Dissertations / Theses on the topic 'Security challenge'

As South Africa is a rapidly developing country and has become more increasingly technologically advanced through the growth in information communications technology (ICT) and the expansion of modern state infrastructure. With this growth more of the country's citizens have also become connected as access to the internet has spread. However, this advancement has also introduced a new challenge to South African national security in the form of cyber security. The spread of technology has created new vulnerabilities within the cyber domain that may directly work to undermine the country's security. Computer hackers are developing advanced software and methods designed to infiltrate and disable critical state infrastructure, capture confidential state or corporate information, engage in identity theft and fraud, rob banks and financial institutions and even undermine democratic processes such as elections. Terrorists have also embraced cyber space as a domain where they can recruit followers, spread propaganda, and provide advice and encouragement to those who wish to conduct terrorist operations. States are now not only creating cyber teams that can counter these terrorists but they are also developing cyber weapons which can be deployed to disrupt the operations of other countries should the need arise. This study analyses the challenge that cyber security poses to South African national security. This research contextualises the concept of cyber security within the theoretical understanding of national security. In highlighting the destructive capabilities of cyber attacks, the study provides detail on four examples, namely the 2007 attacks against Estonia, the impact of the Stuxnet worm on Iranian centrifuges in 2010, Chinese hackers targeting the USA and the hack on the Democratic National Committee. This then provides a foundation through which South Africa's cyber security position can be evaluated. The study also analyses several public cyber attacks that have targeted South Africa and presents a number of research reports which identify the country as one of the most targeted nations in the world. Although South Africa has acknowledged the role of ICT in its development, the country has failed to engage on the importance of cyber security. This study examines the country's policy progress with regards to cyber security which has ultimately lead to the Cyber Security and Cyber Crimes bill which was released for public comment in December 2015. However, the country's cyber position is weakened by its lack of cyber skills and capacity, as such the research also provides some recommendations on how South Africa can strengthen its overall approach to cyber security.
Mini Dissertation (MSS)--University of Pretoria, 2017.
Political Sciences
MSS
Unrestricted

A causa dell’allarmante aumento in quantità e velocità delle emissioni di CO2 soprattutto nel corso dell’ultimo secolo, il cambiamento climatico è stato ampiamente riconosciuto come una questione di rilevanza nazionale ed internazionale concernente quasi esclusivamente la sfera ambientale. Da più di un decennio risulta, tuttavia, evidente quanto variazioni repentine di temperatura rappresentino anche una notevole minaccia in chiave di sicurezza globale, richiedendo maggiore protezione tanto del singolo individuo quanto di un intero Stato. Difatti, attraverso l’attuazione di concrete politiche di sicurezza, Paesi in tutti i continenti stanno cercando di contrastare o quantomeno ridurre eventi meteorologici sempre più estremi, scarsità di risorse naturali e alimentari, possibili conflitti e migrazioni di popoli. Purtroppo, i Paesi poveri risultano esserne ad oggi le maggiori vittime. Proposte soprattutto da Paesi sviluppati, queste misure incrementano ulteriormente l’ineguaglianza sociale tra Paesi ricchi e non, essendo quest’ultimi privi di adeguati strumenti per la lotta al cambiamento climatico. L’Unione Europea e la NATO stanno quindi cercando di adottare diverse strategie di adattamento e mitigazione, adoperandosi non solo in loco ma anche nelle zone estere più a rischio. Invece l’Italia, dal canto suo, sta vertendo soprattutto a livello locale sulla sensibilizzazione dei propri cittadini nella salvaguardia di aree fragili, tra cui ghiacciai, il Delta del Po e Venezia.

Radio frequency identification, RFID is a technology that is used in many fields including locks. The unlimited access to the reader and the transponder has resulted in severe security weaknesses and made it possible to apply different attacks. To classify door locks as secure they must at least fulfil two main criteria: the first is the use of a challenge-response authentication protocol and the second is to deploy sophisticated and secure algorithms.

MiFare classic and KeeLoq are two widely applied technologies that are still in use in many security critical applications and are considered to be secure but which have been broken by cryptanalysis and with modest efforts and cost.

How secure a certain solution is depends on how expensive it is to buy the equipment that can break the system and reveal the secret key and how secure a lock should be depends on the value of what it is protecting.

The dropping price of powerful computers and the availability of security related information on the web will lead to an increase of the number of attacks on different systems.

By the time this thesis is published those locks evaluated are not secure enough, to overcome the security shortage some improvements have to be made such as: the use of sophisticated algorithms, the use of longer key of at least 128-bit, the use of non-deterministic random number generators and the use of pure hardware solutions both in the receiver and the transmitter to reduce leakage.

The United Kingdom's Department for International Development (DFID) has undertaken a highly innovative development strategy in Sierra Leone, reforming the security sector of the post-conflict state in order to ensure a stable environment in which investment and development can occur. Yet in doing so, DFID has not engaged with the actual locus of security provision in Sierra Leone and the effectiveness of reforms thus remains limited. This thesis seeks to understand why DFID has been unable to engage with informal security actors in its security sector reform (SSR) programme in Sierra Leone. Informal security actors are the dominant providers of policing and justice in Sierra Leone, with approximately 80 per cent of the population relying upon their services. Despite this, however, this thesis illustrates that DFID's bureaucratic and political nature produce particular understandings of security and the causes of war that focus overwhelmingly on state capacity and security provision. As a result, DFID engages with only state security providers and state failure aspects of the causes of war. Ultimately, this approach limits the ability of DFID's SSR programme to comprehensively address the causes of conflict and sustainably transform security provision in Sierra Leone. These limitations must be overcome if DFID is to remain at the forefront of SSR policy and practice.

The thesis aimed to investigate the current situation of food security and initiatives by main actors in Dhaka, Bangladesh, with urban poor in focus. A qualitative study with the actors of food security and the urban poor is the basis of this research’s result complementing with previous studies on this topic. Income of the urban poor in Bangladesh is very low compare to the food price which is one of the main reasons why urban poor are not food secure in Dhaka city. There are many organizations working on income generating approaches in urban Dhaka but the work is too small to have an impact on the current situation of food security. Lack of social safety net is another reason identified for food insecurity in urban Dhaka. The government is provided low priced rice and wheat to the urban poor yet again this only covers 1 percent of the urban slums. Due to lack of resource sustainable development is not included in in the process of ensuring food security in urban Dhaka.

Approved for public release; distribution is unlimited.
Since 2010, the United States and Brazil have made efforts to expand security cooperation between the two countries with the signing of a defense cooperation agreement, a general security of military information agreement, and the establishment of a defense cooperation dialogue. Despite these positive steps, the issue of technology transfer threatens to impede greater U.S.-Brazil security cooperation. Brazilian defense policy identifies technology transfer as a key component of its national defense, and there is a perception among many Brazilian officials that the United States is reticent to transfer defense technology to Brazil. This thesis includes an in-depth review of each country's policies and strategies related to arms and defense technology transfers, as well as case studies on cooperation (or lack thereof) between the U.S. and Brazil in two areas'nuclear and aviation'to understand what drives this belief among Brazilian policymakers. The thesis concludes that historical events in its relations with Washington make it difficult for Bras_lia to accept more recent U.S. efforts to enhance security cooperation and facilitate technology transfer on their face, while these same efforts cause U.S. policymakers to discount the importance of past indifference towards or overt efforts to block Brazil in obtaining certain technologies.

ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada
As organizations move toward cloud [1] computing environments, data security challenges will begin to take precedence over network security issues. This will potentially impact telemetry post processing in a myriad of ways. After reviewing how data security tools like Enterprise Rights Management (ERM), Enterprise Key Management (EKM), Data Loss Prevention (DLP), Database Activity Monitoring (DAM), and tokenization are impacting cloud security, their effect on telemetry post-processing will also be examined. An architecture will be described detailing how these data security tools can be utilized to make telemetry post-processing environments in the cloud more robust.

In the debate generated by the authorization and reauthorization of the Patriot act we can find a wide range of opinions and ideas concerning the balance of freedom and security, and how that might affect the society. The government (the creators of the law) advocates the necessity of the Patriot act and its structural changes to secure the freedoms of USA. While opposing views suggest that these changes affect the balance of freedom and security in such a way that it might affect the way of life and be a threat to the civil liberties of the citizens. The aim of this thesis is to investigate how the debate reflects how the Patriot act may have affected the balance between the various practices of freedoms and national security in USA.

This thesis investigates three aspects of the debate that concerns the Patriot act. The rhetoric’s used in the debate by both sides show some difference in the rationales of the debating sides. Some controversial aspects of the law undermine the safeguards that are suppose to protect the civil liberties and freedoms when their definitions are opened up for a wide arrange of interpretations. The third part of the thesis investigates the big brother mentality that is being fostered and culture of preparedness of all the nation’s dimensions and systems that is asked for in order to adapt to these systematic changes of their society that the law provides.

The investigation of the debate conclude that state apparatus takes on a role of coordinative micromanaging, which together with the culture of preparedness fosters the nation to always be on its toes. As a result of these changes the practices of freedom and the democratic values they nourish are being destabilized and undermined in the climate of fear that is being established.

Approved for public release, distribution unlimited
During the last two decades, technological advancements to the size and performance of electronics have fostered the development of increasingly sophisticated and smaller satellites. Small satellites, or smallsats as they are commonly referred to, have recorded data on terrestrial and space environments, served as important test beds and risk reducers for emerging space technologies, and provided important hands-on educational opportunities for industry and academia. The decreased cost and improved performance of smallsats have opened up a wide range of space missions at a fraction of the cost of larger satellite systems that would have been unfathomable two short decades ago. The proliferation of smallsat technology opens up a world of new scientific possibilities and unique security challenges as well for all space-faring nations through the potential use of smallsats as anti-satellite (ASAT) systems. This thesis examines the historical development of ASAT systems for the United States, the former Soviet Union, and China and discusses how they have influenced each nations space policy. Finally, this thesis will address current efforts to mitigate space weapons, review the implications of smallsat technology development on current space policy, and suggest courses of action to mitigate this emerging space security dilemma.

Online examinations are an integral component of many online learning environments and a high-stake process for students, teachers and educational institutions. They are the target of many security threats, including intrusion by hackers and collusion. Collu-sion happens when a student invites a third party to impersonate him/her in an online test, or to abet with the exam questions. This research proposed a profile-based chal-lenge question approach to create and consolidate a student's profile during the learning process, to be used for authentication in the examination process. The pro-posed method was investigated in six research studies using a usability test method and a risk-based security assessment method, in order to investigate usability attributes and security threats. The findings of the studies revealed that text-based questions are prone to usability issues such as ambiguity, syntactic variation, and spelling mistakes. The results of a usability analysis suggested that image-based questions are more usable than text-based questions (p < 0.01). The findings identified that dynamic profile questions are more efficient and effective than text-based and image-based questions (p < 0.01). Since text-based questions are associated with an individual's personal information, they are prone to being shared with impersonators. An increase in the numbers of chal-lenge questions being shared showed a significant linear trend (p < 0.01) and increased the success of an impersonation attack. An increase in the database size decreased the success of an impersonation attack with a significant linear trend (p < 0.01). The security analysis of dynamic profile questions revealed that an impersonation attack was not successful when a student shared credentials using email asynchronously. However, a similar attack was successful when a student and impersonator shared information in real time using mobile phones. The response time in this attack was significantly different when a genuine student responded to his challenge questions (p < 0.01). The security analysis revealed that the use of dynamic profile questions in a proctored exam can influence impersonation and abetting. This view was supported by online programme tutors in a focus group study.

