Network security mechanisms and implementations for the next generation reliable fast data transfer protocol - UDT

University of Technology, Sydney. Faculty of Engineering and Information Technology.TCP protocol variants (such as FAST, BiC, XCP, Scalable and High Speed) have demonstrated improved performance in simulation and in several limited network experiments. However, practical use of these protocols is still very limited because of implementation and installation difficulties. Users who require to transfer bulk data (e.g., in Cloud/GRID computing) usually turn to application level solutions where these variants do not fair well. Among protocols considered in the application level are User Datagram Protocol (UDP)-based protocols, such as UDT (UDP-based Data Transport Protocol). UDT is one of the most recently developed new transport protocols with congestion control algorithms. It was developed to support next generation high-speed networks, including wide area optical networks. It is considered a state-of-the-art protocol, addressing infrastructure requirements for transmitting data in high-speed networks. Its development, however, creates new vulnerabilities because like many other protocols, it relies solely on the existing security mechanisms for current protocols such as the Transmission Control Protocol (TCP) and UDP. Certainly, both UDT and the decades-old TCP/UDP lack a well-thought-out security architecture that addresses problems in today’s networks. In this dissertation, we focus on investigating UDT security issues and offer important contributions to the field of network security. The choice of UDT is significant for several reasons: UDT as a newly designed next generation protocol is considered one of the most promising and fastest protocols ever created that operates on top of the UDP protocol. It is a reliable UDP-based application-level data-transport protocol intended for distributing data intensive applications over wide area high-speed networks. It can transfer data in a highly configurable framework and can accommodate various congestion control algorithms. Its proven success at transferring terabytes of data gathered from outer space across long distances is a testament to its significant commercial promise. In this work, our objective is to examine a range of security methods used on existing mature protocols such as TCP and UDP and evaluate their viability for UDT. We highlight the security limitations of UDT and determine the threshold of feasible security schemes within the constraints under which UDT was designed and developed. Subsequently, we provide ways of securing applications and traffic using UDT protocol, and offer recommendations for securing UDT. We create security mechanisms tailored for UDT and propose a new security architecture that can assist network designers, security investigators, and users who want to incorporate security when implementing UDT across wide area networks. We then conduct practical experiments on UDT using our security mechanisms and explore the use of other existing security mechanisms used on TCP/UDP for UDT. To analyse the security mechanisms, we carry out a formal proof of correctness to assist us in determining their applicability by using Protocol Composition Logic (PCL). This approach is modular, comprising a separate proof of each protocol section and providing insight into the network environment in which each section can be reliably employed. Moreover, the proof holds for a variety of failure recovery strategies and other implementation and configuration options. We derive our technique from the PCL on TLS and Kerberos in the literature. We maintain, however, the novelty of our work for UDT particularly our newly developed mechanisms such as UDT-AO, UDT-DTLS, UDT-Kerberos (GSS-API) specifically for UDT, which all now form our proposed UDT security architecture. We further analyse this architecture using rewrite systems and automata. We outline and use symbolic analysis approach to effectively verify our proposed architecture. This approach allows dataflow replication in the implementation of selected mechanisms that are integrated into the proposed architecture. We consider this approach effective by utilising the properties of the rewrite systems to represent specific flows within the architecture to present a theoretical and reliable method to perform the analysis. We introduce abstract representations of the components that compose the architecture and conduct our investigation, through structural, semantics and query analyses. The result of this work, which is first in the literature, is a more robust theoretical and practical representation of a security architecture of UDT, viable to work with other high speed network protocols

A pragmatic approach: Achieving acceptable security mechanisms for high speed data transfer protocol-UDT

The development of next generation protocols, such as UDT (UDP-based data transfer), promptly addresses various infrastructure requirements for transmitting data in high speed networks. However, this development creates new vulnerabilities when these protocols are designed to solely rely on existing security solutions of existing protocols such as TCP and UDP. It is clear that not all security protocols (such as TLS) can be used to protect UDT, just as security solutions devised for wired networks cannot be used to protect the unwired ones. The development of UDT, similarly in the development of TCP/UDP many years ago, lacked a well-thought security architecture to address the problems that networks are presently experiencing. This paper proposes and analyses practical security mechanisms for UDT

Introduction and analysis of SDN and NFV security architecture (SN-SECA)

© 2015 IEEE. There have been a few literature published about the security risks expected on the implementations of SDN and NFV (SN), however, no formal Security Architecture with practical attributes was proposed until recently. The first of its kind SN-Security Architecture (SN-SECA) was presented as an IETF draft. This draft presents the architecture with specific ascription to ensure effective security evaluation and integration on the SDN/NVF designs and implementations. This paper briefly introduces the proposed architecture and employs methods to analyze and verify its underlying security attributes. A unified method to review SN-SECA through symbolic analysis previews traffic process flow behavior across an infrastructure with SDN and NFV frameworks. The result of this work highlights the fundamental but important role of each attribute and its flow, and overall viability of the proposed architecture for SDN and NFV that protractedly useful to security practitioners

