Understanding and Identifying Vulnerabilities Related to Architectural Security Tactics

To engineer secure software systems, software architects elicit the system\u27s security requirements to adopt suitable architectural solutions. They often make use of architectural security tactics when designing the system\u27s security architecture. Security tactics are reusable solutions to detect, resist, recover from, and react to attacks. Since security tactics are the building blocks of a security architecture, flaws in the adoption of these tactics, their incorrect implementation, or their deterioration during software maintenance activities can lead to vulnerabilities, which we refer to as tactical vulnerabilities . Although security tactics and their correct adoption/implementation are crucial elements to achieve security, prior works have not investigated the architectural context of vulnerabilities. Therefore, this dissertation presents a research work whose major goals are: (i) to identify common types of tactical vulnerabilities, (ii) to investigate tactical vulnerabilities through in-depth empirical studies, and (iii) to develop a technique that detects tactical vulnerabilities caused by object deserialization. First, we introduce the Common Architectural Weakness Enumeration (CAWE), which is a catalog that enumerates 223 tactical vulnerability types. Second, we use this catalog to conduct an empirical study using vulnerability reports from large-scale open-source systems. Among our findings, we observe that Improper Input Validation was the most reoccurring vulnerability type. This tactical vulnerability type is caused by not properly implementing the Validate Inputs tactic. Although prior research focused on devising automated (or semi-automated) techniques for detecting multiple instances of improper input validation (e.g., SQL Injection and Cross-Site Scripting) one of them got neglected, which is the untrusted deserialization of objects. Unlike other input validation problems, object deserialization vulnerabilities exhibit a set of characteristics that are hard to handle for effective vulnerability detection. We currently lack a robust approach that can detect untrusted deserialization problems. Hence, this dissertation introduces DODO untrusteD ObjectDeserialization detectOr), a novel program analysis technique to detect deserialization vulnerabilities. DODO encompasses a sound static analysis of the program to extract potentially vulnerable paths, an exploit generation engine, and a dynamic analysis engine to verify the existence of untrusted object deserialization. Our experiments showed that DODO can successfully infer possible vulnerabilities that could arise at runtime during object deserialization

Toward Establishing a Catalog of Security Architecture Weaknesses

The architecture design of a software system plays a crucial role in addressing security requirements early in the development lifecycle through forming design solutions that prevent or mitigate attacks in a system. Consequently, flaws in the software architecture can impact various security concerns in the system, thereby introducing severe breaches that could be exploited by attackers. In this context, this thesis presents the new concept of Common Architectural Weakness Enumeration (CAWE), a catalog that identifies and categorizes common types of vulnerabilities rooted in the software architecture design and provides mitigation techniques to address each of them. Through this catalog, we aim to promote the awareness of architectural flaws and stimulate security design thinking to developers, architects and software engineers. This work also investigates the reported vulnerabilities from four real and complex software systems to verify the existence and implications of architecture weaknesses. From this investigation, we noted that a variety of breaches are indeed rooted in the software design (at least 35% in the investigated systems), providing evidence that architectural weaknesses frequently occurs in complex systems, resulting in medium to high severe vulnerabilities. Therefore, a catalog of such type of weaknesses can be useful for adopting proactive approaches to avoid design vulnerabilities

The cultural codes of retirement and their impact on brand associations

info:eu-repo/semantics/publishedVersio

A holistic perspective on the international market selection phenomenon

This work seeks to identify the factors that lead to the selection of a specific country as an international location for foreign investment. Using three case studies of Portuguese firms that have internationalized to Poland, we were able to identify three different types of behaviour that led to the selection of the same international market location: systematic, relational and mimetic. Despite international market selection being a common topic of research in international business, few studies have focused on the rationale behind the selection of a specific target market. This study shows that market characteristics are decisive when firms intentionally seek a foreign market to enter, but are of less importance when country selection is motivated by rising business opportunities, a firm’s existing relationships (following the client’s strategy), or cost and risk reduction, in the form of mimetic behaviour.info:eu-repo/semantics/publishedVersio

Don’t tell me stories – the narratives of retirement and their relation with brand associations

Purpose: The concept of cultural branding based on various narratives has been established in the marketing literature, but there is a lack of studies linking this concept with brand-related effects. The aim of this paper is to explore and explain the possible relationships between various brand narratives based on the changing meaning of retirement and brand associations. Design/methodology/approach: An experimental design was used to test the proposed conceptual model and examine the impact of brand narrative on brand associations. Data were collected using an online survey from a random group of 432 respondents and analyzed using MANOVA. Findings: Our research did not confirm that in the case of financial products, brand narratives represented by distinctive retirement cultural codes had an impact on brand associations. Partial relation was found only for brand personality. Originality: This is the first study that explores brand narratives’ based on cultural codes relations with brand associations.info:eu-repo/semantics/publishedVersio

