A Survey of Prevent and Detect Access Control Vulnerabilities

Broken access control is one of the most common security vulnerabilities in web applications. These vulnerabilities are the major cause of many data breach incidents, which result in privacy concern and revenue loss. However, preventing and detecting access control vulnerabilities proactively in web applications could be difficult. Currently, these vulnerabilities are actively detected by bug bounty hunters post-deployment, which creates attack windows for malicious access. To solve this problem proactively requires security awareness and expertise from developers, which calls for systematic solutions. This survey targets to provide a structured overview of approaches that tackle access control vulnerabilities. It firstly discusses the unique feature of access control vulnerabilities, then studies the existing works proposed to tackle access control vulnerabilities in web applications, which span the spectrum of software development from software design and implementation, software analysis and testing, and runtime monitoring. At last we discuss the open problem in this field

Identifying Systematic Errors in Object Detectors with the SCROD Pipeline

The identification and removal of systematic errors in object detectors can be a prerequisite for their deployment in safety-critical applications like automated driving and robotics. Such systematic errors can for instance occur under very specific object poses (location, scale, orientation), object colors/textures, and backgrounds. Real images alone are unlikely to cover all relevant combinations. We overcome this limitation by generating synthetic images with fine-granular control. While generating synthetic images with physical simulators and hand-designed 3D assets allows fine-grained control over generated images, this approach is resource-intensive and has limited scalability. In contrast, using generative models is more scalable but less reliable in terms of fine-grained control. In this paper, we propose a novel framework that combines the strengths of both approaches. Our meticulously designed pipeline along with custom models enables us to generate street scenes with fine-grained control in a fully automated and scalable manner. Moreover, our framework introduces an evaluation setting that can serve as a benchmark for similar pipelines. This evaluation setting will contribute to advancing the field and promoting standardized testing procedures

Breeze : an integrated quality control and data analysis application for high-throughput drug screening

High-throughput screening (HTS) enables systematic testing of thousands of chemical compounds for potential use as investigational and therapeutic agents. HTS experiments are often conducted in multi-well plates that inherently bear technical and experimental sources of error. Thus, HTS data processing requires the use of robust quality control procedures before analysis and interpretation. Here, we have implemented an open-source analysis application, Breeze, an integrated quality control and data analysis application for HTS data. Furthermore, Breeze enables a reliable way to identify individual drug sensitivity and resistance patterns in cell lines or patient-derived samples for functional precision medicine applications. The Breeze application provides a complete solution for data quality assessment, dose-response curve fitting and quantification of the drug responses along with interactive visualization of the results.Peer reviewe

A Methodology for Model Based Development of Application Software Modules Exemplified by Radar Based Parking Systems

International audienceThis paper addresses a methodology for the development of driver assistance systems. As an example the development of parking systems is described in detail. Throughout the paper the complete system including sensors, ECU and software is considered in order to provide better understanding of the overall development activities in each state of development. A model based development approach is chosen for the early evaluation of the whole system. Graphical models are used throughout the process which is also advantageous for the extraction and the systematic validation of sub modules. The models are both used for the preparation of decisions in functional or software architecture and for testing and integration strategies. For software modules containing core function applications the tool-supported development is presented, starting from basic ideas of new functionalities up to and including automatically generated production code for electronic control units

The Neural Data Router: Adaptive Control Flow in Transformers Improves Systematic Generalization

Despite progress across a broad range of applications, Transformers have limited success in systematic generalization. The situation is especially frustrating in the case of algorithmic tasks, where they often fail to find intuitive solutions that route relevant information to the right node/operation at the right time in the grid represented by Transformer columns. To facilitate the learning of useful control flow, we propose two modifications to the Transformer architecture, copy gate and geometric attention. Our novel Neural Data Router (NDR) achieves 100% length generalization accuracy on the classic compositional table lookup task, as well as near-perfect accuracy on the simple arithmetic task and a new variant of ListOps testing for generalization across computational depths. NDR's attention and gating patterns tend to be interpretable as an intuitive form of neural routing. Our code is public.Comment: Accepted to ICLR 202

The clinical effectiveness of individual behaviour change interventions to reduce risky sexual behaviour after a negative human immunodeficiency virus test in men who have sex with men: systematic and realist reviews and intervention development

