TO INFORM THEIR DISCRETION: POLICY EDUCATION AND DEMOCRATIC POLITICS

Political Economy,

Using Machine Learning to Assist with the Selection of Security Controls During Security Assessment

In many domains such as healthcare and banking, IT systems need to fulfill various requirements related to security. The elaboration of security requirements for a given system is in part guided by the controls envisaged by the applicable security standards and best practices. An important difficulty that analysts have to contend with during security requirements elaboration is sifting through a large number of security controls and determining which ones have a bearing on the security requirements for a given system. This challenge is often exacerbated by the scarce security expertise available in most organizations. [Objective] In this article, we develop automated decision support for the identification of security controls that are relevant to a specific system in a particular context. [Method and Results] Our approach, which is based on machine learning, leverages historical data from security assessments performed over past systems in order to recommend security controls for a new system. We operationalize and empirically evaluate our approach using real historical data from the banking domain. Our results show that, when one excludes security controls that are rare in the historical data, our approach has an average recall of ≈ 94% and average precision of ≈ 63%. We further examine through a survey the perceptions of security analysts about the usefulness of the classification models derived from historical data. [Conclusions] The high recall – indicating only a few relevant security controls are missed – combined with the reasonable level of precision – indicating that the effort required to confirm recommendations is not excessive – suggests that our approach is a useful aid to analysts for more efficiently identifying the relevant security controls, and also for decreasing the likelihood that important controls would be overlooked. Further, our survey results suggest that the generated classification models help provide a documented and explicit rationale for choosing the applicable security controls

Higher Education Exchange: 2006

This annual publication serves as a forum for new ideas and dialogue between scholars and the larger public. Essays explore ways that students, administrators, and faculty can initiate and sustain an ongoing conversation about the public life they share.The Higher Education Exchange is founded on a thought articulated by Thomas Jefferson in 1820: "I know no safe depository of the ultimate powers of the society but the people themselves; and if we think them not enlightened enough to exercise their control with a wholesome discretion, the remedy is not to take it from them, but to inform their discretion by education."In the tradition of Jefferson, the Higher Education Exchange agrees that a central goal of higher education is to help make democracy possible by preparing citizens for public life. The Higher Education Exchange is part of a movement to strengthen higher education's democratic mission and foster a more democratic culture throughout American society.Working in this tradition, the Higher Education Exchange publishes interviews, case studies, analyses, news, and ideas about efforts within higher education to develop more democratic societies

An integrated search-based approach for automatic testing from extended finite state machine (EFSM) models

This is the post-print version of the Article - Copyright @ 2011 ElsevierThe extended finite state machine (EFSM) is a modelling approach that has been used to represent a wide range of systems. When testing from an EFSM, it is normal to use a test criterion such as transition coverage. Such test criteria are often expressed in terms of transition paths (TPs) through an EFSM. Despite the popularity of EFSMs, testing from an EFSM is difficult for two main reasons: path feasibility and path input sequence generation. The path feasibility problem concerns generating paths that are feasible whereas the path input sequence generation problem is to find an input sequence that can traverse a feasible path. While search-based approaches have been used in test automation, there has been relatively little work that uses them when testing from an EFSM. In this paper, we propose an integrated search-based approach to automate testing from an EFSM. The approach has two phases, the aim of the first phase being to produce a feasible TP (FTP) while the second phase searches for an input sequence to trigger this TP. The first phase uses a Genetic Algorithm whose fitness function is a TP feasibility metric based on dataflow dependence. The second phase uses a Genetic Algorithm whose fitness function is based on a combination of a branch distance function and approach level. Experimental results using five EFSMs found the first phase to be effective in generating FTPs with a success rate of approximately 96.6%. Furthermore, the proposed input sequence generator could trigger all the generated feasible TPs (success rate = 100%). The results derived from the experiment demonstrate that the proposed approach is effective in automating testing from an EFSM