A mulher, o mito e o estereótipo na literatura brasileira de expressão amazônica

Tese (doutorado) — Universidade de Brasília, Instituto de Letras, Departamento de Teoria Literária e Literaturas, Programa de Pós-Graduação em Literatura, 2022.Contrária ao viés de um regionalismo misterioso e exótico, muito comum à maioria daqueles que buscaram (ou buscam) conceber a Amazônia, esta pesquisa tem por objetivo analisar, a partir de distintos marcadores sociais, como classe, gênero, raça e etnia, de que forma a mulher é construída e representada no texto literário de expressão amazônica e em que medida fatores discursivos e imagéticos operam na produção de desigualdades e exclusões que acometem o ser feminino em sua especificidade. Para tanto, o corpus literário da pesquisa coloca em relevo uma seleção de autores e obras considerados significativos durante o percurso de criação e consolidação de uma tradição literária de expressão amazônica, iniciada a partir dos relatos dos primeiros expedicionários na Amazônia durante o séc. XVI; passando pelo período colonial (séc. XVI e XVII); adentrando o ciclo gomífero (séc. XIX e XX) e indo desaguar em autores mais contemporâneos, assim sequenciados: João Henrique Wilkens, Araújo Amazonas, Inglês de Sousa, Alberto Rangel, Ferreira de Castro, Álvaro Maia, Dalcídio Jurandir, Milton Hatoum. A partir desse panorama literário, poderemos identificar injunções discursivas e imagéticas que atravessam a construção do ser feminino no texto literário de expressão amazônica, em diferentes âmbitos e categorias. Para dar sustentabilidade à discussão, o referencial teórico toma por base os estudos culturais e de gênero e a crítica literária feminista, apoiado nos trabalhos de Adriana Piscitelli, Elaine Showalter, Gayatri Spivak, Pierre Bourdieu, Regina Dalcastagnè, Sandra Gilbert, Simone de Beauvoir, Thomas Bonnici, entre outros estudiosos da área que contribuem com a discussão em tela.Fundação de Amparo à Pesquisa do Estado do Amazonas (Fapeam) e Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES).Contrary to the bias of a mysterious and exotic regionalism, very common to most of those who sought (or seek) to conceive the Amazon, this research aims to analyze, from different social markers, such as class, gender, race and ethnicity, how women are constructed and represented in the literary texts of Amazonian expression, and to what extent discursive and imagery factors operate in the production of inequalities and exclusions that affect the female being in its specificity. Therefore, the research's literary corpus highlights a selection of authors and works considered significant during the course of creation and consolidation of a literary tradition of Amazonian expression, which began with the reports of the first expeditionaries in the Amazon during the XVI century; passing through the colonial period (16th and 17th centuries); entering the gum cycle (19th and 20th centuries), flowing into more contemporary authors, sequenced as follows: João Henrique Wilkens, Araújo Amazonas, Inglês de Sousa, Alberto Rangel, Ferreira de Castro, Álvaro Maia, Dalcídio Jurandir, Miltom Hatoum. From this literary panorama, we will be able to identify discursive and imagetic injunctions that cross the construction of the feminine being in the literary texts of Amazonian expression, in different scopes and categories. To give sustainability to the discussion, the theoretical framework is based on cultural and gender studies, and feminist literary criticism, supported by the works of Adriana Piscitelli, Elaine Showalter, Gayatri Spivak, Pierre Bourdieu, Regina Dalcastagnè, Sandra Gilbert, Simone de Beauvoir, Thomas Bonnici, among other scholars in the area who may contribute to the discussion on screen

Produção de diacilgliceróis a partir da glicerólise enzimática de óleo de peixe utilizando meio com surfactante de grau alimentício