Thesis (M.A. in International Security and Civil-Military Relations) Naval Postgraduate School, March 2001.
Thesis advisor, David S. Yost. Includes bibliographical references (p. 87). Also available online.

The enormous growth of the Internet and its use in everyday life make it an attractive target for malicious users. As the network becomes more complex and sophisticated it becomes more vulnerable to attack. There is a pressing need for the future internet to be resilient, manageable and secure. Our research is on distributed challenge detection and is part of the EU Resumenet Project (Resilience and Survivability for Future Networking: Framework, Mechanisms and Experimental Evaluation). It aims to make networks more resilient to a wide range of challenges including malicious attacks, misconfiguration, faults, and operational overloads. Resilience means the ability of the network to provide an acceptable level of service in the face of significant challenges; it is a superset of commonly used definitions for survivability, dependability, and fault tolerance. Our proposed resilience strategy could detect a challenge situation by identifying an occurrence and impact in real time, then initiating appropriate remedial action. Action is autonomously taken to continue operations as much as possible and to mitigate the damage, and allowing an acceptable level of service to be maintained. The contribution of our work is the ability to mitigate a challenge as early as possible and rapidly detect its root cause. Also our proposed multi-stage policy based challenge detection system identifies both the existing and unforeseen challenges. This has been studied and demonstrated with an unknown worm attack. Our multi stage approach reduces the computation complexity compared to the traditional single stage, where one particular managed object is responsible for all the functions. The approach we propose in this thesis has the flexibility, scalability, adaptability, reproducibility and extensibility needed to assist in the identification and remediation of many future network challenges.

One of the mayor security problems nowadays is the international terrorism and it has become a threat to the European people as well. The number of the attacks is increasing, European citizens are traveling to Middle East to join foreign terrorist groups and online propaganda is being more and more popular. The main goal that terrorists have is to get worldwide attention and harm as many people as possible. To answer the research questions of this study: What are the measures that the EU has taken to fight terrorism? And To what extend can EU’s counter-terrorism approaches be explained by hard-soft power theory? a qualitative one case study method has been used. The results of this study show that EU has taken many significant measures in the fight against terrorism, such as implementation of common strategies and regulations but also in giving mandate to Europol that is now the leader partner in the European counter-terrorism approach. There have been many improvements in the last years, but there are still gaps that need to be filled, especially in the collaboration between the Member States.  The study has also concluded that EU is mostly using Soft Power as a tool for the international politics.

This study identifies and explores the core challenge faced when integrating security and privacy requirements into the mobile banking software development life cycle. Studies on key issues in Information Systems (IS) have been on-going for several decades, with security and privacy moving up the ranks of top issues in IS. Security and privacy requirements can be added into the mobile application development processes by practising secure coding, and/or, by adding a third party security tool. This study gathered data from a single case study; it employs grounded theory methodology to reveal misalignment as the core challenge to integrating security and privacy requirements into mobile banking application development. The forms of misalignment are between security and privacy requirements and (1) external entities, (2) roles, (3) skills and (4) system requirements. The nature of the mobile application domain results in the misalignment forms identified above. Some of the findings indicate the need for further research. Research indicates that mobile application development follows agile methods for development. Agile methods have been compared with Complex Adaptive Systems (CAS). For this reason, research in IS could benefit from studies that focus on CAS as a theory to provide a better explanation on the misalignment issues in mobile application development.

Blockchains and Byzantine Fault Tolerance form the basis of decentralized currencies and ledgers, such as Bitcoin, Ripple, ZeroCash, and Ethereum. Several studies have focused on the currency aspects (e.g. authenticity, integrity, anonymity, and independence from central banks). In this thesis, we start by exploring to understand the security challenges and practical solutions for building simple payment networks. Then, we leverage such understanding in identifying the security challenges of more advanced and complex systems, in particular Futures Exchanges. The decentralization of a Futures Exchange poses new security challenges: i) the interplay between the security and economic viability, i.e. using the Price Discrimination Attack one can strategically force a trader out of the market when the trader's anonymity is broken; ii) the non-monotonic security behavior of an Exchange, i.e. an honest action may invalidate security evidence; and iii) the proportional burden requirement in the presence of high-frequency participants. Our goal is to enucleate the non-trivial design principles to resolve these challenges for building secure and distributed financial exchanges. We demonstrate the application of the distilled design principles by building a cryptographic reference for a futures exchange called FuturesMEX. We also simulate the performance of a FuturesMEX Proof-of-Concept with the Lean Hog market data obtained from the Thomson Reuters Ticks History DB. The results show that the obtained protocol is feasible for a low-frequency market such as Lean Hog. Furthermore, we investigate an extension of public markets, i.e. dark pools (private markets), in which the order book information is conditionally visible to some (financially) suitable parties. We propose a new cryptographic scheme called Witness Key Agreement that makes dark trading possible by probing prices and volumes based on committed financial information Finally, we evaluate the theoretical and practical performance of the new scheme; using a simulation of the dark pool data collected from the aggressive Bloomberg Tradebook, we obtain positive results.

The world faces the grand challenge of supplying enough food to achieve food security for its rapidly growing population, predicted to reach 9 billion by 2050. Animal meat is an important part of the human diet, despite the global livestock population containing almost 24 billion animals, it is estimated that total food production will need to increase by 70 % to supply the 2050 population. Fish is a highly nutritious food item associated with several health benefits. Global consumption of fish, which is increasing, now constitutes 17 % of animal protein intake. Fish supplied through capture is limited by wild stocks; in 2015 aquaculture was responsible for 53.1 % of fish and seafood produced globally. The aquaculture industry is reliant on fishmeal and fish oil as ingredients for aquafeeds, materials produced from wild stocks or industry waste trimmings; these are finite and costly ingredients. There is great desire to identify cheaper more sustainable ingredients. In order for alternative ingredients to be viable for fish feed inclusion they must be palatable and of sufficient nutritional quality. The aim of this study was to identify alternative ingredients and assess them, through palatability and performance, for aquafeed inclusion. Several alternative ingredients were identified, Natto (fermented full fat soybean), fermented Rapeseed meal, fermented potato protein concentrate (PPC) (all subjected to heating and fermentation to improve nutritional quality), NH Algae (New Horizons Global Ltd Schizochytrium microalgae NHG-002) , Mealworm meal (Tenebrio molitor), Silkworm meal (Bombyx mori), and Earthworm meal (Eisenia fetida). These were tested for palatability using a modified method of behavioural observation based on the work of Alexander Kasumyan, and by analyses of the satiety hormone Cholecystokinin (CCK), released in response to feed. They were then tested in nutritionally balanced feeds for growth and performance in zebrafish (Danio rerio) an as initial model species, then in commercially relevant and available species, while partially or completely removing fishmeal and fish oil. Palatability testing via behavioural observation was applied to three species; alternative ingredients were accepted, with only Natto and PPC showing reduced taste response compared with other materials. CCK analyses proved possible, although further development is required in order to identify any significant differences between the responses measured. Growth and performance trials showed that the NH Algae, Natto and Rapeseed meal materials can be included in species specific diets to partially reduce fish meal. The invertebrate meals when used together successfully removed fishmeal completely in diets of three species tested, achieving equal growth and equal or improved performance. Fish oil was only partially reduced with the inclusion of NH Algae, and by Natto in trout diets, the insect diets provided high amounts of linoleic and a-linolenic acid but failed to supply EPA or DHA. This project introduces novel approaches to assess palatability and shows that invertebrate meals have the greatest potential for complete removal of fishmeal, however, fish oil is still required until a suitable source of EPA and DHA can be identified.

Driven by global population growth and anticipated increases in demand for food as well as a number of other goods and services, the issue of food security has recently (re-)emerged in both policy and academic contexts. Using a modified political economy perspective, this study recognises the role of the family farm as policy operatives in this context and considers the potential influence of intergenerational farm transfer on the delivery of food security objectives. It also explores how the food security agenda, described by some as the renaissance in agriculture, is influencing the farming community and in particular, the appeal of succeeding to the family farm. Broadly, it seeks to add to, and develop the body of knowledge relating to family farm succession, and explores the linkages between succession and the food security agenda. The study used 1941-1943 National Farm Survey data and maps as a tool to facilitate semi-structured interviews with farmers, and where applicable their potential successors, in Hatherleigh and surrounding parishes, Devon, UK. The study also highlights the absence of the potential successor from family farm research and subsequently resolves definitional issues surrounding the term by presenting a conceptual framework, including a definition of the potential successor. The findings indicate that family farming continues to be largely hereditary, and demonstrates how the occupancy of Hatherleigh and surrounding parishes has been shaped by traditions and expectations that socialised incumbent farmers into succeeding. Despite contemporary concern about the desirability of intergenerational farm transfer, participating farmers understood passing on the farm to a next generation as desirable. Many of whom framed their optimism in the context of the food security agenda and the anticipated opportunities for the industry. Drawing on in-depth interviews, this thesis questions the notion of the so called ‘succession crisis’, and identifies a number of positive adaptations and outcomes associated with successor identification which it discusses in the context of delivery of food security objectives. Two broad types of transfer of managerial control were identified and a typology is offered that suggests types of transfer are the product of potential successors’ ages and the subsequent nature of their upbringing. The thesis critically considers the types’ respective merits in the context of food security objectives and an original conceptualisation is offered as a contemporary way of understanding the types of transfer of managerial control in Hatherleigh and surrounding parishes. As well as influencing the transfer of managerial control, the study attributes significant differences in potential successors’ motivations according to the fundamental societal shift from a ‘society of duty’ to a ‘market place of opportunity’. Critically, the thesis revealed how, unlike their older counterparts, younger potential successors were motivated by the renaissance in agriculture, particularly elements such as the renewed public interest in, and respect for, farming as well as, opportunities farming for food security may offer. Overall, the thesis highlights the importance of considering the family farm and the influence of succession on the industry’s response to food security policy measures. It proposes that, at an aggregate level, ‘effective succession’, measured in terms of the identification of a successor and the timely and appropriate transfer of managerial control, are likely to be key factors in the delivery of food security objectives. It also recognises how succession and successor ‘creation’ are changing as society increasingly prioritises the individual and that the changing image of farming associated with the renaissance in agriculture is influencing younger potential successors. From these conclusions, suggestions are made for areas of further work, particularly with regard to understanding the implications of the different types of transfer of managerial control on long-term farm business performance, and some practical options for continuing to attract potential successors into the industry and facilitating effective intergenerational transfer are offered.