Decision Support for Security-Control Identification Using Machine Learning

peer reviewed[Context & Motivation] In many domains such as healthcare and banking, IT systems need to fulfill various requirements related to security. The elaboration of security requirements for a given system is in part guided by the controls envisaged by the applicable security standards and best practices. [Problem] An important difficulty that analysts have to contend with during security requirements elaboration is sifting through a large number of security controls and determining which ones have a bearing on the security requirements for a given system. This challenge is often exacerbated by the scarce security expertise available in most organizations. [Principal ideas/results] In this paper, we develop automated decision support for the identification of security controls that are relevant to a specific system in a particular context. Our approach, which is based on machine learning, leverages historical data from security assessments performed over past systems in order to recommend security controls for a new system. We operationalize and empirically evaluate our approach using real historical data from the banking domain. Our results show that, when one excludes security controls that are rare in the historical data, our approach has an average recall of ≈ 95% and average precision of ≈ 67%. [Contribution] The high recall – indicating only a few relevant security controls are missed – combined with the reasonable level of precision – indicating that the effort required to confirm recommendations is not excessive – suggests that our approach is a useful aid to analysts for more efficiently identifying the relevant security controls, and also for decreasing the likelihood that important controls would be overlooked

Resisting and tolerating P. falciparum in pregnancy under different malaria transmission intensities.

BACKGROUND: Resistance and tolerance to Plasmodium falciparum can determine the progression of malaria disease. However, quantitative evidence of tolerance is still limited. We investigated variations in the adverse impact of P. falciparum infections among African pregnant women under different intensities of malaria transmission. METHODS: P. falciparum at delivery was assessed by microscopy, quantitative PCR (qPCR) and placental histology in 946 HIV-uninfected and 768 HIV-infected pregnant women from Benin, Gabon, Kenya and Mozambique. Resistance was defined by the proportion of submicroscopic infections and the levels of anti-parasite antibodies quantified by Luminex, and tolerance by the relationship of pregnancy outcomes with parasite densities at delivery. RESULTS: P. falciparum prevalence by qPCR in peripheral and/or placental blood of HIV-uninfected Mozambican, Gabonese and Beninese women at delivery was 6% (21/340), 11% (28/257) and 41% (143/349), respectively. The proportion of peripheral submicroscopic infections was higher in Benin (83%) than in Mozambique (60%) and Gabon (55%; P = 0.033). Past or chronic placental P. falciparum infection was associated with an increased risk of preterm birth in Mozambican newborns (OR = 7.05, 95% CI 1.79 to 27.82). Microscopic infections were associated with reductions in haemoglobin levels at delivery among Mozambican women (-1.17 g/dL, 95% CI -2.09 to -0.24) as well as with larger drops in haemoglobin levels from recruitment to delivery in Mozambican (-1.66 g/dL, 95% CI -2.68 to -0.64) and Gabonese (-0.91 g/dL, 95% CI -1.79 to -0.02) women. Doubling qPCR-peripheral parasite densities in Mozambican women were associated with decreases in haemoglobin levels at delivery (-0.16 g/dL, 95% CI -0.29 to -0.02) and increases in the drop of haemoglobin levels (-0.29 g/dL, 95% CI -0.44 to -0.14). Beninese women had higher anti-parasite IgGs than Mozambican women (P < 0.001). No difference was found in the proportion of submicroscopic infections nor in the adverse impact of P. falciparum infections in HIV-infected women from Kenya (P. falciparum prevalence by qPCR: 9%, 32/351) and Mozambique (4%, 15/417). CONCLUSIONS: The lowest levels of resistance and tolerance in pregnant women from areas of low malaria transmission were accompanied by the largest adverse impact of P. falciparum infections. Exposure-dependent mechanisms developed by pregnant women to resist the infection and minimise pathology can reduce malaria-related adverse outcomes. Distinguishing both types of defences is important to understand how reductions in transmission can affect malaria disease. TRIAL REGISTRATION: ClinicalTrials.gov NCT00811421 . Registered 18 December 2008

Concordance of three alternative gestational age assessments for pregnant women from four African countries: A secondary analysis of the MIPPAD trial

