Proactive Security Policy Enforcement for Containers

By providing lightweight and portable support for cloud native applications, container environments have recently gained significant momentum. A container orchestrator, such as Kubernetes, can enable the automatic deployment and maintenance of a large number of containerized applications. However, due to its critical role, a container orchestrator also attracts a wide range of security threats exploiting misconfigurations or implementation flaws. Moreover, enforcing security policies at runtime against such security threats becomes far more challenging, as the large scale of container environments implies high complexity, while the high dynamicity demands a short response time. In this thesis, we tackle this key security challenge to container environments through a novel proactive approach. Our proposed approach leverages learning-based prediction to conduct the computationally intensive steps (e.g., security verification) in advance, while keeping the runtime steps (e.g., policy enforcement) lightweight. Consequently, this approach can ensure a practical response time (e.g., less than 10 ms in contrast to 600 ms with one of the most popular existing approaches) for large container environments (e.g., up to 800 Pods). We demonstrate its deployability by integrating our solution with Kubernetes, one of the most popular container orchestrators

Basal body stability and ciliogenesis requires the conserved component Poc1

Centrioles are the foundation for centrosome and cilia formation. The biogenesis of centrioles is initiated by an assembly mechanism that first synthesizes the ninefold symmetrical cartwheel and subsequently leads to a stable cylindrical microtubule scaffold that is capable of withstanding microtubule-based forces generated by centrosomes and cilia. We report that the conserved WD40 repeat domain–containing cartwheel protein Poc1 is required for the structural maintenance of centrioles in Tetrahymena thermophila. Furthermore, human Poc1B is required for primary ciliogenesis, and in zebrafish, DrPoc1B knockdown causes ciliary defects and morphological phenotypes consistent with human ciliopathies. T. thermophila Poc1 exhibits a protein incorporation profile commonly associated with structural centriole components in which the majority of Poc1 is stably incorporated during new centriole assembly. A second dynamic population assembles throughout the cell cycle. Our experiments identify novel roles for Poc1 in centriole stability and ciliogenesis

Cisternal Organization of the Endoplasmic Reticulum during Mitosis

The endoplasmic reticulum (ER) of animal cells is a single, dynamic, and continuous membrane network of interconnected cisternae and tubules spread out throughout the cytosol in direct contact with the nuclear envelope. During mitosis, the nuclear envelope undergoes a major rearrangement, as it rapidly partitions its membrane-bound contents into the ER. It is therefore of great interest to determine whether any major transformation in the architecture of the ER also occurs during cell division. We present structural evidence, from rapid, live-cell, three-dimensional imaging with confirmation from high-resolution electron microscopy tomography of samples preserved by high-pressure freezing and freeze substitution, unambiguously showing that from prometaphase to telophase of mammalian cells, most of the ER is organized as extended cisternae, with a very small fraction remaining organized as tubules. In contrast, during interphase, the ER displays the familiar reticular network of convolved cisternae linked to tubules

The Centrosomal Protein C-Nap1 Is Required for Cell Cycle–Regulated Centrosome Cohesion

Duplicating centrosomes are paired during interphase, but are separated at the onset of mitosis. Although the mechanisms controlling centrosome cohesion and separation are important for centrosome function throughout the cell cycle, they remain poorly understood. Recently, we have proposed that C-Nap1, a novel centrosomal protein, is part of a structure linking parental centrioles in a cell cycle–regulated manner. To test this model, we have performed a detailed structure–function analysis on C-Nap1. We demonstrate that antibody-mediated interference with C-Nap1 function causes centrosome splitting, regardless of the cell cycle phase. Splitting occurs between parental centrioles and is not dependent on the presence of an intact microtubule or microfilament network. Centrosome splitting can also be induced by overexpression of truncated C-Nap1 mutants, but not full-length protein. Antibodies raised against different domains of C-Nap1 prove that this protein dissociates from spindle poles during mitosis, but reaccumulates at centrosomes at the end of cell division. Use of the same antibodies in immunoelectron microscopy shows that C-Nap1 is confined to the proximal end domains of centrioles, indicating that a putative linker structure must contain additional proteins. We conclude that C-Nap1 is a key component of a dynamic, cell cycle–regulated structure that mediates centriole–centriole cohesion

