This article outlines the present state of the debate on quantitative history in France. J.-L. Robert observes a transformation of "classic" approaches to social and economic history as a result of new statistical tools, now available to historians. He advocates a careful methodological assessment of these techniques of research and discusses in detail problems like the stability of indicators over time, the application of sampling-techniques, and the limits of quantification in history.
This dissertation presents a general method for the specification and quantitative evaluation of information systems security. This method allows to monitor the evolutions of an information system in operation, as well as to compare the impact on security of possible modifications of the functioning. It relies on a formal specification of the system security policy, augmented by a model of the vulnerabilities observed in the real system in operation. Then, a security measure represents the difficulty for an attacker to exploit the vulnerabilities and defeat the objectives defined in the security policy.Information systems security policy specification necessitates the definition of a rigorous and expressive framework. Furthermore, the language should be general enough to be usable in the context of an organization. The method defined and used in this work is based on an extension of deontic logic, enriched with a graphical representation.Vulnerabilities of the information system are described by a model called a privilege graph. These vulnerabilities, probed in the system, may have various origins, such as incorrect operation of the protection mechanisms of a computer system, or delegation of privileges in an organization. The assessment of a weight to these individual vulnerabilities allows the definition of highly relevant and global quantitative measures of security.Two practical examples are presented to illustrate the methodology: the study of a medium-size bank agency; and the observation of the security evolutions of a large computer system in operation. ; Cette thèse présente une méthode générale de spécification et d'évaluation quantitative de la sécurité des systèmes d'information. Cette méthode permet de surveiller les évolutions d'un système d'information pendant sa vie opérationnelle, ainsi que de comparer l'impact sur la sécurité de modifications éventuelles du fonctionnement. Elle s'appuie sur une spécification formelle de la politique de sécurité, complétée par un modèle des vulnérabilités du ...
This dissertation presents a general method for the specification and quantitative evaluation of information systems security. This method allows to monitor the evolutions of an information system in operation, as well as to compare the impact on security of possible modifications of the functioning. It relies on a formal specification of the system security policy, augmented by a model of the vulnerabilities observed in the real system in operation. Then, a security measure represents the difficulty for an attacker to exploit the vulnerabilities and defeat the objectives defined in the security policy.Information systems security policy specification necessitates the definition of a rigorous and expressive framework. Furthermore, the language should be general enough to be usable in the context of an organization. The method defined and used in this work is based on an extension of deontic logic, enriched with a graphical representation.Vulnerabilities of the information system are described by a model called a privilege graph. These vulnerabilities, probed in the system, may have various origins, such as incorrect operation of the protection mechanisms of a computer system, or delegation of privileges in an organization. The assessment of a weight to these individual vulnerabilities allows the definition of highly relevant and global quantitative measures of security.Two practical examples are presented to illustrate the methodology: the study of a medium-size bank agency; and the observation of the security evolutions of a large computer system in operation. ; Cette thèse présente une méthode générale de spécification et d'évaluation quantitative de la sécurité des systèmes d'information. Cette méthode permet de surveiller les évolutions d'un système d'information pendant sa vie opérationnelle, ainsi que de comparer l'impact sur la sécurité de modifications éventuelles du fonctionnement. Elle s'appuie sur une spécification formelle de la politique de sécurité, complétée par un modèle des vulnérabilités du ...
This dissertation presents a general method for the specification and quantitative evaluation of information systems security. This method allows to monitor the evolutions of an information system in operation, as well as to compare the impact on security of possible modifications of the functioning. It relies on a formal specification of the system security policy, augmented by a model of the vulnerabilities observed in the real system in operation. Then, a security measure represents the difficulty for an attacker to exploit the vulnerabilities and defeat the objectives defined in the security policy.Information systems security policy specification necessitates the definition of a rigorous and expressive framework. Furthermore, the language should be general enough to be usable in the context of an organization. The method defined and used in this work is based on an extension of deontic logic, enriched with a graphical representation.Vulnerabilities of the information system are described by a model called a privilege graph. These vulnerabilities, probed in the system, may have various origins, such as incorrect operation of the protection mechanisms of a computer system, or delegation of privileges in an organization. The assessment of a weight to these individual vulnerabilities allows the definition of highly relevant and global quantitative measures of security.Two practical examples are presented to illustrate the methodology: the study of a medium-size bank agency; and the observation of the security evolutions of a large computer system in operation. ; Cette thèse présente une méthode générale de spécification et d'évaluation quantitative de la sécurité des systèmes d'information. Cette méthode permet de surveiller les évolutions d'un système d'information pendant sa vie opérationnelle, ainsi que de comparer l'impact sur la sécurité de modifications éventuelles du fonctionnement. Elle s'appuie sur une spécification formelle de la politique de sécurité, complétée par un modèle des vulnérabilités du ...
