this thesis is to create applicable results. Therefore, I have placed particular emphasis on the development of real prototypes in parallel with the theoretical study. The results of this thesis are directly applicable to real systems; in fact, some of the results have already been included in real-world products. / [ES] La creación de software supone uno de los retos más complejos para el ser humano ya que requiere un alto grado de abstracción. Aunque se ha avanzado mucho en las metodologías para la prevención de los fallos software, es patente que el software resultante dista mucho de ser confiable, y debemos asumir que el software que se produce no está libre de fallos. Dada la imposibilidad de diseñar o implementar sistemas libres de fallos, es necesario incorporar técnicas de mitigación de errores para mejorar la seguridad. La presente tesis realiza aportaciones en tres de las principales técnicas de mitigación de errores de corrupción de memoria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) y Automatic Software Diversification. SSP es una técnica de protección muy efectiva contra ataques de desbordamiento de buffer en pila, pero es sensible a ataques de fuerza bruta, en particular al peligroso ataque denominado byte-for-byte. Se ha propuesto una novedosa modificación del SSP, llamada RenewSSP, la cual elimina los ataques de fuerza bruta. Puede ser usada de manera completamente transparente con los programas existentes sin introducir sobrecarga. El RenewSSP es especialmente beneficioso en dos áreas de aplicación: Servidores de red (probado en Apache) y lanzadores de aplicaciones eficientes (probado en Android). ASLR es un concepto genérico, del cual hay multitud de diseños e implementaciones. Se han analizado las dos implementaciones más relevantes de Linux (Vanilla Linux y PaX patch), encontrándose en ambas tanto debilidades como elementos mejorables. Teniendo en cuenta las mejoras tecnológicas en el soporte a la ejecución (compiladores y librerías), se ha propuesto un nuevo diseño del ASLR, llamado ASLR-NG, el cual: maximiza la entropía, soluciona el problema de la fragmentación y elimina las debilidades encontradas. Al igual que la solución propuesta para el SSP, la nueva propuesta de ASLR es transparente para las aplicaciones y compatible a nivel binario sin introducir sobrecarga. ASLR-NG ha sido implementado como un parche del núcleo de Linux para la versión 4.1. La diversificación software es una técnica que cubre una amplia gama de fallos, incluidos los errores de memoria. La principal dificultad para aplicar esta técnica radica en la generación de las "variantes", que son programas que tienen un comportamiento idéntico entre ellos ante entradas normales, pero tienen un comportamiento diferenciado en presencia de entradas anormales. Se ha propuesto una novedosa forma de generar variantes de forma automática a partir de un mismo código fuente, empleando la emulación de sistemas. Una de las máximas de esta investigación ha sido la aplicabilidad de los resultados, por lo que se ha hecho especial hincapié en el desarrollo de prototipos sobre sistemas reales a la par que se llevaba a cabo el estudio teórico. Como resultado, las propuestas de esta tesis son directamente aplicables a sistemas reales, algunas de ellas ya están siendo explotadas en la práctica. / [CAT] La creació de programari suposa un dels reptes més complexos per al ser humà ja que requerix un alt grau d'abstracció. Encara que s'ha avançat molt en les metodologies per a la prevenció de les fallades de programari, és palès que el programari resultant dista molt de ser confiable, i hem d'assumir que el programari que es produïx no està lliure de fallades. Donada la impossibilitat de dissenyar o implementar sistemes lliures de fallades, és necessari incorporar tècniques de mitigació d'errors per a millorar la seguretat. La present tesi realitza aportacions en tres de les principals tècniques de mitigació d'errors de corrupció de memòria: Stack Smashing Protector (SSP), Address Space Layout Randomisation (ASLR) i Automatic Software Diversification. SSP és una tècnica de protecció molt efectiva contra atacs de desbordament de buffer en pila, però és sensible a atacs de força bruta, en particular al perillós atac denominat byte-for-byte. S'ha proposat una nova modificació del SSP, RenewSSP, la qual elimina els atacs de força bruta. Pot ser usada de manera completament transparent amb els programes existents sense introduir sobrecàrrega. El RenewSSP és especialment beneficiós en dos àrees d'aplicació: servidors de xarxa (provat en Apache) i llançadors d'aplicacions eficients (provat en Android). ASLR és un concepte genèric, del qual hi ha multitud de dissenys i implementacions. S'han analitzat les dos implementacions més rellevants de Linux (Vanilla Linux i PaX patch), trobant-se en ambdues tant debilitats com elements millorables. Tenint en compte les millores tecnològiques en el suport a l'execució (compiladors i llibreries), s'ha proposat un nou disseny de l'ASLR: ASLR-NG, el qual, maximitza l'entropia, soluciona el problema de la fragmentació i elimina les debilitats trobades. Igual que la solució proposada per al SSP, la nova proposta d'ASLR és transparent per a les aplicacions i compatible a nivell binari sense introduir sobrecàrrega. ASLR-NG ha sigut implementat com un pedaç del nucli de Linux per a la versió 4.1. La diversificació de programari és una tècnica que cobrix una àmplia gamma de fa\-llades, inclosos els errors de memòria. La principal dificultat per a aplicar esta tècnica radica en la generació de les "variants", que són programes que tenen un comportament idèntic entre ells davant d'entrades normals, però tenen un comportament diferenciat en presència d'entrades anormals. S'ha proposat una nova forma de generar variants de forma automàtica a partir d'un mateix codi font, emprant l'emulació de sistemes. Una de les màximes d'esta investigació ha sigut l'aplicabilitat dels resultats, per la qual cosa s'ha fet especial insistència en el desenrotllament de prototips sobre sistemes reals al mateix temps que es duia a terme l'estudi teòric. Com a resultat, les propostes d'esta tesi són directament aplicables a sistemes reals, algunes d'elles ja estan sent explotades en la pràctica. / Marco Gisbert, H. (2015). Cyber-security protection techniques to mitigate memory errors exploitation [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/57806 / TESIS

