An Economic Study of the Effect of Android Platform Fragmentation on Security Updates

Vendors in the Android ecosystem typically customize their devices by modifying Android Open Source Project (AOSP) code, adding in-house developed proprietary software, and pre-installing third-party applications. However, research has documented how various security problems are associated with this customization process. We develop a model of the Android ecosystem utilizing the concepts of game theory and product differentiation to capture the competition involving two vendors customizing the AOSP platform. We show how the vendors are incentivized to differentiate their products from AOSP and from each other, and how prices are shaped through this differentiation process. We also consider two types of consumers: security-conscious consumers who understand and care about security, and na\"ive consumers who lack the ability to correctly evaluate security properties of vendor-supplied Android products or simply ignore security. It is evident that vendors shirk on security investments in the latter case. Regulators such as the U.S. Federal Trade Commission have sanctioned Android vendors for underinvestment in security, but the exact effects of these sanctions are difficult to disentangle with empirical data. Here, we model the impact of a regulator-imposed fine that incentivizes vendors to match a minimum security standard. Interestingly, we show how product prices will decrease for the same cost of customization in the presence of a fine, or a higher level of regulator-imposed minimum security.Comment: 22nd International Conference on Financial Cryptography and Data Security (FC 2018

Synthetic Data Generation and Defense in Depth Measurement of Web Applications

Measuring security controls across multiple layers of defense requires realistic data sets and repeatable experiments. However, data sets that are collected from real users often cannot be freely exchanged due to privacy and regulatory concerns. Synthetic datasets, which can be shared, have in the past had critical flaws or at best been one time collections of data focusing on a single layer or type of data. We present a framework for generating synthetic datasets with normal and attack data for web applications across multiple layers simultaneously. The framework is modular and designed for data to be easily recreated in order to vary parameters and allow for inline testing. We build a prototype data generator using the framework to generate nine datasets with data logged on four layers: network, file accesses, system calls, and database simultaneously. We then test nineteen security controls spanning all four layers to determine their sensitivity to dataset changes, compare performance even across layers, compare synthetic data to real production data, and calculate combined defense in depth performance of sets of controls

A commercial line probe assay for the rapid detection of rifampicin resistance in Mycobacterium tuberculosis: a systematic review and meta-analysis

BACKGROUND: Mycobacterium tuberculosis is a leading cause of death worldwide. In multi-drug resistant tuberculosis (MDR-TB) infectiousness is frequently prolonged, jeopardizing efforts to control TB. The conventional tuberculosis drug susceptibility tests are sensitive and specific, but they are not rapid. The INNO-LiPA Rif. TB (® )(LiPA) is a commercial line probe assay designed to rapidly detect rifampicin resistance, a marker of MDR-TB. Although LiPA has shown promising results, its overall accuracy has not been systematically evaluated. METHODS: We did a systematic review and meta-analysis to evaluate the accuracy of LiPA for the detection of rifampicin-resistant tuberculosis among culture isolates and clinical specimens. We searched Medline, Embase, Web of Science, BIOSIS, and Google Scholar, and contacted authors, experts and the manufacturer. Fifteen studies met our inclusion criteria. Of these, 11 studies used culture isolates, one used clinical specimens, and three used both. We used a summary receiver operating characteristic (SROC) curve and Q* index to perform meta-analysis and summarize diagnostic accuracy. RESULTS: Twelve of 14 studies that applied LiPA to isolates had sensitivity greater than 95%, and 12 of 14 had specificity of 100%. The four studies that applied LiPA directly to clinical specimens had 100% specificity, and sensitivity that ranged between 80% and 100%. The SROC curve had an area of 0.99 and Q* of 0.97. CONCLUSION: LiPA is a highly sensitive and specific test for the detection of rifampicin resistance in culture isolates. The test appears to have relatively lower sensitivity when used directly on clinical specimens. More evidence is needed before LiPA can be used to detect MDR-TB among populations at risk in clinical practice

Bacteriophage- based tests for the detection of Mycobacterium tuberculosis in clinical specimens: a systematic review and meta- analysis