Physically Unclonable Functions (PUFs) are now widely being used to uniquely identify Integrated Circuits (ICs). In this work, we propose a novel Set-Reset (SR) Flip-flop based PUF design. For a NAND gate based SR flip-flop, the input condition S (Set) = 1 and R (Reset) = 1 must be avoided as it is an inconsistent condition. When S=R=1 is applied followed by S=R=0, then the outputs Q and Q' undergo race condition and depending on the delays of the NAND gates in the feedback path, the output Q can settle at either 0 or 1. Because of process variations in an IC, the NAND delays are statistical in nature. Thus, for a given SR FF based $n$-bit register implemented in an IC, when we apply S=R=1 to all flip-flops followed by S=R=0, then we obtain an $n$ bit string that can be interpreted as a signature of the chip. Due to process variations, the signature is highly likely to be unique for an IC. We validated the proposed idea by SPICE-level simulations for 90nm, 45nm, and 32nm designs for both intra- and inter-chip variations to establish the robustness of the proposed PUF. Experimental results for 16-, 32-, 64-, and 128-bit registers based on Monte-Carlo simulations demonstrate that the proposed PUF is robust. The main advantage of the proposed PUF is that there is very little area overhead as we can reuse existing registers in the design.

Down through the twentieth century, Sweden has woven a complicated security policy pattern. Shifts in that weave, and in contrasting motifs of solidarity and isolation, have been determined by external events and by the restrictions or release that these have effected. In the wake of the Year of Revolution (1989), and with the collapse of bloc politics which was its aftermath, a new motif in the Swedish policy pattern began to emerge. The traditional policy of neutrality was effectively relegated to a reserve position in diplomacy, and in its stead a renewed commitment to Europe was declared. To what extent had this dramatic new profile been influenced by the events of 1989? Focusing on the disintegration of the post-1945 security system and on the growing intrusion on Sweden of the process of European integration, this study examines how the Social Democrats, under the leadership of Ingvar Carlsson, finally and openly acquiesced in their country's clear dependence on the European Community, and how the non-Socialist coalition, led by Carl Bildt, set aside the long cherished policy of neutrality in favour of a more European identity for Sweden. With an economic as well as a strategic dimension to the challenges facing Sweden, the Year of Revolution alone had not been enough to bring about Sweden's own policy revolution. Neither could it be said that the `Swedish Revolution' had been the sole work of the non-Socialist coalition, since the groundwork had been laid by the Social Democrats. Notwithstanding the new profile, a continued commitment to the `hard core' of traditional policy was to be preserved. Sweden would maintain freedom from military alliances, a strong defence force, and an independent defence strategy. If Sweden were to become a member of the EC, or European Union (EU), could this policy core be sustained? Did the new Swedish identity not seem rather similar to the old one?

The importance the international community gives to energy security nowadays, and the relevance it has acquired during the last decades, due to the lessening of national energy sources, represents a crucial issue for the development of a concrete and unified EU energy policy. The concern with which scientists, politicians, scholars etc. look towards current geopolitical evolutions, suggest a careful re-examination of this concept. Through an in-depth analysis of multiple studies and works, with the aim of rethought this crucial and central concept in the context of south-east Europe, this thesis tries to individuate how energy-dependence linkages between EU and non-EU actors can be such a problematic issue for the European natural gas market. Taking into account the significant growing of energy demand for most of the state in the EU, specific attention will be given to the incomplete process of acquiring fossil fuel resources for south-eastern European countries. Besides, it proposes individuating further options for the European energy gas supply, in order to avoid gas-rich states hegemony and developing a self-sufficiency gas market. The last phase is focused on the Italian situation, in which it will be tried to research potential energy capabilities for the nation, according to economic and political issues related to the international relations arena.

Thesis (M.Dev.) --University of Limpopo, 2011
Food security in most drought-stricken areas of Limpopo Province is a challenge to the Department of Agriculture and to all the people living in the province, especially to the resource poor smallholder farmers. Finding remedial solutions to agricultural production in stress prone conditions is therefore a high priority. The introduction of Challenge Programme Water for Food (CPWF) technologies/techniques to smallholder dry land farming in Greater Giyani Municipality was seen as one of the solutions. However, there are constraints raised by CPWF technology adopters such as shortage of labour, lack of ploughing equipment, lack of credit, shortage of land and marketing. CPWF technologies are suitable for smallholder dry land farming, especially rainwater harvesting technologies. Smallholder farmers need to be remobilised and trained on the potential benefits of CPWF technologies to enhance their adoption and spread to other areas.

This study is to demonstrate the response of the international community against Boko Haram insurgency as well as the reaction of the Nigerian government and the regional countries of the Lake Chad Basin (Chad, Benin, Niger, Cameroon) in tackling the violence. Boko Haram has caused severe humanitarian crisis in the region as more than two million people have been displaced. The international community primarily focuses on creating basic secure conditions for refugees to return to their homes in safety and dignity as well as providing technical and military assistance to the Nigerian government in the fight against Boko Haram. The study begins with the Boko Haram`s ideology: Salafism and then next chapter focuses on the phases of the evolution of Boko Haram historically. Their activities were initially localized within Nigeria at the beginning of 2000s. However, the sect started to draw big international attention since 2010. Next chapter, after providing all necessary data, indicates that the responses of the Nigerian government and the regional countries to the Boko Haram violence and the humanitarian, technical and military assistance provided by the international community to the Lake Chad Basin countries are not sufficient enough to tackle the Boko Haram insurgency. This dissertation is based on compilation, organization and interpretation of the related data. The dataset mostly comprises of books, articles, reports, online data sources, news outlets and press statements of governments and international organizations. Biggest challenge encountered during the data collection process is that there is no enough published material on Boko Haram and the fight against it. Hence the online sources were meticulously surveyed. In addition to this, as Boko Haram continues to occupy the headlines of the Nigerian press and new developments on this subject unfold on daily basis, it requires to thoroughly follow the news outlets.

Urbanisation often involves the conversion of various land use and land cover (LULC) classes including agricultural land to urban uses and leads to loss of soil diversity. Unfortunately, there is limited literature on soils lost in Sub-Saharan African (SSA) cities due to lack of detailed soil information yet this region is the fastest growing globally. This study attempts to bridge this gap by using remote sensing data and digital soil mapping (DSM) techniques to assess the rate of agricultural land conversion, determine the appropriate pre-urban soil prediction model and estimate the extent of loss of soils diversity and urban and peri-urban agriculture (UPA) using urban centres in Uganda as case studies. Multi-temporal LULC classification of Landsat ETM+ and TM images showed that built-up area in Kampala expanded 8 times between 1989 and 2015 and 5 times in Mbarara between 2002 and 2016 as a result of the conversion of savannah, wetlands and systematic targeting of agricultural land. DSM techniques involving legacy soil data and soil observations were used to predict the pre-urban soil patterns by modelling the relationships between observed soil classes and environmental covariates using random forests (RF), Multinomial Logistic Regression (MLR) and Boosted Regression Trees (BT) algorithms. The overall prediction accuracy was over 70% producing soil maps at 30m resolution. The soil diversity loss was determined by overlaying RF soil map with the multi-temporal LULC maps. The results show that 74% of the soils lost were in high and medium quality class for agricultural production. Moreover, the average size of farms under UPA decreased from about 1.9 acres in 2002 to about 0.5 acres in 2015. This study has revealed that DSM techniques and remote sensing can be useful in quantifying the loss of soil diversity to urbanisation and provides quantitative evidence that rapid urbanisation could lead to loss of good soils and increase food insecurity in SSA cities.

This thesis addresses the problems associated with security of the electricity supply in the UK. The British electricity supply industry has experienced a significant structural change. Competition has been brought into the electricity industry and a single wholesale electricity market of Great Britain has been established. The evolution of the British electricity market raises new challenges, such as improving the liquidity of wholesale markets and developing clean energy. The wholesale electricity prices are less transparent and trading arrangements are very complex in the British electricity market. In this thesis a fundamental model, called a stack model, has been developed in order to forecast wholesale electricity prices. The objective of the stack model is to identify the marginal cost of power output based on the fuel prices, carbon prices, and availability of power plants. The stack model provides a reasonable marginal cost curve for the industry which can be used as an indicator for the wholesale electricity price. In addition, the government's targets for climate change and renewable energy bring new opportunities for wind energy. Under the large wind energy penetration scenario the security of the energy supply will be essential. We have modelled the correlations between wind speed data for a set of wind farms. The correlation can be used to measure the portfolio risk of the wind farms. Electricity companies should build their portfolio of wind farms with low or negative correlations in order to hedge the risk from the intermittency of wind. We found that the VAR(1) model is superior to other statistic models for modelling correlations between wind speeds of a wind farm portfolio.

Much of the first generation literature on counter terrorist financing made sweeping generalisations and observations regarding these interventions based on relatively limited case study data. Given that the UK approach to counter terrorism clearly attests to the symbiosis between terrorism and money, this thesis evaluates the contemporary relevance of Cicero's aphorism that “the sinews of war are infinite money.” Drawing on a series of discussions and formal interviews with CTF practitioners into several of the most recent high profile terror attacks in the United Kingdom, it confirms a notable shift in terrorist financing methodology in recent years and underscores the trend towards increasing operational independence and financial autonomy. It thus considers the continuing centrality of money in the terrorism equation and has been framed specifically to examine the financing challenges posed by domestic terror cells in the UK, given the trend towards low cost terrorism with its emphasis on self sufficiency and the emergence of more discreet and ‘criminally sterile' funding methodologies. This thesis is primarily concerned with reviewing the efficacy of the UK counter terrorism-financing (CTF) model as perceived by practitioners, both in policy terms and in the context of operational outcomes. The increasing emphasis on new funding methodologies and the ensuing lack of visibility and opportunities for interdiction at the conspiracy phase of terrorist plots, further highlights the operational challenges posed for practitioners in confronting these ‘new' threats. As such, this research encourages several new perspectives, including a review of UK corporate knowledge on previous CTF interventions and consideration of military ‘threat finance' practice to deliver greater operational impact. In particular, it advocates a new focus on micro CTF interventions to address changes in the ‘economy of terror'. Finally, this thesis strongly attests to the continued relevance of finance or more specifically, the 'financial footprint' to inform and provide intelligence insight for counter terrorism responses generally. In doing so, it also considers the impact on privacy from increasingly intrusive financial and digital data collection and the trade-offs that inevitably emerge when liberty and security collide.

Individuals who are disadvantaged by low-income and/ or minority status face a number of barriers to experiencing optimal health and eating well. Twenty Aboriginal and 29 non-Aboriginal participants (N = 49) from Ottawa, Canada took part in a cross-sectional, mixed methods study and completed one questionnaire and single in-depth interview that verified: 1) food security status and household eating habits, 2) fruit and vegetable purchase and consumption, and 3) knowledge about or participation in the Good Food Box [GFB] Program. Ottawa GFB staff (n = 5), site coordinators (n = 6) and steering committee members (n = 3) took part in separate discussion groups to identify challenges and strengths related to program coordination, management and delivery. Within an ecological framework, qualitative data is discussed using a social phenomenological and thematic approach. Using χ2 analyses, results suggest a medium effect size and association between food security status and Aboriginal identity (χ2(1) = 8.04, p < 0.01; φ = 0.4) and satisfaction with how stores meet household food needs and gender (χ2(1) = 5.86, p < 0.05; φ = 0.36). A relationship between participation in the GFB Program and food security status (χ2(1) = 11.13, p < 0.01; φ = 0.48) is also shown where estimates suggest that GFB customers are 9.9 times more likely to be food secure compared to non-affiliates. ANOVA results and post-hoc tests demonstrate a significant mean difference in frequency of fruit consumption between GFB customers and non-program users (F(2, 46) = 11.29, p = 0.00) where 29.6% of the variance (ω2 = 0.296) is explained by program participation. Results-based and community-driven recommendations to improve access to healthy food, food security and the GFB Program are discussed as shared responsibilities between different levels of government across sectors and the community since these are public and social health issues, determinants of health and economic concerns. Implications of findings are also discussed.