Background: At times, ultrasound is not readily available in low resource countries in Africa for accurate determination of gestational age, so using alternative methods is pivotal during pregnancy. These assessments are used to aid the risk analysis for an infant and management strategies for premature delivery, if necessary. Currently, date of last menstrual period, fundal height measurements, and the New Ballard Score are commonly used in resource-limited settings. However, concordance of these measures is unknown for sub-Saharan Africa. We obtained data from an open-label randomized controlled trial, to assess the concordance of these alternative assessment methods. The purpose of our study was to determine the agreement between these alternative methods when used in sub-Saharan African populations. Methods: A total of 4,390 pregnant women from Benin, Gabon, Mozambique and Tanzania were included in our analysis. The assessment methods compared were: 1) reported last menstrual period, 2) symphysis-fundal height measurement, and 3) the New Ballard Score. The Bland-Altman method and intraclass correlation coefficient (ICC) were used to test the degree of agreement. Survival range gestational age, used as an inclusion criterion for further analysis, was from 22 to 44 weeks. Findings: Plots showed a lack of agreement between methods and the 95% limits of agreement too wide to be clinically useful. ICC = 0.25 indicated poor agreement. A post-hoc analysis, restricted from 32 to 42 weeks, was done to check for better agreement in this near-term population. The plots and ICC = 0.16 still confirmed poor agreement. Conclusion: The alternative assessments do not result in comparable outcomes and discrepancies are far beyond the clinically acceptable range. Last menstrual period should not be used as the only estimator of gestational age. In the absence of reliable early ultrasound, symphysis-fundal height measurements may be most useful during pregnancy for fetal risk assessment and the New Ballard Score after delivery as a confirmation of these estimations and for further neonatal management. However, promotion of portable ultrasound devices is required for accurate assessment of gestational age in sub-Sahara Africa

The Evolution of Reduced Microbial Killing

Bacteria engage in a never-ending arms race in which they compete for limited resources and niche space. The outcome of this intense interaction is the evolution of a powerful arsenal of biological weapons. Perhaps the most studied of these are colicins, plasmid-based toxins produced by and active against Escherichia coli. The present study was designed to explore the molecular responses of a colicin-producing strain during serial transfer evolution. What evolutionary changes occur when colicins are produced with no target present? Can killing ability be maintained in the absence of a target? To address these, and other, questions, colicinogenic strains and a noncolicinogenic ancestor were evolved for 253 generations. Samples were taken throughout the experiment and tested for killing ability. By the 38th transfer, a decreased killing ability and an increase in fitness were observed in the colicin-producing strains. Surprisingly, DNA sequence determination of the colicin plasmids revealed no changes in plasmid sequences. However, a set of chromosomally encoded loci experienced changes in gene expression that were positively associated with the reduction in killing. The most significant expression changes were observed in DNA repair genes (which were downregulated in the evolved strains), Mg ion uptake genes (which were upregulated), and late prophage genes (which were upregulated). These results indicate a fine-tuned response to the evolutionary pressures of colicin production, with far more genes involved than had been anticipated

The Cyanobacterial Hepatotoxin Microcystin Binds to Proteins and Increases the Fitness of Microcystis under Oxidative Stress Conditions

Microcystins are cyanobacterial toxins that represent a serious threat to drinking water and recreational lakes worldwide. Here, we show that microcystin fulfils an important function within cells of its natural producer Microcystis. The microcystin deficient mutant ΔmcyB showed significant changes in the accumulation of proteins, including several enzymes of the Calvin cycle, phycobiliproteins and two NADPH-dependent reductases. We have discovered that microcystin binds to a number of these proteins in vivo and that the binding is strongly enhanced under high light and oxidative stress conditions. The nature of this binding was studied using extracts of a microcystin-deficient mutant in vitro. The data obtained provided clear evidence for a covalent interaction of the toxin with cysteine residues of proteins. A detailed investigation of one of the binding partners, the large subunit of RubisCO showed a lower susceptibility to proteases in the presence of microcystin in the wild type. Finally, the mutant defective in microcystin production exhibited a clearly increased sensitivity under high light conditions and after hydrogen peroxide treatment. Taken together, our data suggest a protein-modulating role for microcystin within the producing cell, which represents a new addition to the catalogue of functions that have been discussed for microbial secondary metabolites

The main and accessory olfactory systems interact in the control of mate recognition and sexual behavior

Peer reviewe