JamaicaEye : What does cyber security look like in one of the most recently developed CCTV networks?

Svensson, Elina, Rydén, Annika

January 2019

The issue approached in this study is the possible gaps in cybersecurity in the Closed-Circuit TV system (CCTV) currently being implemented in Jamaica. During 2018, the government of Jamaica together with systems developers from MSTech Solutions developed and started to implement a video surveillance system with the aim to cover the entire nation to reduce criminal activities and create a safer society. To address potential problems of cybersecurity in this system, the purpose of this study was to explore which cybersecurity domains and factors were the most important in the JamaicaEye project. In order to examine such a purpose, the cybersecurity of the system is put into contrast with the cybersecurity domains of the C2M2 model to unveil similarities and differences in cybersecurity strategy and application. To be able to collect in-depth data of the JamaicaEye project, a hybrid of a field-and a case- study took place in Ocho Rios, Jamaica, during approximately 9 weeks. Data collection was carried out through interviews with representatives from the Jamaican government and the systems developer, MSTech Solutions. After compiling and transcribing the collected data from the interview the color coding and comparison of the results with the cybersecurity capability maturity model, C2M2, started. The C2M2 model was chosen as the theoretical framework for this study. The results of mapping the theoretical data with the empirical data gave underlying material and a perspective on the most important cybersecurity factors in the JamaicaEye system. This study will be a foundation for future expansion of the project in Jamaica, but also similar projects in other nations that are in need for cybersecurity development, management and assessment. Mainly, this study will be useful for those in the industry of development, analysis and assessment, and cybersecurity of CCTV systems.

Cybersecurity

CCTV system

CCTV network

CCTV surveillance

risk management

threats

vulnerabilities

JamaicaEye

implementation

Computer and Information Sciences

Data- och informationsvetenskap

Personnaliser le soin, encadrer l’autonomie, produire des vulnérabilités. Une reconnaissance idéologique des adolescents et jeunes adultes atteints de cancer en France. / Personalizing care, framing autonomy, producing vulnerabilities. An ideological recognition of adolescents and young adults with cancer in France.

