An interaction-based access control model (IBAC) for collaborative services

A collaboration is a collection of services that work together to achieve a common goal. Although collaborations help when tackling difficult problems, they lead to security issues. First, a collaboration is often performed by services that are drawn from different security domains. Second, a service interacts with multiple peer services during the collaboration. These interactions are not isolated from one another--e.g., data may flow through a sequence of different services. As a result, a service is exposed to multiple peer services in varying degrees, leading to different security threats. We identify the types of interactions that can be present in collaborations, and discuss the security threats due to each type. We propose a model for representing the collaboration context so that a service can be made aware of the existing interactions. We provide an access control model for a service participating in a collaboration. We couple our access control model with a policy model, so that the access requirements from collaborations can be expressed and evaluated

Redesign, Field-Testing, and Validation of the Physical Activity Campus Environmental Supports (PACES) Audit.

This paper describes the redesign, field-testing, and convergent validity of a practical tool-Physical Activity Campus Environmental Supports (PACES) audit. Methods. The audit includes two parts: (1) PACES-Programs, which is comprised of questions regarding populations served, fees, programs (recreation/fitness classes and intramurals), proximity, adequacy of facilities, and marketing, and (2) PACES-Facilities, which is comprised of questions regarding built environment (aesthetics, bike racks, stairs, and universal design), recreation equipment, staff, amenities, and access. Each item criterion is specifically scored using a five-point, semantic-differential scale ranging from limited to extensive environmental support. A few questions utilize select all that apply for a summed score. PACES training, interrater reliability, and data collection are all accessible via an online portal. PACES was tested on 76 college campuses. Convergent validity was examined by comparing the PACES-Programs questions to Healthy Campus Initiatives-Programs questions (HCI-Programs) and comparing the PACES-Facilities questions to questions contained in the Physical Activity Resource Assessment (PARA) Instrument. Statistical analyses included Cronbach\u27s alpha, ANOVA, latent profile analysis, and Spearman correlations. Results.The PACES-Programs audit includes 10 items for a potential total of 73 points (α = 0.72) and PACES-Facilities audit includes 15 items for a potential total of 77 points (α = 0.837). Most (77.8%) of the 153 facilities assessed scored in the most healthful range (20-42), which was mainly due to the extensiveness of the aerobic equipment/amenities and the competence/accessibility of staff. Significant differences in PACES-Total and PACES-Programs scores were associated with campus size and PACES-Facilities across regions. For the paired validation assessments, correlations were significant between PACES-Programs and HCI-Programs ((n=41) r=0.498, p \u3c 0.001) and PACES-Facilities and PARA (n=29) for both features (r=0.417, p=0.024) and amenities (r=0.612, p \u3c 0.001), indicating moderate convergent validity. Conclusion. The PACES audit is a valid, reliable tool for assessing the quality of recreation facilities and programs in a variety of college campus environments

Final analysis from RESONATE: Up to six years of follow‐up on ibrutinib in patients with previously treated chronic lymphocytic leukemia or small lymphocytic lymphoma

Ibrutinib, a once‐daily oral inhibitor of Bruton's tyrosine kinase, is approved in the United States and Europe for treatment of patients with chronic lymphocytic leukemia (CLL) or small lymphocytic lymphoma (SLL). The phase 3 RESONATE study showed improved efficacy of single‐agent ibrutinib over ofatumumab in patients with relapsed/refractory CLL/SLL, including those with high‐risk features. Here we report the final analysis from RESONATE with median follow‐up on study of 65.3 months (range, 0.3‐71.6) in the ibrutinib arm. Median progression‐free survival (PFS) remained significantly longer for patients randomized to ibrutinib vs ofatumumab (44.1 vs 8.1 months; hazard ratio [HR]: 0.148; 95% confidence interval [CI]: 0.113‐0.196; P˂.001). The PFS benefit with ibrutinib vs ofatumumab was preserved in the genomic high‐risk population with del(17p), TP53 mutation, del(11q), and/or unmutated IGHV status (median PFS 44.1 vs 8.0 months; HR: 0.110; 95% CI: 0.080‐0.152), which represented 82% of patients. Overall response rate with ibrutinib was 91% (complete response/complete response with incomplete bone marrow recovery, 11%). Overall survival, censored for crossover, was better with ibrutinib than ofatumumab (HR: 0.639; 95% CI: 0.418‐0.975). With up to 71 months (median 41 months) of ibrutinib therapy, the safety profile remained consistent with prior reports; cumulatively, all‐grade (grade ≥3) hypertension and atrial fibrillation occurred in 21% (9%) and 12% (6%) of patients, respectively. Only 16% discontinued ibrutinib because of adverse events (AEs). These long‐term results confirm the robust efficacy of ibrutinib in relapsed/refractory CLL/SLL irrespective of high‐risk clinical or genomic features, with no unexpected AEs. This trial is registered at www.clinicaltrials.gov (NCT01578707)