Мельник С. І. Методологічні засади управління фінансовою безпекою підприємств: дисертація на здобуття наукового ступеня доктора економічних наук за спеціальністю 21.04.02 – економічна безпека суб’єктів господарської діяльності / Мельник Степан Іванович. – Львів: Львівський державний університет внутрішніх справ МВС України, 2020. - 490 с.
У першому розділі «Теоретичні засади управління фінансовою безпекою підприємств» за результатами аналізу понять «безпека», «економічна безпека підприємства», «фінансова діяльність» та «фінансова безпека підприємства» сформовано теоретичний базис управління фінансовою безпекою українських підприємств. Побудовано контекстноцільову матрицю визначення сутності поняття «фінансова безпека підприємства», в основі якої покладено дві базові площини, що визначають позицію науковців стосовно «ядра» поняття та «основного призначення» фінансової безпеки в процесах, які мають місце в умовах кожного суб’єкта господарювання. Під фінансовою безпекою підприємства запропоновано розуміти стан фінансової системи, за якого зберігається фінансова рівновага та здійснюється протидія загрозам, внаслідок чого забезпечується її стійкість, стабільність та надійність, що сприяє досягненню визначених цілей та стратегії розвитку. Уточнено понятійно-категоріальний апарат управління фінансовою безпекою підприємств, зокрема зміст таких термінів як «виклик», «ризик», «загроза» та «небезпека». Під дестабілізуючими факторами запропоновано розуміти явища або обставини, які можуть, залежно від сили дії, негативно вплинути на його фінансово-господарську діяльність, що призведе до зниження фінансової безпеки. Розроблено модель понятійно-категоріального апарату фінансової безпеки підприємства, яка демонструє логічні зв’язки між термінами, розриває розуміння їх ролі та характеризує як системний та цілісний підхід до управління фінансовою безпекою підприємства. Сформовано науковий підхід до побудови і функціонування механізму забезпечення фінансової безпеки підприємства, який, на відміну від наявних, вирізняється сукупністю системних елементів та логічною структурою їх взаємозв’язків, що дозволяє на теоретичному та практичному рівнях розуміти умови, можливості та порядок формування і функціонування зазначеного механізму, що у підсумку сприяє ефективності управління фінансовою безпекою підприємства. У другому розділі «Теоретико-методологічні засади управління фінансовою безпекою підприємств» встановлено взаємозв’язок між управлінням економічною безпекою підприємства, управлінням фінансовою діяльністю підприємства та управлінням фінансовою безпекою підприємства. Розроблено мультифакторіальну модель управління фінансовою безпекою підприємства, яка відрізняється від існуючих запропонованою структурою, що охоплює взаємопов’язані рівні управління: підприємством, економічною безпекою, фінансовою безпекою, протидією загрозам, із деталізацією основних етапів процесу управління на кожному з них, що формує цілісну наскрізну орієнтацію на своєчасну реалізацію захисних заходів із раціональним використанням наявних ресурсів. Визначено основні домінанти для управління фінансовою безпекою підприємства як об’єкта управління (фінансову стійкість, стабільність, рівновага, надійність) та уточнено їх зміст. Удосконалено концептуальний підхід до формування та розвитку системи управління фінансовою безпекою підприємства, який, на відміну від відомих, визначає послідовність внесення змін у процес функціонування підприємства для створення умов безпековій діяльності, регламентує порядок розроблення та реалізації захисних заходів, зважаючи на встановлені стратегічні цілі й тактичні орієнтири та результати оцінювання управління фінансовою безпекою, створює сприятливі умови для застосування адаптивного чи антисипативного видів управління та інтелектуалізації, що забезпечує цілеспрямованість процесу управління попри зростаючу динаміку дестабілізуючих факторів у середовищі функціонування підприємства. У третьому розділі «Методологічне забезпечення оцінювання управління фінансовою безпекою підприємств» проведено аналіз тенденцій розвитку промисловості та підприємств окремих видів економічної діяльності, результати якого дозволили обґрунтувати важливість удосконалення управління фінансовою безпекою підприємств. Розроблено методичні засади формування організаційного забезпечення управління фінансовою безпекою підприємства, які, на відміну від відомих, передбачають поступові зміни в організаційній структурі підприємства шляхом визначення координуючого й профільних підрозділів у сфері фінансової безпеки із відповідним коригуванням порядку надходження й використання інформаційних, матеріальнофінансових і кадрових ресурсів, що створює організаційні можливості для підтримання безпечних умов розвитку, з урахуванням інтересів та наявних ресурсів. Сформовано теоретичний підхід до діагностування управління фінансовою безпекою підприємства, який, порівняно з іншими, передбачає внесення змін у наявні системи інформаційно-аналітичного та обліковоаналітичного забезпечення для отримання, перевірки та опрацювання структурованої та неструктурованої інформації стосовно основних етапів процесу управління, що сприяє більш повному задоволенню інформаційних потреб суб’єктів безпеки. Розроблено методичний підхід до оцінювання управління фінансовою безпекою підприємства, що передбачає визначення сукупності якісних і кількісних індикаторів, розрахунок групових та інтегральних показників для характеристики рівня фінансової безпеки, результативності дій суб’єктів безпеки та ефективності використання організаційної структури й ресурсного забезпечення, що створює основу для внесення змін у систему управління фінансовою безпекою підприємства. Проведені розрахунки дозволили виявити: «низький» рівень фінансової безпеки більшості підприємств, які були обрані для апробації методичного підходу до оцінювання управління фінансовою безпекою підприємства; низьку обґрунтованість управлінських рішень та узгодженість дій суб’єктів безпеки; відсутність ініціативи щодо застосування превентивних захисних заходів; недостатню узгодженістю дій між структурними підрозділами; низьку вмотивованість працівників профільних підрозділів до виконання завдань у сфері фінансової безпеки підприємства; недостатню увагу до удосконалення процесу управління фінансовою безпекою підприємств. У четвертому розділі «Управління фінансовою безпекою підприємств в умовах посилення нестабільного середовища функціонування» обґрунтовано, що через суттєве підвищення складності, збільшення кількості та зміни процесу реалізації загроз зростає важливість своєчасної реакції суб’єктів безпеки. Розроблено теоретичні положення діагностування готовності системи управління фінансовою безпекою підприємств до змін внаслідок впливу зовнішніх та внутрішніх чинників, які, на відміну від відомих, охоплюють чотири основні блоки параметрів оцінювання (основні домінанти фінансової безпеки підприємства, основні функціональні складові фінансової безпеки; інформаційна готовність; кадрова готовність) та характеризують зазначену систему управління як реактивну або інертну щодо здатності адекватно реагувати на зміни, що дозволяє отримувати відповідну інформацію для прийняття рішень щодо забезпечення фінансової безпеки підприємства. Здійснено систематизацію внутрішніх та зовнішніх чинників, які впливають на управління фінансовою безпекою промислових підприємств, що, на відміну від відомих, передбачає застосування методу багатокритеріального вибору альтернатив на основі нечіткого відношення переваг, що дало змогу побудувати модель та обґрунтувати пріоритетні напрями удосконалення управління фінансовою безпекою підприємств. Обґрунтовано, що адаптивне управління фінансовою безпекою підприємства – це процес реалізації узгоджених заходів, в умовах обмеженого інформаційного забезпечення та швидкої і складно передбачуваної зміни умов функціонування, які передбачають внесення змін в організаційну структуру, стиль і методи управління фінансовою безпекою для покращення результативності дій суб’єктів безпеки та ефективності реалізації захисних заходів. Сформовано науковопрактичний підхід до застосування адаптивного управління, який містить сукупність адаптаційних процедур і дає змогу керуючій підсистемі управління фінансовою безпекою підприємства обирати з них відповідний варіант із урахуванням змін у зовнішньому середовищі, динаміки внутрішніх процесів та результатів оцінювання процесу управління фінансовою безпекою підприємства. У п’ятому розділі «Напрями удосконалення інструментарію управління фінансовою безпекою підприємств» розроблено технологію антисипативного управління фінансовою безпекою підприємства, яка передбачає послідовне виконання етапів (підготовки, моніторингу, розроблення превентивних захисних заходів та їх застосування), що дозволяє з урахуванням специфіки фінансово-господарської діяльності промислового підприємства та процесу управління фінансовою безпекою ухвалювати управлінські рішення, спрямовані на попередження загроз. Обґрунтовано, що вибір певного альтернативного варіанту превентивних захисних заходів повинен здійснюватися залежно від можливих втрат, які будуть спричинені підприємству внаслідок виникнення або ж посилення ключових загроз для фінансової безпеки. Доведено, що обмеженість ресурсного забезпечення та висока динамічність середовища функціонування вимагає реагування лише на ті сигнали, які можуть спричинити суттєвий вплив на фінансову безпеку підприємства, що потребує більш активного застосування економіко-математичних та експертних методів. Визначено теоретико-методичні засади вибору захисних заходів у процесі управління фінансовою безпекою підприємства, які, порівняно із відомими, передбачають види захисних заходів (антисипативні, адаптаційні, антикризові), їх характеристику, умови і порядок вибору, що забезпечує стабілізацію ситуації, відновлення нормальної діяльності підприємства та ліквідацію наслідків, з огляду на організаційне й ресурсне забезпечення. Доведено, що інтелектуалізація повинна передбачати генерування нових знань та набуття вмінь щодо можливої зміни рівня фінансової безпеки та варіантів дій з метою підтримання стабільності й стійкості функціонування, повернення до стану рівноваги й надійності у реалізації захисних заходів, а також розширення можливостей для їх застосування суб’єктами безпеки через удосконалення організаційного забезпечення, підтримки ініціативності працівників профільних підрозділів, децентралізації у вирішенні окремих завдань. Розроблено теоретико-методологічні засади інтелектуалізації управління фінансовою безпекою підприємства, що передбачають зростання особистісних інтелектуальних характеристик, проведення організаційних змін, збільшення інтелектуального потенціалу й інтелектуального капіталу, що сприятиме розвитку інтелектуалізації керуючої і керованої підсистем у межах системи управління фінансовою безпекою підприємства. In the first chapter, «Theoretical Foundations of Management the Financial Security of the Enterprise», based on an analysis of the concepts of «security», «economic security of the enterprise», «financial activity» and «financial security of the enterprise», the theoretical basis for managing of financial security of Ukrainian enterprises is formed. A context-targeted matrix has been built to determine the essence of the concept of «financial security of the enterprise», which is based on two basic planes, determine the position of scientists regarding the «core» of the concept and the «main purpose» of financial security in the processes that take place in the conditions of each business entity. It is proposed to understand the financial security of the enterprise as the state of the financial system in which financial equilibrium is maintained and threats are counteracted, as a result of which its stability, consistency and reliability are ensured, which contributes to the achievement of certain development goals and development strategies. Clarification of the conceptual and categorical apparatus for managing the financial security of enterprises, in particular the content of such terms as «challenge», «risk», «threat» and «danger». As destabilizing factors, it is proposed to understand the phenomena or circumstances that, depending on the strength of the action, can negatively affect its financial and economic activities, which will lead to a decrease in financial security. A model of the conceptual and categorical apparatus of financial security of the enterprise has been developed, which demonstrates the logical connections between the terms, breaks the understanding of their role and characterizes it as a systematic and holistic approach to managing the financial security of the enterprise. A scientific approach has been formed to the construction and functioning of the mechanism for ensuring the financial security of the enterprise, which, unlike the existing ones, is distinguished by a combination of system elements and the logical structure of their interconnections, which makes it possible to understand at the theoretical and practical levels the conditions, possibilities and order of formation and functioning of this mechanism, which, as a result, contributes to the effectiveness of managing the financial security of the enterprise. In the second chapter «Theoretical and methodological foundations of managing the financial security of enterprises» the relationship between the management of economic security of the enterprise, financial management of the enterprise and financial security management of the enterprise is established. A multifactorial model for managing the financial security of the enterprise has been developed, which differs from the existing proposed structure, covering the interrelated levels of management: the enterprise, economic security, financial security, countering threats, detailing the main stages of the management process at each of them, forms a holistic end-to-end orientation for the timely implementation of protective measures for the rational use of available resources. The main dominants for managing the financial security of the enterprise as an object of management (financial stability, consistency, balance, reliability) are identified and their content is specified. The conceptual approach to the formation and development of the enterprise financial security management system has been improved, which, unlike the wellknown ones, determines the sequence of changes to the operation of the enterprise to create conditions for the security sector, regulates the development and implementation of protective measures, despite established strategic goals and tactical guidelines and results of the assessment of financial security management, creates favorable conditions for the use of adaptive or antisipative types of management and intellectualization, which ensures a focused management process despite the growing dynamics of destabilizing factors in the environment of the enterprise. The third chapter, «Methodological support for assessing the management of financial security of the enterprises», analyzes the development trends of industry and enterprises of certain types of economic activity, the results of which made it possible to substantiate the importance of improving the management of financial security of enterprises. The methodological foundations for the formation of organizational support for managing the financial security of the enterprise have been developed, which, in contrast to the well-known ones, provide for gradual changes in the organizational structure of the enterprise by determining the coordinating and specialized units in the field of financial security with appropriate adjustment of the order of receipt and use of information, material, financial and human resources, which creates organizational opportunities to maintain a safe development environment, taking into account the available resources. A theoretical approach to diagnosing the financial security management of the enterprise, in comparison with others, has been formulated, provides for changes to existing systems of information-analytical and accounting-analytical support for obtaining, checking and processing structured and unstructured information regarding the main stages of the management process, contributes to a more complete satisfaction of information security needs. A methodological approach to assessing the financial security management of the enterprise has been developed, which provides for the determination of a set of qualitative and quantitative indicators, the calculation of group and integral indicators to characterize the level of financial security, the effectiveness of the actions of security entities and the efficient use of the organizational structure and resource support, creating the basis for making changes to the management system financial security of the enterprise. The calculations made it possible to identify the «low» level of financial security of most enterprises that were chosen to test a methodological approach to assessing the financial security management of the enterprise; low validity of management decisions and coordination of actions of security entities; lack of initiative on the application of preventive and protective measures; lack of coordination between structural units; low motivation of employees of specialized units to perform tasks in the field of financial security of the enterprise; insufficient attention to improving the process of managing the financial security of enterprises. In the fourth section, «Managing the financial security of enterprises in the increasingly unstable operating environment», it is substantiated that due to a significant increase in complexity, an increase in the number and change in the process of implementing threats, the importance of a timely response of security entities is growing. Theoretical provisions have been developed for diagnosing the readiness of the financial security management system of enterprises for changes due to external and internal factors, which, unlike the known ones, cover the four main blocks of assessment parameters (the main dominants of the financial security of the enterprise, the main functional components of financial security; information preparedness; staff readiness) and characterizes the specified management system as reactive or inert ability to adequately respond to changes, allows to obtain relevant information for making decisions on ensuring the financial security of the enterprise. Systematization of internal and external factors affecting the financial security management of industrial enterprises was carried out, which, unlike the known ones, provides for the application of the multi-criteria selection method of alternatives based on a fuzzy preference relationship, which allowed to build a model and justify the priority areas for improving the financial security of the enterprises. It is proved that adaptive management of the enterprise’s financial security is a process of implementing agreed measures, under conditions of limited information support and quick and difficult to predict changes in operating conditions, which include changes to the organizational structure, style and methods of financial security management to improve the effectiveness of actions of security entities and efficiency implementation of protective measures. A scientific and practical approach to the use of adaptive management has been formed, which contains a set of adaptive procedures and allows the management subsystem of the financial security management of the enterprise to choose the appropriate option from them taking into account changes in the external environment, the dynamics of internal processes and the results of the assessment of the financial security management process of the enterprise. In the fifth section «Directions for improving the tools for managing the financial security of enterprises», a technology for antisipative management of the financial security of the enterprise is developed, which provides for the sequential implementation of the stages (preparation, monitoring, development of preventive and protective measures and their application), which allows taking into account the specifics of the business-related activities of the industrial enterprise and the financial security management process make management decisions aimed at preventing threats. It is substantiated that the choice of a certain alternative variant of preventive and protective measures should be carried out depending on the possible losses that will be caused to the enterprise due to the occurrence or strengthening of key threats to financial security. It is proved that the limited resource support and the high dynamism of the functioning environment requires responding only to those signals that can entail a significant impact on the financial security of the enterprise, which requires more active application of economic, mathematical and expert methods. The theoretical and methodological foundations of the choice of protective measures in the process of managing the financial security of the enterprise are defined, in comparison with the known ones, they provide for the types of protective measures (antisipative, adaptive, anti-crisis), their characteristics, conditions and order of choice, stabilize the situation, restore normal operation of the enterprise and eliminate consequences, given organizational and resource support. It is proved that intellectualization should include the generation of new knowledge and the acquisition of skills regarding a possible change in the level of financial security and options for actions in order to maintain stability and sustainability, return to a state of equilibrium and reliability in the implementation of protective measures, as well as expanding the possibilities for their application by security entities through improvement of organizational support, initiative support for employees of specialized units, decentralization in solving individual problems. Theoretical and methodological foundations of the intellectualization of financial security management of the enterprise have been developed, providing for the growth of personal intellectual characteristics, organizational changes, an increase in intellectual potential and intellectual capital, which will contribute to the development of intellectualization of the managing and managed subsystems within the framework of the enterprise financial security management system.