Synchronous collecting duct carcinoma and papillary renal cell carcinoma: A case report and review of the literature

The coexistence of multiple and synchronous primary neoplasms in the same organ (including kidney) has only rarely been described in the literature. We herein present a case of collecting duct carcinoma (CDC) combined with papillary renal carcinoma (RCC) having a 57-month disease-free survival. CDC is a rather rare and aggressive neoplasm of the kidney. Sharing probably the same embryological origin, synchronous or metachronous association with in situ or papillary transitional cell carcinoma (TCC) may be found; association with RCC has been only once reported in the literature. The high incidence of c-erbB-2 oncogene amplification in CDC further characterizes this tumor as a separate entity from renal cell carcinoma, and shows some genetic characteristics in common with TCC. The histohgical diagnosis of Bellini CDC can be confirmed by the positive immuno-histochemical staining with a collecting duct marker and distal tubule marker and negative staining with a proximal tubule marker

A frequentist framework of inductive reasoning

Reacting against the limitation of statistics to decision procedures, R. A. Fisher proposed for inductive reasoning the use of the fiducial distribution, a parameter-space distribution of epistemological probability transferred directly from limiting relative frequencies rather than computed according to the Bayes update rule. The proposal is developed as follows using the confidence measure of a scalar parameter of interest. (With the restriction to one-dimensional parameter space, a confidence measure is essentially a fiducial probability distribution free of complications involving ancillary statistics.) A betting game establishes a sense in which confidence measures are the only reliable inferential probability distributions. The equality between the probabilities encoded in a confidence measure and the coverage rates of the corresponding confidence intervals ensures that the measure's rule for assigning confidence levels to hypotheses is uniquely minimax in the game. Although a confidence measure can be computed without any prior distribution, previous knowledge can be incorporated into confidence-based reasoning. To adjust a p-value or confidence interval for prior information, the confidence measure from the observed data can be combined with one or more independent confidence measures representing previous agent opinion. (The former confidence measure may correspond to a posterior distribution with frequentist matching of coverage probabilities.) The representation of subjective knowledge in terms of confidence measures rather than prior probability distributions preserves approximate frequentist validity.Comment: major revisio

Computer vision and machine learning for robust phenotyping in genome-wide studies

Traditional evaluation of crop biotic and abiotic stresses are time-consuming and labor-intensive limiting the ability to dissect the genetic basis of quantitative traits. A machine learning (ML)-enabled image-phenotyping pipeline for the genetic studies of abiotic stress iron deficiency chlorosis (IDC) of soybean is reported. IDC classification and severity for an association panel of 461 diverse plant-introduction accessions was evaluated using an end-to-end phenotyping workflow. The workflow consisted of a multi-stage procedure including: (1) optimized protocols for consistent image capture across plant canopies, (2) canopy identification and registration from cluttered backgrounds, (3) extraction of domain expert informed features from the processed images to accurately represent IDC expression, and (4) supervised ML-based classifiers that linked the automatically extracted features with expert-rating equivalent IDC scores. ML-generated phenotypic data were subsequently utilized for the genome-wide association study and genomic prediction. The results illustrate the reliability and advantage of ML-enabled image-phenotyping pipeline by identifying previously reported locus and a novel locus harboring a gene homolog involved in iron acquisition. This study demonstrates a promising path for integrating the phenotyping pipeline into genomic prediction, and provides a systematic framework enabling robust and quicker phenotyping through ground-based systems

Involvement of PPAR-γ in the neuroprotective and anti-inflammatory effects of angiotensin type 1 receptor inhibition: effects of the receptor antagonist telmisartan and receptor deletion in a mouse MPTP model of Parkinson's disease