Background: Men who have sex with men (MSM) experience significant inequalities in health and well-being. They are the group in the UK at the highest risk of acquiring a human immunodeficiency virus (HIV) infection. Guidance relating to both HIV infection prevention, in general, and individual-level behaviour change interventions, in particular, is very limited. Objectives: To conduct an evidence synthesis of the clinical effectiveness of behaviour change interventions to reduce risky sexual behaviour among MSM after a negative HIV infection test. To identify effective components within interventions in reducing HIV risk-related behaviours and develop a candidate intervention. To host expert events addressing the implementation and optimisation of a candidate intervention. Data sources: All major electronic databases (British Education Index, BioMed Central, Cumulative Index to Nursing and Allied Health Literature, EMBASE, Educational Resource Index and Abstracts, Health and Medical Complete, MEDLINE, PsycARTICLES, PsycINFO, PubMed and Social Science Citation Index) were searched between January 2000 and December 2014. Review methods: A systematic review of the clinical effectiveness of individual behaviour change interventions was conducted. Interventions were examined using the behaviour change technique (BCT) taxonomy, theory coding assessment, mode of delivery and proximity to HIV infection testing. Data were summarised in narrative review and, when appropriate, meta-analysis was carried out. Supplemental analyses for the development of the candidate intervention focused on post hoc realist review method, the assessment of the sequential delivery and content of intervention components, and the social and historical context of primary studies. Expert panels reviewed the candidate intervention for issues of implementation and optimisation. Results: Overall, trials included in this review (n = 10) demonstrated that individual-level behaviour change interventions are effective in reducing key HIV infection risk-related behaviours. However, there was considerable clinical and methodological heterogeneity among the trials. Exploratory meta-analysis showed a statistically significant reduction in behaviours associated with high risk of HIV transmission (risk ratio 0.75, 95% confidence interval 0.62 to 0.91). Additional stratified analyses suggested that effectiveness may be enhanced through face-to-face contact immediately after testing, and that theory-based content and BCTs drawn from ‘goals and planning’ and ‘identity’ groups are important. All evidence collated in the review was synthesised to develop a candidate intervention. Experts highlighted overall acceptability of the intervention and outlined key ways that the candidate intervention could be optimised to enhance UK implementation. Limitations: There was a limited number of primary studies. All were from outside the UK and were subject to considerable clinical, methodological and statistical heterogeneity. The findings of the meta-analysis must therefore be treated with caution. The lack of detailed intervention manuals limited the assessment of intervention content, delivery and fidelity. Conclusions: Evidence regarding the effectiveness of behaviour change interventions suggests that they are effective in changing behaviour associated with HIV transmission. Exploratory stratified meta-analyses suggested that interventions should be delivered face to face and immediately after testing. There are uncertainties around the generalisability of these findings to the UK setting. However, UK experts found the intervention acceptable and provided ways of optimising the candidate intervention. Future work: There is a need for well-designed, UK-based trials of individual behaviour change interventions that clearly articulate intervention content and demonstrate intervention fidelity

The clinical effectiveness and cost-effectiveness of point-of-care tests (CoaguChek system, INRatio2 PT/INR monitor and ProTime Microcoagulation system) for the self-monitoring of the coagulation status of people receiving long-term vitamin K antagonist therapy, compared with standard UK practice : systematic review and economic evaluation

Funding The National Institute for Health Research Health Technology Assessment programme.Peer reviewedPublisher PD

Conceptual Framework and Physical Implementation of a Systematic Design Strategy for Tissue-Engineered Devices

Tissue-engineered and biologically inspired devices promise to advance medical implants, robotic devices and diagnostic tools. Ideally, biohybrid constructs combine the versatility and fine control of traditional building substrates with dynamic properties of living tissues including sensory modalities and mechanisms of repair, plasticity and self-organization. These dynamic properties also complicate the design process as they arise from, and act upon, structure-function relationships across multiple spatiotemporal scales that need to be recapitulated in the engineered tissue. Biomimetic designs merely copying the structure of native organs and organisms, however, are likely to reflect evolutionary constraints, phenotypic variability and environmental factors rather than rendering optimal engineering solutions. This thesis describes an alternative to biomimetic design, i.e., a systematic approach to tissue engineering based on mechanistic analysis and a focus on functional, not structural, approximation of native and engineered system. As proof of concept, the design, fabrication and evaluation of a tissue-engineered jellyfish medusa with biomimetic propulsion and feeding currents is presented with an emphasis on reasoning and strategy of the iterative design process. A range of experimental and modeling approaches accomplishes mechanistic analysis at multiple scales, control of individual and emergent cell behavior, and quantitative testing of functional performance. The main achievement of this thesis lies in presenting both conceptual framework and physical implementation of a systematic design strategy for muscular pumps and other bioinspired and tissue-engineered applications.</p

Identification of delivery models for the provision of predictive genetic testing in Europe: protocol for a multicentre qualitative study and a systematic review of the literature

Introduction: The appropriate application of genomic technologies in healthcare is surrounded by many concerns. In particular, there is a lack of evidence on what constitutes an optimal genetic service delivery model, which depends on the type of genetic test and healthcare context considered. The present project aims to identify, classify, and evaluate delivery models for the provision of predictive genetic testing in Europe and in selected Anglophone extra-European countries (the USA, Canada, Australia, and New Zealand). It also sets out to survey the European public health community’s readiness to incorporate public health genomics into their practice. Materials and equipment: The project consists of (i) a systematic review of published literature and selected country websites, (ii) structured interviews with health experts on the genetic service delivery models in their respective countries, and (iii) a survey of European Public Health Association (EUPHA) members’ knowledge and attitudes toward genomics applications in clinical practice. The inclusion criteria for the systematic review are that articles be published in the period 2000–2015; be in English or Italian; and be from European countries or from Canada, the USA, Australia, or New Zealand. Additional policy documents will be retrieved from represented countries’ government-affiliated websites. The results of the research will be disseminated through the EUPHA network, the Italian Network for Genomics in Public Health (GENISAP), and seminars and workshops. Expected impact of the study on public health: The transfer of genomic technologies from research to clinical application is influenced not only by several factors inherent to research goals and delivery of healthcare but also by external and commercial interests that may cause the premature introduction of genetic tests in the public and private sectors. Furthermore, current genetic services are delivered without a standardized set of process and outcome measures, which makes the evaluation of healthcare services difficult. The present study will identify and classify delivery models and, subsequently, establish which are appropriate for the provision of predictive genetic testing in Europe by comparing sets of process and outcome measures. In this way, the study will provide a basis for future recommendations to decision makers involved in the financing, delivery, and consumption of genetic services