En partant de l’hypothèse selon laquelle les objectifs et intérêts des acteurs d’un domaine spécifique influencent un dispositif structuré, cette étude recherche comment les macro et micro acteurs jouent sur le rôle et succès des Nations Unies qui constitue une organisation fortement organisé ; ces acteurs vont des personnels onusiens sur le terrain jusqu’aux Etats ou groupes d’Etats. La recherche se concentre sur les fonctions politiques de restructuration du secteur de la sécurité dans les milieux de post-conflit.L’étude descriptive et théorique des concepts communs aux acteurs des Opérations de Paix des Nations Unies cherche à vérifier le postulat qu’il est vécu une métamorphose en ce qui concerne les nouvelles interventions dans le domaine. Par une tentative d’interprétation globale, le travail évalue comment la composante de Police Civile, devenue une partie intégrante des Missions de Paix des Nations Unies, reflète cette prétendue évolution du système onusien. Pour cela, il a fallut se pencher sur la genèse, le rôle, l’organisation et le fonctionnement de la Police Civile de l’ONU. Le travail examine également si cet apparent changement du système onusien est à l'origine de réorientations des politiques policières au sein de l’Organisation. Le volet empirique de cette étude démontre historiquement et comparativement que les relations de pouvoirs entre acteurs de tous niveaux orientent et affectent la mise en application des réformes des polices locales
On the basis of the hypothesis according to which the objectives and interests of the actors of a specific field influence a structured system, this study seeks how the macro and micro actors affect the role and success of the United Nations which constitutes a strongly organized organization; these actors go from the United Nations personnel on the ground until the States or groups of States. The research concentrates on the political function of reorganization of the security sector in the post-conflict areas. The descriptive and theoretical study of the concepts which are common to the actors of the Peace Operations of the United Nations seeks to check the postulate that it is lived a metamorphosis regarding the new interventions in this field. By an attempt of total interpretation, the work evaluates how the how the Civilian Police component -which has become an integral part of Peace Operations-, reflects this alleged evolution of the overall system. For that, it was necessary to consider the genesis, role, organization and operation of the Civilian Police force of UN. Work also examines if this apparent change of the UN system is due to the reorientations of the police policies within the Organization. The empirical aspect of this study shows historically and comparatively that the power relations between actors at any levels direct and affect the implementation of the local police reforms

CHDS State/Local
Approved for public release; distribution is unlimited
The U.S. maritime domain includes vast resources and enables transportation of goods and services across the globe. Similar to all critical infrastructures and key resources, the maritime domain can be exploited to cause harm to people and disrupt economic stability. The President's National Strategy for Maritime Security and the U.S. maritime security framework is designed to deter, prevent and respond to a broad range of threats and exploitations. The U.S. maritime security system has evolved over the past decade and faces significant challenges including severe budget reductions, gaps between national guidance and specific roles and responsibilities assigned to federal agencies, and lack of interoperability among disparate logistic, training processes and operational command centers within the Homeland Security (DHS). Within the DHS, the United States Coast Guard and Customs and Border Protection execute the preponderance of maritime security missions. They struggle with aging air and marine assets and continuous interoperability challenges. The longterm solution includes a new alignment of air and marine resources and capabilities under one agency within the department, which will increase efficiency and reduce duplication of effort and costs, while maintaining a sustainable and layered maritime security posture in support of the President's strategy.

