SafeWeb: A Middleware for Securing Ruby-Based Web Applications

Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits. Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)

Reaching micro-arcsecond astrometry with long baseline optical interferometry; application to the GRAVITY instrument

A basic principle of long baseline interferometry is that an optical path difference (OPD) directly translates into an astrometric measurement. In the simplest case, the OPD is equal to the scalar product between the vector linking the two telescopes and the normalized vector pointing toward the star. However, a too simple interpretation of this scalar product leads to seemingly conflicting results, called here "the baseline paradox". For micro-arcsecond accuracy astrometry, we have to model in full the metrology measurement. It involves a complex system subject to many optical effects: from pure baseline errors to static, quasi-static and high order optical aberrations. The goal of this paper is to present the strategy used by the "General Relativity Analysis via VLT InTerferometrY" instrument (GRAVITY) to minimize the biases introduced by these defects. It is possible to give an analytical formula on how the baselines and tip-tilt errors affect the astrometric measurement. This formula depends on the limit-points of three type of baselines: the wide-angle baseline, the narrow-angle baseline, and the imaging baseline. We also, numerically, include non-common path higher-order aberrations, whose amplitude were measured during technical time at the Very Large Telescope Interferometer. We end by simulating the influence of high-order common-path aberrations due to atmospheric residuals calculated from a Monte-Carlo simulation tool for Adaptive optics systems. The result of this work is an error budget of the biases caused by the multiple optical imperfections, including optical dispersion. We show that the beam stabilization through both focal and pupil tracking is crucial to the GRAVITY system. Assuming the instrument pupil is stabilized at a 4 cm level on M1, and a field tracking below 0.2$\lambda/D$, we show that GRAVITY will be able to reach its objective of 10$\mu$as accuracy.Comment: 14 pages. Accepted by A&

Hyperthermia treatment of tumors by mesenchymal stem cell-delivered superparamagnetic iron oxide nanoparticles.

Magnetic hyperthermia - a potential cancer treatment in which superparamagnetic iron oxide nanoparticles (SPIONs) are made to resonantly respond to an alternating magnetic field (AMF) and thereby produce heat - is of significant current interest. We have previously shown that mesenchymal stem cells (MSCs) can be labeled with SPIONs with no effect on cell proliferation or survival and that within an hour of systemic administration, they migrate to and integrate into tumors in vivo. Here, we report on some longer term (up to 3 weeks) post-integration characteristics of magnetically labeled human MSCs in an immunocompromized mouse model. We initially assessed how the size and coating of SPIONs dictated the loading capacity and cellular heating of MSCs. Ferucarbotran(®) was the best of those tested, having the best like-for-like heating capability and being the only one to retain that capability after cell internalization. A mouse model was created by subcutaneous flank injection of a combination of 0.5 million Ferucarbotran-loaded MSCs and 1.0 million OVCAR-3 ovarian tumor cells. After 2 weeks, the tumors reached ~100 µL in volume and then entered a rapid growth phase over the third week to reach ~300 µL. In the control mice that received no AMF treatment, magnetic resonance imaging (MRI) data showed that the labeled MSCs were both incorporated into and retained within the tumors over the entire 3-week period. In the AMF-treated mice, heat increases of ~4°C were observed during the first application, after which MRI indicated a loss of negative contrast, suggesting that the MSCs had died and been cleared from the tumor. This post-AMF removal of cells was confirmed by histological examination and also by a reduced level of subsequent magnetic heating effect. Despite this evidence for an AMF-elicited response in the SPION-loaded MSCs, and in contrast to previous reports on tumor remission in immunocompetent mouse models, in this case, no significant differences were measured regarding the overall tumor size or growth characteristics. We discuss the implications of these results on the clinical delivery of hyperthermia therapy to tumors and on the possibility that a preferred therapeutic route may involve AMF as an adjuvant to an autologous immune response

Mapping the spatiotemporal dynamics of calcium signaling in cellular neural networks using optical flow

An optical flow gradient algorithm was applied to spontaneously forming net- works of neurons and glia in culture imaged by fluorescence optical microscopy in order to map functional calcium signaling with single pixel resolution. Optical flow estimates the direction and speed of motion of objects in an image between subsequent frames in a recorded digital sequence of images (i.e. a movie). Computed vector field outputs by the algorithm were able to track the spatiotemporal dynamics of calcium signaling pat- terns. We begin by briefly reviewing the mathematics of the optical flow algorithm, and then describe how to solve for the displacement vectors and how to measure their reliability. We then compare computed flow vectors with manually estimated vectors for the progression of a calcium signal recorded from representative astrocyte cultures. Finally, we applied the algorithm to preparations of primary astrocytes and hippocampal neurons and to the rMC-1 Muller glial cell line in order to illustrate the capability of the algorithm for capturing different types of spatiotemporal calcium activity. We discuss the imaging requirements, parameter selection and threshold selection for reliable measurements, and offer perspectives on uses of the vector data.Comment: 23 pages, 5 figures. Peer reviewed accepted version in press in Annals of Biomedical Engineerin

Sensing array for coherence analysis of modulated aquatic chemical plumes

An electrochemical sensor array can provide information about the spatial and temporal distribution of chemicals in liquid turbulent plumes. Planar laser induced fluorescence (PLIF) and amperometric sensor arrays were used to record signals from modulated chemical plumes released into a recirculating aquatic flume. Coherence analysis was applied to extract the frequency components contained in the sensor response. Effects due to release distance, modulation frequency, and array orientation were investigated. This study has demonstrated that frequency encoded information can be extracted from a turbulent chemical plume using an array of amperometric sensors with optimized three-dimensional geometry and tuning.M.S.Committee Chair: Janata, Jiri; Committee Member: Lyon, Andrew; Committee Member: Weissburg, Mar

ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

Despite the fact that cyberattacks are constantly growing in complexity, the research community still lacks effective tools to easily monitor and understand them. In particular, there is a need for techniques that are able to not only track how prominently certain malicious actions, such as the exploitation of specific vulnerabilities, are exploited in the wild, but also (and more importantly) how these malicious actions factor in as attack steps in more complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve. We test ATTACK2VEC on a dataset of billions of security events collected from the customers of a commercial Intrusion Prevention System over a period of two years, and show that our approach is effective in monitoring the emergence of new attack strategies in the wild and in flagging which attack steps are often used together by attackers (e.g., vulnerabilities that are frequently exploited together). ATTACK2VEC provides a useful tool for researchers and practitioners to better understand cyberattacks and their evolution, and use this knowledge to improve situational awareness and develop proactive defenses