Pombet, Thibaud

20 January 2017

En investissant des dispositifs dédiés à la prise en charge des adolescents et jeunes adultes atteints de cancer en France (« AJA », 15-25 ans), cette thèse étudie les pratiques de personnalisation des soins. Les programmes personnalisés prévoient d’accompagner le processus d’autonomisation de ces jeunes malades, lors de cette période de la vie perçue comme située entre l’enfance et l’âge adulte. Comment cette considération structure-t-elle l’expérience que les jeunes font de la maladie et des soins ? Quelles formes particulières les injonctions d’autonomie prennent-elles ? L’enquête de terrain s’appuie sur quinze entretiens semi-directifs menés avec des professionnels dédiés aux « AJA » en France et en Angleterre, ainsi que sur une trentaine d’entretiens conduits avec des jeunes, leurs proches et leurs soignants au cours de deux observations participantes : l’une de cinq mois effectuée en tant qu’animateur dans la première unité française dédiée à cette population clinique à l’hôpital Saint-Louis, la seconde de deux mois en tant que socio-anthropologue au sein du programme « AJA » de Gustave Roussy. L’analyse du matériel recueilli démontre en premier lieu que la catégorie « AJA » est tributaire d’un processus de biomédicalisation. Elle met ensuite en évidence la présence de normes organisationnelles et psychosociales qui encadrent l’accompagnement de l’autonomie des « AJA ». En mobilisant le modèle de la reconnaissance, la thèse développe alors le concept d’idéologie de la personnalisation des soins pour proposer une interprétation renouvelée des situations observées, et interroger la production de vulnérabilités identitaires pour les sujets du soin. / This thesis examines the practices of care personalization through the study of units dedicated to the care of teenagers and young adults with cancer in France (“TYA”, 15-25 years). The personalized programs are designed to support the process of autonomy of these young patients, during this period of life perceived as being between childhood and adulthood. How can this consideration structure these young people’s experience of the disease and care ? Which forms do the injunctions to autonomy take ? The ethnographic survey is based on fifteen semi-structured interviews carried out by professionals dedicated to «TYA» in France and England, and on thirty interviews conducted with young people, their families and their caregivers during two participant observations : the first over five months, carried out as an activity-coordinator in the first French unit dedicated to this population at the Saint-Louis hospital, and the second over two months, as a socio-anthropologist within the Gustave Roussy «TYA» program. The analysis of the information collected demonstrates first of all that the «TYA» category is dependent on a biomedicalization process. It then highlights the existence of organizational and psychosocial norms which formalize support of the «TYA» autonomy. By mobilizing the recognition theory, the thesis finally develops the concept of ideology of the personalization of care to propose a reinterpretation of observed situations, and to question the production of identity vulnerabilities for the subjects of care.

Adolescents et jeunes adultes

Personnalisation des soins

Cancer

Autonomie

Reconnaissance

Idéologie

Vulnérabilités

Teenagers and young adults

Personalized care

Cancer

Autonomy

Recognition

Ideology

Vulnerabilities

Investigating Security Issues in Industrial IoT: A Systematic Literature Review

Milinic, Vasilije

January 2021

The use of Internet-of-Things (IoT) makes it possible to inter-connect Information Technology (IT) and Operational Technology (OT) into a completely new system. This convergence is often known as Industrial IoT (IIoT). IIoT brings a lot of benefits to industrial assets, such as improved efficiency and productivity, reduced cost, and depletion of human error. However, the high inter-connectivity opens new possibilities for cyber incidents. These incidents can cause major damage like halting of production on the manufacturing line, or catastrophic havoc to companies, communities, and countries causing power outages, floods, and fuel shortages. Such incidents are important to be predicted, stopped, or alleviated at no cost. Moreover, these incidents are a great motive for researchers and practitioners to investigate known security problems and find potential moderation strategies.  In this thesis work, we try to identify what types of IIoT systems have been investigated in the literature. We seek out to find if software-related issues can yield security problems. Also, we make an effort to perceive what are the proposed methods to mitigate the security threats.We employ the systematic literature review (SLR) methodology to collect this information. The results are gathered from papers published in the last five years and they show an increased interest in research in this domain. We find out software vulnerabilities are a concern for IIoT systems, mainly firmware vulnerabilities and buffer overflows, and there are a lot of likely attacks that can cause damage, mostly injection and DDoS attacks. There are a lot of different solutions which offer the possibility to stop the identified problems and we summarize them. Furthermore, the research gap considering the update process in these systems and devices, as well as a problem with the unsupervised software supply chain is identified.