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Alimentos, Florianópolis, 2011Nas pesquisas com óleos e gorduras alimentícios, estudos vêm indicando que os produtos ricos em diacilgliceróis, em especial sn-1,3-diacilgliceróis, podem apresentar uma ação benéfica sobre a saúde humana, pois são metabolizados totalmente, o que não ocorre com as moléculas de triacilgliceróis. Aliado a isto, sabe-se que a glicerólise de óleos é, estequiometricamente, bastante favorável à produção de mono- e diacilgliceróis. Entretanto, o método tradicional de obtê-los não é indicado para a obtenção de produtos de qualidade, com propriedades funcionais, devido ao emprego de condições agressivas de temperatura e, geralmente, de solventes orgânicos. Logo, observa-se a necessidade de substituir este processo de obtenção de emulsificantes, tão indesejável ecológica, sensorial e, até, economicamente, bem como de fornecer alimentos industrializados que balanceiem a atual proporção de ácido graxos essenciais ômega-6 e ômega-3 na dieta. Por conseguinte, o presente estudo objetivou a produção de diacilgliceróis ricos nos ácidos graxos eicopentaenóico (EPA) e docosahexaenóico (DHA), através da glicerólise enzimática de óleo de peixe (Savelha), utilizando a Lipozyme® RM IM como catalisador. Fez-se o estudo cinético das concentrações de diacilgliceróis formadas em condições reacionais pré-estabelecidas, em meio contendo surfactante de grau alimentício (Tween 65, 80 e 85). A auto-oxidação do meio e a atividade de esterificação da enzima foram monitoradas ao final da reação. Inicialmente, adequou-se a determinação da atividade enzimática, e, adicionalmente, verificou-se que a lipase não condicionada termicamente apresentava atividade maior do que a enzima condicionada a 40 °C durante 1 h. Análises preliminares indicaram que a lipase atua sobre a lecitina de soja, motivo pelo qual este fosfolipídeo não foi empregado na continuidade do trabalho. Além disso, verificou-se que, possivelmente, a lipase não atua sobre os surfactantes selecionados para o estudo cinético. Por fim, observou-se que a reação de glicerólise sem adição de Tween foi a que se destacou positivamente para a produção de diacilgliceróis. Esta reação apresentou a maior produtividade (0,25 mmoles/(g meio reacional.h)) em 56,23% de triacilgliceróis convertidos, associada à maior velocidade inicial específica de formação de diacilgliceróis (0,44 mmoles/(g meio reacional.h)). Também foi a que teve o menor índice de peróxido ao final da reação, entretanto, a atividade específica da enzima foi reduzida em 38,77%

Improving patient involvement in the lifecycle of medicines : insights from the EUPATI BE survey

EUPATI Belgium (EUPATI.be) is an informal gathering of local partners who are interested in improving patient involvement in healthcare innovation and medicines research and development. EUPATI.be brings together various stakeholders from different areas related to healthcare including patients, academia and industry. In doing so, we create an innovative collaborative approach where actors from different backgrounds work toward improving patient involvement in medical research, and putting the patient at the center of the Belgian healthcare system. Previously, we performed in-depth interviews with a small group of stakeholders on patient involvement. Here, we elaborate on our previous findings by using a nation-wide survey to inquire into Belgian stakeholders' perception on patient involvement. To this end, an electronic survey was available in French, Dutch and English, and accessible for 11 months. Twelve questions were asked, including 11 multiple choice questions and 1 open question. The latter was thematically analyzed according to the framework method. A total of 117 responses were registered and descriptive statistics were performed. The majority of respondents could be categorized into patient, academia and industry, whereas policy makers, payers, and healthcare professionals were underrepresented. We identified several barriers that hamper patient involvement, which were sometimes more reported by specific stakeholder groups. Next, we found that various stakeholders still consider patient involvement as a passive role, i.e., medical subject in a clinical trial. Respondents also reported that the role of the various stakeholders needed more clarification; this was also confirmed by the level of trust amongst the various stakeholders. Existing and the wish for more collaboration with the various stakeholders was reported by almost all respondents. Based on this survey, we can define the potential of involving patients in the medical research and development in the Belgian landscape. Our results will help to understand and tackle the various barriers that currently hamper patient involvement, whilst highlighting the need for a collaborative landscape from the multi-stakeholder perspective

Discovery of Megachile (Pseudomegachile) lanata (Fabricius, 1775) (Hymenoptera, Megachilidae) in Colombia, an adventive bee species from the Old World

This work is licensed under a Creative Commons Attribution 4.0 International License.We record for the first time for Colombia Megachile (Pseudomegachile) lanata (Fabricius, 1775), a bee species from Southeast Asia. This is the first record of an adventive bee species for the country besides Apis mellifera Linnaeus, 1758, the European honey bee. Megachile lanata appears to have arrived to the Caribbean coast of Colombia nearly half a century ago, reaching the Orinoquia region recently. We provide comments on diagnostic features to facilitate the recognition of this bee species and discuss its possible establishment in Colombia