MAPping out distribution routes for kinesin couriers

In the crowded environment of eukaryotic cells, diffusion is an inefficient distribution mechanism for cellular components. Long-distance active transport is required and is performed by molecular motors including kinesins. Furthermore, in highly polarized, compartmentalized and plastic cells such as neurons, regulatory mechanisms are required to ensure appropriate spatio-temporal delivery of neuronal components. The kinesin machinery has diversified into a large number of kinesin motor proteins as well as adaptor proteins that are associated with subsets of cargo. However, many mechanisms contribute to the correct delivery of these cargos to their target domains. One mechanism is through motor recognition of subdomain-specific microtubule (MT) tracks, sign-posted by different tubulin isoforms, tubulin post-translational modifications (PTMs), tubulin GTPase activity and MT associated proteins (MAPs). With neurons as a model system, a critical review of these regulatory mechanisms is presented here, with particular focus on the emerging contribution of compartmentalised MAPs. Overall, we conclude that – especially for axonal cargo – alterations to the MT track can influence transport, although in vivo, it is likely that multiple track-based effects act synergistically to ensure accurate cargo distribution

Tubulin polyglutamylation stimulates spastin-mediated microtubule severing

Microtubules with long polyglutamylated C-terminal tails are more prone to severing by spastin, establishing the importance of tubulin posttranslational modifications

Subgroup II PAK-mediated phosphorylation regulates Ran activity during mitosis

Phosphorylation of the Ran GTPase on Serine-135 by PAK4 changes Ran’s association with its regulatory proteins and its ability to induce microtubule asters

Control of daughter centriole formation by the pericentriolar material

Author Posting. © The Author(s), 2008. This is the author's version of the work. It is posted here by permission of Nature Publishing Group for personal use, not for redistribution. The definitive version was published in Nature Cell Biology 10 (2008): 322-328, doi:10.1038/ncb1694.Controlling the number of its centrioles is vital for the cell as supernumerary centrioles result in multipolar mitosis and genomic instability. Normally, just one daughter centriole forms on each mature (mother) centriole; however, a mother centriole can produce multiple daughters within a single cell cycle. The mechanisms that prevent centriole ‘overduplication’ are poorly understood. Here we use laser microsurgery to test the hypothesis that attachment of the daughter centriole to the wall of the mother inhibits formation of additional daughters. We show that physical removal of the daughter induces reduplication of the mother in Sarrested cells. Under conditions when multiple daughters simultaneously form on a single mother, all of these daughters must be removed to induce reduplication. Intriguingly, the number of daughter centrioles that form during reduplication does not always match the number of ablated daughter centrioles. We also find that exaggeration of the pericentriolar material (PCM) via overexpression of the PCM protein pericentrin in S-arrested CHO cells induces formation of numerous daughter centrioles. We propose that that the size of the PCM cloud associated with the mother centriole restricts the number of daughters that can form simultaneously.This work was supported by grants from the National Institutes of Health (GM GM59363) and the Human Frontiers Science Program (RGP0064). Construction of our laser microsurgery workstation was supported in part by a fellowship from Nikon/Marine Biological Laboratory (A.K.)

Drosophila Sperm Swim Backwards in the Female Reproductive Tract and Are Activated via TRPP2 Ion Channels

Sperm have but one purpose, to fertilize an egg. In various species including Drosophila melanogaster female sperm storage is a necessary step in the reproductive process. Amo is a homolog of the human transient receptor potential channel TRPP2 (also known as PKD2), which is mutated in autosomal dominant polycystic kidney disease. In flies Amo is required for sperm storage. Drosophila males with Amo mutations produce motile sperm that are transferred to the uterus but they do not reach the female storage organs. Therefore Amo appears to be a mediator of directed sperm motility in the female reproductive tract but the underlying mechanism is unknown.Amo exhibits a unique expression pattern during spermatogenesis. In spermatocytes, Amo is restricted to the endoplasmic reticulum (ER) whereas in mature sperm, Amo clusters at the distal tip of the sperm tail. Here we show that flagellar localization of Amo is required for sperm storage. This raised the question of how Amo at the rear end of sperm regulates forward movement into the storage organs. In order to address this question, we used in vivo imaging of dual labelled sperm to demonstrate that Drosophila sperm navigate backwards in the female reproductive tract. In addition, we show that sperm exhibit hyperactivation upon transfer to the uterus. Amo mutant sperm remain capable of reverse motility but fail to display hyperactivation and directed movement, suggesting that these functions are required for sperm storage in flies.Amo is part of a signalling complex at the leading edge of the sperm tail that modulates flagellar beating and that guides a backwards path into the storage organs. Our data support an evolutionarily conserved role for TRPP2 channels in cilia