A leucine aminopeptidase is involved in kinetoplast DNA segregation in <i>Trypanosoma brucei</i>

The kinetoplast (k), the uniquely packaged mitochondrial DNA of trypanosomatid protists is formed by a catenated network of minicircles and maxicircles that divide and segregate once each cell cycle. Although many proteins involved in kDNA replication and segregation are now known, several key steps in the replication mechanism remain uncharacterized at the molecular level, one of which is the nabelschnur or umbilicus, a prominent structure which in the mammalian parasite Trypanosoma brucei connects the daughter kDNA networks prior to their segregation. Here we characterize an M17 family leucyl aminopeptidase metalloprotease, termed TbLAP1, which specifically localizes to the kDNA disk and the nabelschur and represents the first described protein found in this structure. We show that TbLAP1 is required for correct segregation of kDNA, with knockdown resulting in delayed cytokinesis and ectopic expression leading to kDNA loss and decreased cell proliferation. We propose that TbLAP1 is required for efficient kDNA division and specifically participates in the separation of daughter kDNA networks

Evaluation of Mutual Trust during Matchmaking

We introduce a new service discovery and matchmaking architecture, layered on top of Globus MDS3, that integrates mutual trust evaluations into the matchmaking process. Our architecture adopts a symmetric approach, and checks trust policies of both grid users and resources without requiring policy disclosures. Our approach eliminates run-time security failures arising from incompatible user/resource pairs, seamlessly integrates user-side authorization tools with the matchmaking process, and protects nave grid users by allowing a security principal to define policies that control the list of discoverable resources

APPLICATIONS

Bioinformatics analyses are unique as they usually comprise of a large number of small, computationally intensive but fairly independent processes. This gives them a high degree of parallelism and a very small cost of synchronization among the different tasks. However, the time to schedule each task is often a whole lot more than the execution time of each independent task. To reduce the overhead associated with scheduling, tasks are grouped together increasing the average life of a job and also reducing the number of jobs that need to be scheduled. Grouping also reduces the variation in the lifetime of a job, allowing better predictions of the time that a resource needs to be allocated for a task. While increasing the number of tasks in a group improves the predictability of a task, tasks within a group are executed sequentially, reducing the amount of parallelism available with the pool of tasks. This can increase the total execution time of an analysis, degrading performance of the application. An analysis pipeline for the A. fumigatus genome, consisting of BLASTn analyses against 11 genomes, two gene prediction algorithms and a RepeatMasker analysis, was developed in the DeCIFR tool for comparative genomics. Performance tests were carrie

Collaboration Policies: Access Control Management in Decentralized Heterogeneous

Abstract—Service-oriented computing promotes collaboration by defining the standards layer that allows compatibility between disparate domains. Workflows, by taking advantage of the serviceoriented framework, provide the necessary tools to harness services in order to tackle complicated problems. As a result, a service is no longer exposed to a small pre-determined homogeneous pool of users; instead it has a large, undefined, and heterogeneous pool of users. This paradigm shift in computing results in increased service exposure. The interactions among the services of a workflow must be carefully evaluated against the security risks associated with them. Classical security problems, such as delegation of rights, conflict of interest, and access control in general, become more complicated due to multiple autonomous security domains and the absence of pre-established trust relationships among the domains. Our work tackles these problems in two aspects: it provides a service owner with the necessary means to express and evaluate its trust requirements from a workflow (collaboration policies), and it incorporates these trust requirements into the workflow-planning framework (workflow authorization framework). Our policy-based framework allows bilateral peer-level trust evaluations that are based on each peer’s collaboration policies, and incorporates the outcome of these evaluations into the workflow planning logic. As a result, our work provides the necessary tools for promoting multi-party ad-hoc collaborations, and aims to reduce the reluctance and hesitation towards these collaborations by attacking the security risks associated with them