A type system for value-dependent information flow analysis

Information systems are widespread and used by anyone with computing devices as well as corporations and governments. It is often the case that security leaks are introduced during the development of an application. Reasons for these security bugs are multiple but among them one can easily identify that it is very hard to define and enforce relevant security policies in modern software. This is because modern applications often rely on container sharing and multi-tenancy where, for instance, data can be stored in the same physical space but is logically mapped into different security compartments or data structures. In turn, these security compartments, to which data is classified into in security policies, can also be dynamic and depend on runtime data. In this thesis we introduce and develop the novel notion of dependent information flow types, and focus on the problem of ensuring data confidentiality in data-centric software. Dependent information flow types fit within the standard framework of dependent type theory, but, unlike usual dependent types, crucially allow the security level of a type, rather than just the structural data type itself, to depend on runtime values. Our dependent function and dependent sum information flow types provide a direct, natural and elegant way to express and enforce fine grained security policies on programs. Namely programs that manipulate structured data types in which the security level of a structure field may depend on values dynamically stored in other fields The main contribution of this work is an efficient analysis that allows programmers to verify, during the development phase, whether programs have information leaks, that is, it verifies whether programs protect the confidentiality of the information they manipulate. As such, we also implemented a prototype typechecker that can be found at http://ctp.di.fct.unl.pt/DIFTprototype/.

Adaptation as a part of system resilience. insights from fish producers organizations in Portugal

Complex problems of globalized society challenge its adaptive capacity. However, it is precisely the nature of these human induced problems that provide enough evidence to show that adaptability may not be on a resilient path. This thesis explores the ambiguity of the idea of adaptation (and its practice) and illustrates the ways in which adaptability contributes to resilience of social ecological systems. The thesis combines a case study and grounded theory approach and develops an analytical framework to study adaptability in resource users’ organizations: from what it depends on and what the key challenges are for resource management and system resilience. It does so for the specific case of fish producers’ organizations (POs) in Portugal. The findings suggest that while ecological and market context, including the type of crisis, may influence the character of fishers’ adaptation within POs (i.e. anticipatory, maladaptive and reactively adaptive), it does not determine it. Instead, it makes agency even more crucial (i.e. leadership, trust and agent’s perceptions in terms of their impact on fishers’ motivation to learn from each other). In sum, it was found that internal adaptation can improve POs’ contribution to fishery management and resilience, but it is not a panacea and may, in some cases, increase system vulnerability to change. Continuous maladaptation of some Portuguese POs points at a basic institutional problem (fish market regime), which clearly reduces fisheries resilience as it promotes overfishing. However, structural change may not be sufficient to address other barriers to Portuguese fishers’ (PO members) adaptability, such as history (collective memory) and associated problematic self-perceptions. The agency (people involved in structures and practices) also needs to change. What and how institutional change and agency change build on one another (e.g. comparison of fisheries governance in Portugal and other EU countries) is a topic to be explored in further research.

The use of analytical hierarchy process in spatial decision support system for land use management

Geographic information systems give us the possibility to analyze, produce, and edit geographic information. Furthermore, these systems fall short on the analysis and support of complex spatial problems. Therefore, when a spatial problem, like land use management, requires a multi-criteria perspective, multi-criteria decision analysis is placed into spatial decision support systems. The analytic hierarchy process is one of many multi-criteria decision analysis methods that can be used to support these complex problems. Using its capabilities we try to develop a spatial decision support system, to help land use management. Land use management can undertake a broad spectrum of spatial decision problems. The developed decision support system had to accept as input, various formats and types of data, raster or vector format, and the vector could be polygon line or point type. The support system was designed to perform its analysis for the Zambezi river Valley in Mozambique, the study area. The possible solutions for the emerging problems had to cover the entire region. This required the system to process large sets of data, and constantly adjust to new problems’ needs. The developed decision support system, is able to process thousands of alternatives using the analytical hierarchy process, and produce an output suitability map for the problems faced.