<p>Abstract</p> <p>Background</p> <p>Several recent studies have shown that angiotensin type 1 receptor (AT1) antagonists such as candesartan inhibit the microglial inflammatory response and dopaminergic cell loss in animal models of Parkinson's disease. However, the mechanisms involved in the neuroprotective and anti-inflammatory effects of AT1 blockers in the brain have not been clarified. A number of studies have reported that AT1 blockers activate peroxisome proliferator-activated receptor gamma (PPAR γ). PPAR-γ activation inhibits inflammation, and may be responsible for neuroprotective effects, independently of AT1 blocking actions.</p> <p>Methods</p> <p>We have investigated whether oral treatment with telmisartan (the most potent PPAR-γ activator among AT1 blockers) provides neuroprotection against dopaminergic cell death and neuroinflammation, and the possible role of PPAR-γ activation in any such neuroprotection. We used a mouse model of parkinsonism induced by the dopaminergic neurotoxin 1-methyl-4-phenyl-1,2,3,6-tetrahydropyridine (MPTP) and co-administration of the PPAR-γ antagonist GW9662 to study the role of PPAR-γ activation. In addition, we used AT1a-null mice lesioned with MPTP to study whether deletion of AT1 in the absence of any pharmacological effect of AT1 blockers provides neuroprotection, and investigated whether PPAR-γ activation may also be involved in any such effect of AT1 deletion by co-administration of the PPAR-γ antagonist GW9662.</p> <p>Results</p> <p>We observed that telmisartan protects mouse dopaminergic neurons and inhibits the microglial response induced by administration of MPTP. The protective effects of telmisartan on dopaminergic cell death and microglial activation were inhibited by co-administration of GW9662. Dopaminergic cell death and microglial activation were significantly lower in AT1a-null mice treated with MPTP than in mice not subjected to AT1a deletion. Interestingly, the protective effects of AT1 deletion were also inhibited by co-administration of GW9662.</p> <p>Conclusion</p> <p>The results suggest that telmisartan provides effective neuroprotection against dopaminergic cell death and that the neuroprotective effect is mediated by PPAR-γ activation. However, the results in AT1-deficient mice show that blockage of AT1, unrelated to the pharmacological properties of AT1 blockers, also protects against dopaminergic cell death and neuroinflammation. Furthermore, the results show that PPAR-γ activation is involved in the anti-inflammatory and neuroprotective effects of AT1 deletion.</p

Multisite Phosphorylation Provides an Effective and Flexible Mechanism for Switch-Like Protein Degradation

Phosphorylation-triggered degradation is a common strategy for elimination of regulatory proteins in many important cell signaling processes. Interesting examples include cyclin-dependent kinase inhibitors such as p27 in human and Sic1 in yeast, which play crucial roles during the G1/S transition in the cell cycle. In this work, we have modeled and analyzed the dynamics of multisite-phosphorylation-triggered protein degradation systematically. Inspired by experimental observations on the Sic1 protein and a previous intriguing theoretical conjecture, we develop a model to examine in detail the degradation dynamics of a protein featuring multiple phosphorylation sites and a threshold site number for elimination in response to a kinase signal. Our model explains the role of multiple phosphorylation sites, compared to a single site, in the regulation of protein degradation. A single-site protein cannot convert a graded input of kinase increase to much sharper output, whereas multisite phosphorylation is capable of generating a highly switch-like temporal profile of the substrate protein with two characteristics: a temporal threshold and rapid decrease beyond the threshold. We introduce a measure termed temporal response coefficient to quantify the extent to which a response in the time domain is switch-like and further investigate how this property is determined by various factors including the kinase input, the total number of sites, the threshold site number for elimination, the order of phosphorylation, the kinetic parameters, and site preference. Some interesting and experimentally verifiable predictions include that the non-degradable fraction of the substrate protein exhibits a more switch-like temporal profile; a sequential system is more switch-like, while a random system has the advantage of increased robustness; all the parameters, including the total number of sites, the threshold site number for elimination and the kinetic parameters synergistically determine the exact extent to which the degradation profile is switch-like. Our results suggest design principles for protein degradation switches which might be a widespread mechanism for precise regulation of cellular processes such as cell cycle progression

Massive-Scale RNA-Seq Analysis of Non Ribosomal Transcriptome in Human Trisomy 21

Hybridization- and tag-based technologies have been successfully used in Down syndrome to identify genes involved in various aspects of the pathogenesis. However, these technologies suffer from several limits and drawbacks and, to date, information about rare, even though relevant, RNA species such as long and small non-coding RNAs, is completely missing. Indeed, none of published works has still described the whole transcriptional landscape of Down syndrome. Although the recent advances in high-throughput RNA sequencing have revealed the complexity of transcriptomes, most of them rely on polyA enrichment protocols, able to detect only a small fraction of total RNA content. On the opposite end, massive-scale RNA sequencing on rRNA-depleted samples allows the survey of the complete set of coding and non-coding RNA species, now emerging as novel contributors to pathogenic mechanisms. Hence, in this work we analysed for the first time the complete transcriptome of human trisomic endothelial progenitor cells to an unprecedented level of resolution and sensitivity by RNA-sequencing. Our analysis allowed us to detect differential expression of even low expressed genes crucial for the pathogenesis, to disclose novel regions of active transcription outside yet annotated loci, and to investigate a plethora of non-polyadenilated long as well as short non coding RNAs. Novel splice isoforms for a large subset of crucial genes, and novel extended untranslated regions for known genes—possibly novel miRNA targets or regulatory sites for gene transcription—were also identified in this study. Coupling the rRNA depletion of samples, followed by high-throughput RNA-sequencing, to the easy availability of these cells renders this approach very feasible for transcriptome studies, offering the possibility of investigating in-depth blood-related pathological features of Down syndrome, as well as other genetic disorders