International audience ; This paper, published as the editor's introduction to a special issue of Histoire et Mesure on bankruptcies, presents a brief state of recent research on the topic and argues for a more comparative and quantitative approach. ; Cet article, publié en introduction d'un numéro thématique d'Histoire et Mesure consacré aux faillites, présente un point d'étape de l'historiographie récente sur le sujet et plaide pour une approche plus quantitative et comparative.
International audience ; This paper, published as the editor's introduction to a special issue of Histoire et Mesure on bankruptcies, presents a brief state of recent research on the topic and argues for a more comparative and quantitative approach. ; Cet article, publié en introduction d'un numéro thématique d'Histoire et Mesure consacré aux faillites, présente un point d'étape de l'historiographie récente sur le sujet et plaide pour une approche plus quantitative et comparative.
International audience ; This paper, published as the editor's introduction to a special issue of Histoire et Mesure on bankruptcies, presents a brief state of recent research on the topic and argues for a more comparative and quantitative approach. ; Cet article, publié en introduction d'un numéro thématique d'Histoire et Mesure consacré aux faillites, présente un point d'étape de l'historiographie récente sur le sujet et plaide pour une approche plus quantitative et comparative.
International audience ; This paper, published as the editor's introduction to a special issue of Histoire et Mesure on bankruptcies, presents a brief state of recent research on the topic and argues for a more comparative and quantitative approach. ; Cet article, publié en introduction d'un numéro thématique d'Histoire et Mesure consacré aux faillites, présente un point d'étape de l'historiographie récente sur le sujet et plaide pour une approche plus quantitative et comparative.
International audience ; This paper, published as the editor's introduction to a special issue of Histoire et Mesure on bankruptcies, presents a brief state of recent research on the topic and argues for a more comparative and quantitative approach. ; Cet article, publié en introduction d'un numéro thématique d'Histoire et Mesure consacré aux faillites, présente un point d'étape de l'historiographie récente sur le sujet et plaide pour une approche plus quantitative et comparative.
The quantitative approach in the comparison of economic systems. The author begins by discussing the various methodological difficulties involved in making statistical comparisons between socialist economies of the Soviet type (STE) and capitalist economies (CE). The accent is on Western studies which aim at recalculating STE aggregates in terms of the system of Western national accounting (A. Bergson). While the rate of growth in the Soviet Union and the other STE was very rapid up until the beginning of the 1960's, and slightly less so until the beginning of the 1970's, it has since then shown no advance on that of the CE. But if one compares production and the volume of productive resources used (labour, capital, raw materials), the growth of "productivity" was less rapid in the STE then in the CE, during the period from 1960 to 1980. Another important lesson to be learned from the quantitative approach is that the gap in per capita consumption between the two systems widened during the same period, to the disadvantage of the STE. Two theories are put forward to explain the observed phenomena. According to the first, the differences between the two systems are the result of a disparity in their development : more exactly, the initial backwardness of the STE still persists, or may even be increasing. However, a comparative analysis of the intersectoral structure of the STE and the CE would lead one to reject this argument. The second theory suggests that the lack of efficiency in the use of productive resources in the STE is due to the methods by which they are allocated, and to the nature of communications between enterprises and the organizations whose job it is to supervise them.
Information systems have become ubiquitous and are used to handle each day more and more data. This data is increasingly confidential: strategic military or financial information, or private data. Any leakage of this data can be harmful in many different ways, such that human casualties, money loss, privacy breaching or identity theft. The contributions of this thesis are threefold. First, we study the problem of synthesis of a communication channel inside a system given as a transducer. Even though the model of transducers is syntactically limiting, we show that this synthesis problem is undecidable in general. However, when the system is functional, meaning that its behavior from an external point of view is always the same, the problem becomes decidable. We then generalize the concept of opacity to probabilistic systems, by giving measures separated in two groups. When the system is opaque, we evaluate the robustness of this opacity with respect to the bias induced by the probability distributions in the system. When the system is not opaque, we evaluate the size of the security hole opened by this non-opacity. Finally, we study the model of Interrupt Timed Automata (ITA) where information about time elapsing is organized along levels, which therefore resemble accreditation levels. We study properties of regularity and closure of the time languages accepted by these automata and give some model-checking algorithms for fragments of timed temporal logics. ; Les systèmes informatiques sont devenus omniprésents et sont utilisés au quotidien pour gérer toujours plus d'information. Ces informations sont de plus en plus souvent confidentielles: informations stratégiques militaires ou financières, données personnelles. La fuite de ces informations peut ainsi avoir des conséquences graves telles que des pertes humaines, financières, des violations de la vie privée ou de l'usurpation d'identité. Les contributions de cette thèse se découpent en trois parties. Tout d'abord, nous étudions le problème de synthèse d'un ...