BACKGROUND: Sputum microscopy, the most important conventional test for tuberculosis, is specific in settings with high burden of tuberculosis and low prevalence of non tuberculous mycobacteria. However, the test lacks sensitivity. Although bacteriophage-based tests for tuberculosis have shown promising results, their overall accuracy has not been systematically evaluated. METHODS: We did a systematic review and meta-analysis of published studies to evaluate the accuracy of phage-based tests for the direct detection of M. tuberculosis in clinical specimens. To identify studies, we searched Medline, EMBASE, Web of science and BIOSIS, and contacted authors, experts and test manufacturers. Thirteen studies, all based on phage amplification method, met our inclusion criteria. Overall accuracy was evaluated using forest plots, summary receiver operating (SROC) curves, and subgroup analyses. RESULTS: The data suggest that phage-based assays have high specificity (range 0.83 to 1.00), but modest and variable sensitivity (range 0.21 to 0.88). The sensitivity ranged between 0.29 and 0.87 among smear-positive, and 0.13 to 0.78 among smear-negative specimens. The specificity ranged between 0.60 and 0.88 among smear-positive and 0.89 to 0.99 among smear-negative specimens. SROC analyses suggest that overall accuracy of phage-based assays is slightly higher than smear microscopy in direct head-to-head comparisons. CONCLUSION: Phage-based assays have high specificity but lower and variable sensitivity. Their performance characteristics are similar to sputum microscopy. Phage assays cannot replace conventional diagnostic tests such as microscopy and culture at this time. Further research is required to identify methods that can enhance the sensitivity of phage-based assays without compromising the high specificity

Distribution of Spoligotyping Defined Genotypic Lineages among Drug-Resistant Mycobacterium tuberculosis Complex Clinical Isolates in Ankara, Turkey

Background: Investigation of genetic heterogeneity and spoligotype-defined lineages of drug-resistant Mycobacterium tuberculosis clinical isolates collected during a three-year period in two university hospitals and National Tuberculosis Reference and Research Laboratory in Ankara, Turkey. Methods and Findings: A total of 95 drug-resistant M. tuberculosis isolates collected from three different centers were included in this study. Susceptibility testing of the isolates to four major antituberculous drugs was performed using proportion method on Löwenstein–Jensen medium and BACTEC 460-TB system. All clinical isolates were typed by using spoligotyping and IS6110-restriction fragment length polymorphism (RFLP) methods. Seventy-three of the 95 (76.8%) drug resistant M. tuberculosis isolates were isoniazid-resistant, 45 (47.4%) were rifampicin-resistant, 32 (33.7%) were streptomycinresistant and 31 (32.6%) were ethambutol-resistant. The proportion of multidrug-resistant isolates (MDR) was 42.1%. By using spoligotyping, 35 distinct patterns were observed; 75 clinical isolates were grouped in 15 clusters (clustering rate of 79%) and 20 isolates displayed unique patterns. Five of these 20 unique patterns corresponded to orphan patterns in th

Insulin resistance, adiponectin and adverse outcomes following elective cardiac surgery: a prospective follow-up study

<p>Abstract</p> <p>Background</p> <p>Insulin resistance and adiponectin are markers of cardio-metabolic disease and associated with adverse cardiovascular outcomes. The present study examined whether preoperative insulin resistance or adiponectin were associated with short- and long-term adverse outcomes in non-diabetic patients undergoing elective cardiac surgery.</p> <p>Methods</p> <p>In a prospective study, we assessed insulin resistance and adiponectin levels from preoperative fasting blood samples in 836 patients undergoing cardiac surgery. Population-based medical registries were used for postoperative follow-up. Outcomes included all-cause death, myocardial infarction or percutaneous coronary intervention, stroke, re-exploration, renal failure, and infections. The ability of insulin resistance and adiponectin to predict clinical adverse outcomes was examined using receiver operating characteristics.</p> <p>Results</p> <p>Neither insulin resistance nor adiponectin were statistically significantly associated with 30-day mortality, but adiponectin was associated with an increased 31-365-day mortality (adjusted odds ratio 2.9 [95% confidence interval 1.3-6.4]) comparing the upper quartile with the three lower quartiles. Insulin resistance was a poor predictor of adverse outcomes. In contrast, the predictive accuracy of adiponectin (area under curve 0.75 [95% confidence interval 0.65-0.85]) was similar to that of the EuroSCORE (area under curve 0.75 [95% confidence interval 0.67-0.83]) and a model including adiponectin and the EuroSCORE had an area under curve of 0.78 [95% confidence interval 0.68-0.88] concerning 31-365-day mortality.</p> <p>Conclusions</p> <p>Elevated adiponectin levels, but not insulin resistance, were associated with increased mortality and appear to be a strong predictor of long-term mortality. Additional studies are warranted to further clarify the possible clinical role of adiponectin assessment in cardiac surgery.</p> <p>Trial Registration</p> <p>The Danish Data Protection Agency; reference no. 2007-41-1514.</p