Internet-of-Things (IoT)

Industrial Internet of Things (IIoT)

Systematic Literature Review (SLR)

security

vulnerabilities

attacks

mitigation

Computer Sciences

Datavetenskap (datalogi)

Protecting Web Applications from SQL Injection Attacks- Guidelines for Programmers Master Thesis

Gopali, Gopali

January 2018

Injektionsattack är den mest kritiska säkerhetsapplikationen för webbapplikationer, och SQL-injektion (SQLi) -attack är den mest rapporterade injektionsattacken på webbapplikationer. I denna avhandling har vi identifierat angreppsteknikerna som används av angripare och vi ger också riktlinjer så att programmerarna kan skriva webbapplikationskoder på ett säkert sätt för att förhindra SQLi-attackerna.Metoden som tillämpas för forskningen är litteraturstudie och vi använde vägen bevis genom demonstration för att få den tydliga bilden. Det första steget var att ta reda på kodningsfelen, då utformade vi riktlinjer som kan hjälpa till att skydda webbapplikationer från SQLi-attacker. Denna avhandling kommer att hjälpa programmerarna att förstå de olika kodningsbristerna och hur dessa kodningsfel kan förhindras och för detta har vi använt bevis genom demonstration. Denna avhandling kommer också att bidra till den allmänna medvetenheten om SQLi-attacker, attacker och riktlinjer för programmerare som designar, utvecklar och testar webbapplikationer. / Injection attack is the most critical web application security risk, and SQL-injection (SQLi) attack is the most reported injection attack on web applications. In this thesis, we have identified the attacking techniques used by attackers and we are also providing guidelines so that the programmers can write web application code in a secure way, to prevent the SQLi attacks.The methodology applied for the research is literature study and we used the way proof by demonstration to get the clear picture. The first step was to find out the coding flaws, then we designed guidelines that can help to protect web applications from SQLi attacks. This thesis will help the programmers to understand the various coding flaws and how those coding flaws can be prevented and for this, we have used proof by demonstration. This thesis will also contribute to the general awareness of SQLi attacks, attack types and guidelines for the programmers who are designing, developing and testing web applications.

Web application attacks

SQLi coding flaws

SQLi attack

SQL-Injection

Top vulnerabilities

Cyber Security

Engineering and Technology

Teknik och teknologier

A Method for Recommending Computer-Security Training for Software Developers

Nadeem, Muhammad

12 August 2016

Vulnerable code may cause security breaches in software systems resulting in financial and reputation losses for the organizations in addition to loss of their customers’ confidential data. Delivering proper software security training to software developers is key to prevent such breaches. Conventional training methods do not take the code written by the developers over time into account, which makes these training sessions less effective. We propose a method for recommending computer–security training to help identify focused and narrow areas in which developers need training. The proposed method leverages the power of static analysis techniques, by using the flagged vulnerabilities in the source code as basis, to suggest the most appropriate training topics to different software developers. Moreover, it utilizes public vulnerability repositories as its knowledgebase to suggest community accepted solutions to different security problems. Such mitigation strategies are platform independent, giving further strength to the utility of the system. This research discussed the proposed architecture of the recommender system, case studies to validate the system architecture, tailored algorithms to improve the performance of the system, and human subject evaluation conducted to determine the usefulness of the system. Our evaluation suggests that the proposed system successfully retrieves relevant training articles from the public vulnerability repository. The human subjects found these articles to be suitable for training. The human subjects also found the proposed recommender system as effective as a commercial tool.

FindBugs

Static code analysis

Jaccard index

tf–idf

training

NVD

CWE

software vulnerabilities

software security

Recommender system