A large amount of today's communication occurs within data centers where a large number of virtual servers (running one or more virtual machines) provide service providers with the infrastructure needed for their applications and services. In this thesis, we will look at the next step in the virtualization revolution, the virtualized network. Software-defined networking (SDN) is a relatively new concept that is moving the field towards a more software-based solution to networking. Today when a packet is forwarded through a network of routers, decisions are made at each router as to which router is the next hop destination for the packet. With SDN these decisions are made by a centralized SDN controller that decides upon the best path and instructs the devices along this path as to what action each should perform. Taking SDN to its extreme minimizes the physical network components and increases the number of virtualized components. The reasons behind this trend are several, although the most prominent are simplified processing and network administration, a greater degree of automation, increased flexibility, and shorter provisioning times. This in turn leads to a reduction in operating expenditures and capital expenditures for data center owners, which both drive the further development of this technology. Virtualization has been gaining ground in the last decade. However, the initial introduction of virtualization began in the 1970s with server virtualization offering the ability to create several virtual server instances on one physical server. Today we already have taken small steps towards a virtualized network by virtualization of network equipment such as switches, routers, and firewalls. Common to virtualization is that it is in early stages all of the technologies have encountered trust issues and general concerns related to whether software-based solutions are as rugged and reliable as hardwarebased solutions. SDN has also encountered these issues, and discussion of these issues continues among both believers and skeptics. Concerns about trust remain a problem for the growing number of cloud-based services where multitenant deployments may lead to loss of personal integrity and other security risks. As a relatively new technology, SDN is still immature and has a number of vulnerabilities. As with most software-based solutions, the potential for security risks increases. This thesis investigates how denial-of-service (DoS) attacks affect an SDN environment and a singlethreaded controller, described by text and via simulations. The results of our investigations concerning trust in a multi-tenancy environment in SDN suggest that standardization and clear service level agreements are necessary to consolidate customers’ confidence. Attracting small groups of customers to participate in user cases in the initial stages of implementation can generate valuable support for a broader implementation of SDN in the underlying infrastructure. With regard to denial-of-service attacks, our conclusion is that hackers can by target the centralized SDN controller, thus negatively affect most of the network infrastructure (because the entire infrastructure directly depends upon a functioning SDN controller). SDN introduces new vulnerabilities, which is natural as SDN is a relatively new technology. Therefore, SDN needs to be thoroughly tested and examined before making a widespread deployment.
Dagens kommunikation sker till stor del via serverhallar där till stor grad virtualiserade servermiljöer förser serviceleverantörer med infrastukturen som krävs för att driva dess applikationer och tjänster. I vårt arbete kommer vi titta på nästa steg i denna virtualiseringsrevolution, den om virtualiserade nätverk. mjukvarudefinierat nätverk (eng. Software-defined network, eller SDN) kallas detta förhållandevis nya begrepp som syftar till mjukvarubaserade nätverk. När ett paket idag transporteras genom ett nätverk tas beslut lokalt vid varje router vilken router som är nästa destination för paketet, skillnaden i ett SDN nätverk är att besluten istället tas utifrån ett fågelperspektiv där den bästa vägen beslutas i en centraliserad mjukvaruprocess med överblick över hela nätverket och inte bara tom nästa router, denna process är även kallad SDN kontroll. Drar man uttrycket SDN till sin spets handlar det om att ersätta befintlig nätverksutrustning med virtualiserade dito. Anledningen till stegen mot denna utveckling är flera, de mest framträdande torde vara; förenklade processer samt nätverksadministration, större grad av automation, ökad flexibilitet och kortare provisionstider. Detta i sin tur leder till en sänkning av löpande kostnader samt anläggningskostnader för serverhallsinnehavare, något som driver på utvecklingen. Virtualisering har sedan början på 2000-talet varit på stark frammarsch, det började med servervirtualisering och förmågan att skapa flertalet virtualiserade servrar på en fysisk server. Idag har vi virtualisering av nätverksutrustning, såsom switchar, routrar och brandväggar. Gemensamt för all denna utveckling är att den har i tidigt stadie stött på förtroendefrågor och överlag problem kopplade till huruvida mjukvarubaserade lösningar är likvärdigt robusta och pålitliga som traditionella hårdvarubaserade lösningar. Detta problem är även något som SDN stött på och det diskuteras idag flitigt bland förespråkare och skeptiker. Dessa förtroendefrågor går på tvären mot det ökande antalet molnbaserade tjänster, typiska tjänster där säkerheten och den personliga integriten är vital. Vidare räknar man med att SDN, liksom annan ny teknik medför vissa barnsjukdomar såsom kryphål i säkerheten. Vi kommer i detta arbete att undersöka hur överbelastningsattacker (eng. Denial-of-Service, eller DoS-attacker) påverkar en SDN miljö och en singel-trådig kontroller, i text och genom simulering. Resultatet av våra undersökningar i ämnet SDN i en multitenans miljö är att standardisering och tydliga servicenivåavtal behövs för att befästa förtroendet bland kunder. Att attrahera kunder för att delta i mindre användningsfall (eng. user cases) i ett inledningsskede är också värdefullt i argumenteringen för en bredare implementering av SDN i underliggande infrastruktur. Vad gäller DoS-attacker kom vi fram till att det som hackare går att manipulera en SDN infrastruktur på ett sätt som inte är möjligt med dagens lösningar. Till exempel riktade attacker mot den centraliserade SDN kontrollen, slår man denna kontroll ur funktion påverkas stora delar av infrastrukturen eftersom de är i ett direkt beroende av en fungerande SDN kontroll. I och med att SDN är en ny teknik så öppnas också upp nya möjligheter för angrepp, med det i åtanke är det viktigt att SDN genomgår rigorösa tester innan större implementation.

A large amount of today's communication occurs within data centers where a large number of virtual servers (running one or more virtual machines) provide service providers with the infrastructure needed for their applications and services. In this thesis, we will look at the next step in the virtualization revolution, the virtualized network. Software-defined networking (SDN) is a relatively new concept that is moving the field towards a more software-based solution to networking. Today when a packet is forwarded through a network of routers, decisions are made at each router as to which router is the next hop destination for the packet. With SDN these decisions are made by a centralized SDN controller that decides upon the best path and instructs the devices along this path as to what action each should perform. Taking SDN to its extreme minimizes the physical network components and increases the number of virtualized components. The reasons behind this trend are several, although the most prominent are simplified processing and network administration, a greater degree of automation, increased flexibility, and shorter provisioning times. This in turn leads to a reduction in operating expenditures and capital expenditures for data center owners, which both drive the further development of this technology. Virtualization has been gaining ground in the last decade. However, the initial introduction of virtualization began in the 1970s with server virtualization offering the ability to create several virtual server instances on one physical server. Today we already have taken small steps towards a virtualized network by virtualization of network equipment such as switches, routers, and firewalls. Common to virtualization is that it is in early stages all of the technologies have encountered trust issues and general concerns related to whether software-based solutions are as rugged and reliable as hardware-based solutions. SDN has also encountered these issues, and discussion of these issues continues among both believers and skeptics. Concerns about trust remain a problem for the growing number of cloud-based services where multitenant deployments may lead to loss of personal integrity and other security risks. As a relatively new technology, SDN is still immature and has a number of vulnerabilities. As with most software-based solutions, the potential for security risks increases. This thesis investigates how denial-of-service (DoS) attacks affect an SDN environment and a single-threaded controller, described by text and via simulations. The results of our investigations concerning trust in a multi-tenancy environment in SDN suggest that standardization and clear service level agreements are necessary to consolidate customers’ confidence. Attracting small groups of customers to participate in user cases in the initial stages of implementation can generate valuable support for a broader implementation of SDN in the underlying infrastructure. With regard to denial-of-service attacks, our conclusion is that hackers can by target the centralized SDN controller, thus negatively affect most of the network infrastructure (because the entire infrastructure directly depends upon a functioning SDN controller). SDN introduces new vulnerabilities, which is natural as SDN is a relatively new technology. Therefore, SDN needs to be thoroughly tested and examined before making a widespread deployment.
Dagens kommunikation sker till stor del via serverhallar där till stor grad virtualiserade servermiljöer förser serviceleverantörer med infrastukturen som krävs för att driva dess applikationer och tjänster. I vårt arbete kommer vi titta på nästa steg i denna virtualiseringsrevolution, den om virtualiserade nätverk. mjukvarudefinierat nätverk (eng. Software-defined network, eller SDN) kallas detta förhållandevis nya begrepp som syftar till mjukvarubaserade nätverk. När ett paket idag transporteras genom ett nätverk tas beslut lokalt vid varje router vilken router som är nästa destination för paketet, skillnaden i ett SDN nätverk är att besluten istället tas utifrån ett fågelperspektiv där den bästa vägen beslutas i en centraliserad mjukvaruprocess med överblick över hela nätverket och inte bara tom nästa router, denna process är även kallad SDN kontroll. Drar man uttrycket SDN till sin spets handlar det om att ersätta befintlig nätverksutrustning med virtualiserade dito. Anledningen till stegen mot denna utveckling är flera, de mest framträdande torde vara; förenklade processer samt nätverksadministration, större grad av automation, ökad flexibilitet och kortare provisionstider. Detta i sin tur leder till en sänkning av löpande kostnader samt anläggningskostnader för serverhallsinnehavare, något som driver på utvecklingen. Virtualisering har sedan början på 2000-talet varit på stark frammarsch, det började med servervirtualisering och förmågan att skapa flertalet virtualiserade servrar på en fysisk server. Idag har vi virtualisering av nätverksutrustning, såsom switchar, routrar och brandväggar. Gemensamt för all denna utveckling är att den har i tidigt stadie stött på förtroendefrågor och överlag problem kopplade till huruvida mjukvarubaserade lösningar är likvärdigt robusta och pålitliga som traditionella hårdvarubaserade lösningar. Detta problem är även något som SDN stött på och det diskuteras idag flitigt bland förespråkare och skeptiker. Dessa förtroendefrågor går på tvären mot det ökande antalet molnbaserade tjänster, typiska tjänster där säkerheten och den personliga integriten är vital. Vidare räknar man med att SDN, liksom annan ny teknik medför vissa barnsjukdomar såsom kryphål i säkerheten. Vi kommer i detta arbete att undersöka hur överbelastningsattacker (eng. Denial-of-Service, eller DoS-attacker) påverkar en SDN miljö och en singel-trådig kontroller, i text och genom simulering. Resultatet av våra undersökningar i ämnet SDN i en multitenans miljö är att standardisering och tydliga servicenivåavtal behövs för att befästa förtroendet bland kunder. Att attrahera kunder för att delta i mindre användningsfall (eng. user cases) i ett inledningsskede är också värdefullt i argumenteringen för en bredare implementering av SDN i underliggande infrastruktur. Vad gäller DoS-attacker kom vi fram till att det som hackare går att manipulera en SDN infrastruktur på ett sätt som inte är möjligt med dagens lösningar. Till exempel riktade attacker mot den centraliserade SDN kontrollen, slår man denna kontroll ur funktion påverkas stora delar av infrastrukturen eftersom de är i ett direkt beroende av en fungerande SDN kontroll. I och med att SDN är en ny teknik så öppnas också upp nya möjligheter för angrepp, med det i åtanke är det viktigt att SDN genomgår rigorösa tester innan större implementation.

1.Контроль на авиабезопасность. URL: https://kbp.aero/en/pass/ab/ (Last accessed: 18.01.2021). 2. About ICAO AVSEC Training Centre. URL: https://kbp.aero/en/airport/icao/about/ (Last accessed: 19.01.2021). 3. Training Centre. URL: https://kbp.aero/en/airport/educ/ (Last accessed: 19.01.2021). 4.Global aviation security plan. . URL: https://www.icao.int/SAM/Documents/2018-USAPCMA/Global_Aviation_Security_Plan_November_2017_en.pdf (Last accessed: 18.01.2021). 5. Training Centre. URL: https://www.flyuia.com/us/en/about/training-center (Last accessed: 19.01.2021). 6. Stepanenko M. Aviation Industry in Ukraine – Challenges and Opportunities.URL: https://www.ecovis.com/global/aviation-industry-in-ukraine-challenges-and-opportunities (Last accessed: 20.01.2021).
The work is devoted to the Ukrainian aviation industry as dynamic and constantly developing, which generates economic growth, creates jobs, and facilitates tourism and international trade. At the same time, the problem of maintaining an adequate level of aviation security in Ukraine is highlighted.
Робота присвячена українській авіаційній галузі, яка є динамічною, що постійно розвивається, сприяючи економічному зростанню, створенню робочих місць та туризму та міжнародній арені. Водночас висвітлюється проблема щодо підтримання належного рівня авіаційної безпеки в Україні.

Context: Scientific computing in the 21st century has evolved from fixed to distributed work environment. The current trend of Cloud Computing (CC) allows accessing business applications from anywhere just by connecting to the Internet. Evidence shows that, switching to CC organizations' annual expenditure and maintenance are being reduced to a greater extent. However, there are several challenges that come along with various benefits of CC. Among these include security aspects. Objectives: This thesis aims to identify security challenges for adapting cloud computing and their solutions from real world for the challenge that do not have any proper mitigation strategies identified through literature review. For this the objective is to identify existing cloud computing security challenges and their solutions. Identify the challenges that have no mitigation strategies and gather solutions/guidelines/practices from practitioners, for a challenge with more references but no mitigation strategies identified (in literature). Methods: This study presents a literature review and a snowball sampling to identify CC security challenges and their solutions/mitigation strategies. The literature review is based on search in electronic databases and snowball sample is based on the primary studies searched and selected from electronic databases. Using the challenges and their solutions identified form literature review, challenges with no mitigation strategies are identified. From these identified challenges with no mitigation strategies, a challenge with more references is identified. The surveys are employed in the later stages to identify the mitigation strategies for this challenge. Finally the results from the survey are discussed in a narrative fashion. Results: 43 challenges and 89 solutions are identified from literature review using snowball sampling. In addition to these mitigation strategies few guidelines are also identified. The challenge with more (i.e., more articles mentioning the challenge) and no mitigation identified is incompatibility. The responses identified for the three insecure areas of incompatibility (i.e., interoperability, migration and IDM integration with CC) in cloud computing security are mostly guidelines/practices opined by experienced practitioners. Conclusions: This study identifies cloud computing security challenges and their solutions. Where these (challenges and solutions) are common to cloud computing applications and cannot be generalized to either service or deployment models (viz. SaaS, PaaS, IaaS, etc.). The study also identifies that there are methods guidelines/practices identified from practitioners) to provide secure interoperability, migration and integration of on-premise authentication systems with cloud applications, but these methods are developed by individuals (practitioners/organization) specific to their context. The study also identifies the non-existence of global standards for any of these operations (providing interoperability/migration/IDM integration with cloud). This identified non-existence of global standards and guidelines could be help academics to know the state of practice and formulate better methods/standards to provide secure interoperability. The identified cloud computing security challenges (43) and solutions (89), can be referred by practitioners to understand which areas of security need to be concentrated while adapting/migrating to a cloud computing environment.

Cloud computing is the computing model in which the computing resources such as software, hardware and data are delivered as a service through a web browser or light-weight desktop machine over the internet (Wink, 2012). This computing model abolishes the necessity of sustaining the computer resources locally hence cuts-off the cost of valuable resources (Moreno, Montero & Llorente, 2012). A distinctive cloud is affected by different security issues such as Temporary Denial of Service (TDOS) attacks, user identity theft, session hijacking issues and flashing attacks (Danish, 2011). The purpose of this study is to bridge the research gap between the cloud security measures and the existing security threats. An investigation into the existing cloud service models, security standards, currently adopted security measures and their degree of flawless protection has been done. The theoretical study helped in revealing the security issues and their solutions whereas the empirical study facilitated in acknowledging the concerns of users and security analysts in regards to those solution strategies. The empirical methods used in this research were interviews and questionnaires to validate the theoretical findings and to grasp the innovativeness of practitioners dealing with cloud security.With the help of theoretical and empirical research, the two-factor mechanism is proposed that can rule out the possibility of flashing attacks from remote location and can help in making the cloud components safer. The problem of junk traffic can be solved by configuring the routers to block junk data packets and extraneous queries at the cloud outer-border. This security measure is highly beneficial to cloud security because it offers a security mechanism at the outer boundary of a cloud. It was evaluated that a DOS attack can become a huge dilemma if it affects the routers and the effective isolation of router-to-router traffic will certainly diminish the threat of a DOS attack to routers. It is revealed that the data packets that require a session state on the cloud server should be treated separately and with extra security measures because the conventional security measures cannot perform an in-depth analysis of every data packet. This problem can be solved by setting an extra bit in the IP header of those packets that require a state and have a session. Although this change should be done at universal level and would take time; it can provide a protocol-independent way to identify packets which require extra care. It will also assist firewalls to drop bits which are requesting a session sate without a state-bit being set. The cloud security analysts should consider that the interface and authentication layer should not be merged into a single layer because it endangers the authentication system as the interface is already exposed to the world. The use of login-aiding devices along with secret keys can help in protecting the cloud users. Moreover, a new cloud service model “Dedicated cloud” is proposed in this research work to reinforce the cloud security. It was discovered that the optimal blend of HTTPS and SSL protocols can resolve the problem of session hijacks. The client interface area should be protected by HTTPS protocols and the secure cookies should be sent through a SSL link along with regular cookies. Disallowing the multiple sessions and the use of trusted IP address lists will help even further. A reasonable amount of care has been paid to ensure clarity, validity and trustworthiness in the research work to present a verifiable scientific knowledge in a more reader-friendly manner. These security guidelines will enhance the cloud security and make a cloud more responsive to security threats.
Program: Masterutbildning i Informatik

To ensure energy security, the first to know what is energy, and second, what are the factors of non-security, means that the challenge of energy security. Finally, puts forward some policy or in the case of a reasonable method to solve it according to these problems. At present, energy security is facing two challenges of structural crisis and crisis management system. Concretely, main problems in that security are analyzed, which are considered to affect China and mostly embody in such four big areas as the great pressure in energy supply, the scarcity of relative energy resources, foreign oil dependence is too large, crisis management systems of energy security, the shortage of green energy. Furthermore the counter measures concerned are proposed, including saving energy and increasing the energy utilization rate, to establish strategic energy reserves, strengthening environmental protection and adjusting the primary energy structure. China's rapid economic growth lead to sharp increase in oil imports. Due to China relies on a single chokepoint, the Malacca Strait, which has caused a high degree of concern about the safety of its energy. Nearly three-quarters of its oil imports flowing through the Strait. In view of its strategic importance to China and China’s little sway on the waterway, this view is mainly focused on China’s energy demand and supply in two aspects of concern. The paper analysis of whether the current energy structure is appropriate and sustainable. Because the energy security is facing China's energy is more and more dependent on imported fuel and the need to convert energy to meet the demand of modern society and the rapid growth of the requirements of the economic challenges. Concludes that the China's new policy should focus on energy efficiency, energy saving, renewable energy and turned to the main energy source of natural gas.

Thesis (M.A. in Security Studies (Defense Decision-Making and Planning))--Naval Postgraduate School, Sept. 2004.
Thesis Advisor(s): Peter Lavoy, Jeff Knopf. Includes bibliographical references (p. 87-92). Also available online.

Today's Internet is aging. Connections are point-to-point and increasingly protected by end-to-end encryption. This reduces security to data transport instead of data itself. Content-Centric Networking (CCN) is a paradigm shift away from this host- and channel-based design. CCN is an architecture for naming, securing, and transferring named data from producers to consumers upon request. Consumers issue interests for named content. Routers forward interests towards producers capable of providing authentic content with cryptographic name-to-data bindings. Once found, routers forward content, in reverse, towards consumers. Routers may also choose to cache content to serve duplicate future interests. Object security, native authenticity, pull-based data transfer, flow symmetry, and in-network services are among the notable characteristics of CCN. In this dissertation, we study security and privacy issues that stem from these architectural properties. Specifically, we study variations and facets of access control, privacy risks and remedies, and network-layer availability attacks and architectural mitigations. For each issue, we describe the problem in detail and explain several countermeasures. We also present detailed analyses and experimental assessments for each approach. We find that sound engineering can mitigate several issues, while others remain insurmountable challenges exacerbated by fundamental security and performance tradeoffs made by CCN.

Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, March 2004.
Thesis advisor(s): James A. Russell, W. Andrew Terrill. Includes bibliographical references (p. 51-55). Also available online.

Today there is a heavy integration of information technology in almost every aspect of our lives and there is an increase in computer security that goes with it. To ensure this security, and that policies and procedures within an organisations related to this security are enforced; security audits are conducted. At the same time, use of open source software is also becoming increasingly common, becoming more a fact of life rather than an option. With these two trends in mind, this study analyses a selection of scientific literature on the topic and identifies the unique challenges a security audit in an open source environment faces, and aims to contribute on how to help alleviate the challenges. The study was performed in the form of a literature review, where the comparison and analysis revealed interesting information regarding the open source specific challenges, including both technical issues as well as challenges stemming from people’s perception and handling of open source software today. The answer to the question “What are the challenges when conducting security audits for open source systems and how can they be alleviated?” shows the main challenges to be too much trust is put in unverified binaries. The report offers suggestions and ideas on how to implement solutions in order to help diminish this challenge through the use and integration of Reproducible Builds, answering the second part of the question.

The conceptual understanding of security and the practicalities of national defence are interdependent. In many countries both are undergoing significant change. This work provides an international context but focuses on Australian defence, arguing that a transition is underway from old security thinking to new, and that this is evidenced by changes in policies and practical activities. The aim of this work is to demonstrate the interdependence between the current reconceptualisation of security and the practicalities of national defence. Old security thinking concerns military power relationships between states, in contrast with new security thinking, which uses a broader conceptual framework. These are described, providing benchmarks for the subsequent analysis. While it is acknowledged that change has occurred in security thinking throughout history, those developments observed since the end of the Cold War and the rise of globalisation signify a fundamental shift. To explore this shift, recent developments in the defence policies and military activities of four relevant nations are examined, providing an international context for the consideration of the primary case study of Australian defence. This case study draws on historical descriptions and empirical data to analyse developments in four spheres - Australian defence policy, current Australian Defence Force activities, recent military developments and contemporary Australian public debate. The weight of evidence supports the thesis of a transition in both security thinking, described as transitional security thinking, and ADF activities. Tensions are observed between the requirements of defending a nation against attack, and contributing to the expanding requirements of the broadened security agenda. Despite these tensions, the expansion in both security thinking and the associated activities of armed forces, is likely to continue. This expansion has important implications for Australia???s defence capabilities which are increasingly required to meet the demands of refocused national security. These demands contribute to the pressing challenges of convergence and overstretch. A strategy of integration is recommended to address these challenges and it follows the principles of whole-of-government security and sustainable partnerships. The application of these principles will require the ADF to emphasise capabilities with versatility and adaptability.

Overlay networks are a technique to build a new network on top of an existing one. They are a key tool to add functionality to existing networks, and are used in different layers of the Internet stack for a wide variety of purposes, like confidentiality, Quality of Service, virtual networking, etc. Specifically, network overlays in the IP networking layer are widely used in some of these use cases. However, these kind of overlay networks do not have as many functionalities as overlays in other layers. For example, thanks to the Zero Trust Networking paradigm it is possible to build secure overlay networks at L7 using HTTPS. Taking this into account, this thesis strives to add new features and improve on others of IP overlay networks, in order to support emerging challenges. This thesis focuses on three axes: security, trust, and deployment in enterprise scenarios. First, regarding security, we explore how to simplify the setup of secure tunnels over the Internet, without relying on external Public Key Infrastructure or proprietary solutions. To this purpose, we leverage WireGuard, a state of the art VPN protocol, and add a control plane on top of it to distribute encryption keys. In addition, we present the implementation of a prototype and a performance evaluation. Second, with respect to trust, we investigate how emerging blockchain technology can be used in distributed mapping systems. Mapping systems are a database used in some overlay network deployments to assist in the creation of tunnels, by storing overlay to underlay pairs of addresses. Mapping systems are not commonly used in scenarios with multiple administrative domains, due to configuration complexity and centralized control. We explore how some of the properties of blockchains, such as distributed control, or auditability, can help in building these type of mapping systems. We take into account both the policy aspects, that is, the advantages of a distributed trust scheme, and the technical ones, like simplified management. In addition, we present two deployment scenarios: one to increase the security of BGP-based inter-domain routing, and a set of cooperating companies that want to establish communications among themselves. Finally, we focus on the deployment of enterprise networks leveraging overlay networks. First, we discuss the challenges present in current enterprise networks, such as segmentation, mobility, or simplified operations. Then, we present a design based on overlay networks and SDN principles to address them, along with an evaluation of two real-life deployments. We conclude with a design tailored for future enterprise networks, based also on overlay networks and a layered approach. This solution aims to provide mobility, multi-homing, confidentiality, user and application identity, and access control policies for enterprise endpoints connected from any network, either in the campus or outside.
Les xarxes superposades o overlays són una tècnica per a construir una xarxa sobre una d'existent. Són una eina fonamental per a afegir funcionalitat a xarxes ja existents, i es fan servir en diferents capes de la pila de protocols d’Internet per a diferents objectius, com ara confidencialitat, Qualitat de Servei, virtualització de xarxes, etc. Específicament, les xarxes superposades a la capa de xarxa IP es fan servir àmpliament per alguns d’aquest casos d’ús. No obstant, aquest tipus de xarxes superposades no tenen tanta funcionalitat com overlays en altres capes. Per exemple, gràcies al paradigma Zero Trust és possible construir xarxes superposades segures a la capa 7 amb HTTPS. Tenint això en compte, aquesta tesi vol afegir noves funcionalitats i millorar-ne d’altres en xarxes IP superposades, amb l’objectiu d’afrontar nous reptes. Aquesta tesi es centra en tres eixos: seguretat, confiança i desplegament en escenaris de xarxes empresarials. En primer lloc, pel que fa a seguretat, explorem com simplificar la configuració de túnels segurs a través d’Internet, sense dependre duna infraestructura de clau pública externa o de solucions propietàries. Per a aquest objectiu, utilitzem WireGuard, un protocol VPN d’última generació i li afegim un pla de control per a distribuir les claus d’encriptació. A més, presentem la implementació d’un prototip i una avaluació del seu rendiment. En segon lloc, respecte la confiança, investiguem com les tecnologies emergents basades en cadenes de blocs (blockchain) es poden fer servir en sistemes de mapatge distribuïts. Els sistemes de mapatge són una base de dades que es fa servir en alguns desplegaments de xarxes superposades per a ajudar en la creació dels túnels; normalment guarden parelles d’adreces que tradueixen l’adreça de la xarxa superposada a la de la xarxa de sota. Els sistemes de mapatge no es solen utilitzar en escenaris amb múltiples dominis administratius, degut a la complexitat de la configuració i a la centralització del seu control. En aquesta part explorem com algunes de les propietats de les cadenes de blocs, com el control distribuït o l’auditabilitat poden ajudar a construir aquests tipus de sistemes de mapatge. Tenim en compte tant els aspectes polítics, és a dir, els avantatges d’un esquema de confiança distribuït, com tècnics, per exemple, una gestió més simple. A més, presentem dos escenaris de desplegament: un per a incrementar la seguretat de l'enrutament basat en BGP entre diferents dominis, i un altre d’un conjunt d’empreses que cooperen per a establir comunicacions entre elles. Finalment, ens centrem en el desplegament de xarxes per a empreses fent servir xarxes superposades. En primer lloc, detallem els reptes que hi ha actualment a les xarxes per a empreses, per exemple, segmentació, mobilitat o simplificació de les operacions. A continuació, presentem un disseny basat en xarxes superposades i principis SDN que aborda els reptes que hem mencionat, a més d’una avaluació de dos desplegaments reals. Acabem amb una solució dissenyada per a les xarxes empresarials del futur, també basat en xarxes superposades i una aproximació per capes. Aquesta solució està dirigida a oferir mobilitat, connexió simultània (multi-homing), confidencialitat, identitat de l’usuari i l'aplicació, i polítiques de control d’accés per a dispositius connectats des de qualsevol xarxa, sigui des de l'oficina o des de fora.
Las redes superpuestas u overlays son una técnica para construir una nueva red encima de una ya existente. Son una herramienta clave para añadir funcionalidad a redes existentes, y se usan en diferentes capas de la pila de protocolos de Internet para una gran variedad de propósitos, como confidencialidad, Calidad de Servicio, redes virtuales, etc. Específicamente, las redes superpuestas en la capa de red IP son ampliamente usadas para algunos de estos casos de uso. No obstante, este tipo de redes no disponen de tantas funcionalidades como redes superpuestas en otras capas. Por ejemplo, gracias al paradigma Zero Trust es posible construir redes superpuestas seguras en la capa 7 usando HTTPS. Teniendo esto en cuenta, esta tesis tiene como objetivo añadir nuevas funcionalidades y mejorar otras de las redes IP superpuestas, con el propósito de afrontar los nuevos retos que van apareciendo. Esta tesis se centra en tres ejes: seguridad, confianza y despliegue en escenarios empresariales. En primer lugar, y respecto a la seguridad, exploramos cómo simplificar la configuración de túneles seguros a través de Internet, sin usar una infraestructura de clave pública externa o soluciones propietarias. Para este objetivo, utilizamos WireGuard, un protocolo VPN de última generación, y le añadimos un plano de control para distribuir las claves de encriptado. Además, presentamos la implementación de un prototipo y una evaluación de rendimiento. En segundo lugar, en relación a la confianza, investigamos como las tecnologías emergentes basadas en cadena de bloques (blockchain) se pueden usar en sistemas de mapeado distribuidos. Los sistemas de mapeado son una base de datos que se utiliza en algunas redes superpuestas para ayudar en la creación de los túneles. Normalmente, estos sistemas guardan parejas de direcciones que traducen direcciones de la red superpuesta a la de la red subyacente. Los sistemas de mapeado no son muy utilizados en escenarios con múltiples dominios administrativos, debido a la complejidad de la configuración y a la centralización del control. En esta parte exploramos como algunas de las propiedades de las cadenas de bloques, como el control distribuido, o la auditabilidad, pueden ser de ayuda en la construcción de este tipo de sistemas de mapeado. Tomamos en consideración tanto los aspectos políticos, esto es, las ventajas de un esquema de confianza distribuido, como los técnicos, por ejemplo, una gestión más simple. También presentamos dos escenarios de despliegue: uno para aumentar la seguridad del enrutamiento basado en BGP entre diferentes dominios, y otro de un conjunto de empresas que cooperan para establecer conexiones entre ellas. Finalmente, nos centramos en el despliegue de redes empresariales usando redes superpuestas. En primer lugar, detallamos los retos que existen hoy en día en las redes empresariales, por ejemplo, segmentación, movilidad, o simplificación de las operaciones. A continuación, presentamos un diseño basado en redes superpuestas y principios SDN que aborda los retos que hemos mencionado, junto con la evaluación de dos despliegues reales. Concluimos con una solución diseñada para las redes empresariales del futuro, basada también en redes superpuestas y una aproximación por capas. Esta solución tiene como propósito ofrecer movilidad, conexión simultánea (multi-homing), confidencialidad, identificación de usuario y aplicación, y políticas de control de acceso para dispositivos conectados desde cualquier red, sea en la oficina o fuera.
Arquitectura de computadors

Ce travail de thèse s'intéresse à la sécurité des futures communications aéronautiques de donnée. Le travail est divisé en trois grandes parties. La première contribution est une architecture de sécurité adaptative pour les communications aéronautiques intégrant un segment sol-bord par satellite. Un module de gestion de la sécurité a été conçu, développé, puis validé lors de la phase finale d'intégration du projet FAST (Fibre-like Aircraft Satellite Communications). La deuxième contribution est une méthodologie quantitative d'estimation du risque lié à la sécurité réseau. L'originalité de notre approche est d'être basée sur la notion de propagation du risque au sein des différents noeuds du réseau. Commecas d'étude, un réseau de communication aéroportuaire utilisant le protocole AeroMACS a été étudié dans le cadre du projet SESAR (Single European Sky ATM Research). La troisième contribution est une infrastructure à clés publiques (PKI) qui permet d'optimiser les échanges de signalisation (échanges de clés, certificats, vérification des signatures) entre l'avion et l'autorité de certification au sol. Le modèle de PKI proposé est un modèle hiérarchique utilisant la certification croisée entre les autorités de certification mères
This research work deals with the information and network security in the aeronautical communication domain. Three fundamental research axes are explored. First, a quantitative network security risk assessment methodology is proposed. Our approach is based on the risk propagation within the network nodes. As study cases, the algorithm has been validated in the scope of the European industrial project entitled SESAR (Single European Sky ATM Research) and the Aerospace Valley FAST (Fibrelike Aircraft Satellite Communications). Particularly, experimental results relative to the case study devoted to the FAST project shown that the global network risk in the non secured system architecture is relatively high, meaning the system needs more consideration from a security point of view. To cope with this issue, an adaptive security management framework for a satellite-based aeronauticalcommunication architecture has been proposed as a second contribution. A security manager module has been designed, implemented, then tested in the scope of the FAST project. Finally, as the security primitives used in the adaptive security management framework need to be efficiently exchanged, the last contribution consists in a scalable PKI adapted for the upcoming network-enabled aircraft. The idea is to minimize the air-ground additional overhead induced by the security procedures (keys, digital certificates, revocation/verification procedures). The PKI model we propose is a cross-certified multirooted hierarchical model