Just forget it - The semantics and enforcement of information erasure

Abstract. There are many settings in which sensitive information is made available to a system or organisation for a specific purpose, on the understanding that it will be erased once that purpose has been fulfilled. A familiar example is that of online credit card transactions: a customer typically provides credit card details to a payment system on the understanding that the following promises are kept: (i) Noninterference (NI): the card details may flow to the bank (in order that the payment can be authorised) but not to other users of the system; (ii) Erasure: the payment system will not retain any record of the card details once the transaction is complete. This example shows that we need to reason about NI and erasure in combination, and that we need to consider interactive systems: the card details are used in the interaction between the principals, and then erased; without the interaction, the card details could be dispensed with altogether and erasure would be unnecessary. The contributions of this paper are as follows. (i) We show that an end-to-end erasure property can be encoded as a “flow sensitive ” noninterference property. (ii) By a judicious choice of language construct to support erasur

Convex hull method for the determination of vapour-liquid equilibria (VLE) phase diagrams for binary and ternary systems

Amieibibama Joseph wishes to thank Petroleum Technology Development Fund (PTDF) for their financial support which has made this research possible.Peer reviewedPostprin

Permanence of Carbon Sequestered in Forests under Uncertainty

In this paper we examine the issue of permanence in the context of sequestering carbon through afforestation. We develop a dynamic nested optimal control model of carbon sequestration associated with the decision to afforest a tract of land given there are uncertainties associated with fire and insect/disease hazards. Conceptually, these potential hazards are similar in that their occurrence at any time t is uncertain and landowners can take specific actions – although generally different actions - in any time period t to reduce the probability of sustaining losses related to them. The hazards differ, however, in that fire represents a large loss in carbon at a moment in time, while insect/disease infestations are more likely to be reflected in a period of significant slowing of the rate of carbon accumulation than was anticipated followed by a sustained period of slowly decreasing carbon losses. The nature of these losses will influence the design of incentives under GHG mitigation frameworks that require carbon losses to be replaced as well as the strategies farmers adopt to deal with the uncertainties associated with these events occurring.carbon sequestration, uncertainty, optimal control, hazard function, forestry, permanence, Environmental Economics and Policy, Land Economics/Use,

Innovative energy technologies and climate policy in Germany

Due to the size and structure of its economy, Germany is one of the largest carbon emitters in the European Union. It is responsible for approximately 800 million tons of carbon dioxide (CO2) emissions annually, accounting for about one-fourth of European Union (EU) greenhouse gas emissions. Compared to the level in 1990, Germany?s CO2 emissions are now 19% lower. Within the burden sharing agreement under the Kyoto Protocol, Germany is committed to reduce carbon emissions by 21% in 2008-2012 compared to 1990. A long-term national target is to reduce CO2 emissions 40% by year 2020 relative to 1990. A substantial portion of greenhouse gas emissions is produced by the electricity system. CO2 emissions due to fossil fuel combustion for electricity production amount to more than 40% of total CO2 emissions in Germany

Prospective evaluation of low-dose ketoconazole plus hydrocortisone in docetaxel pre-treated castration-resistant prostate cancer patients.

BackgroundKetoconazole is a well-known CYP17-targeted systemic treatment for castration-resistant prostate cancer (CRPC). However, most of the published data has been in the pre-chemotherapy setting; its efficacy in the post-chemotherapy setting has not been as widely described. Chemotherapy-naïve patients treated with attenuated doses of ketoconazole (200-300 mg three times daily) had PSA response rate (>50% decline) of 21-62%. We hypothesized that low-dose ketoconazole would likewise possess efficacy and tolerability in the CRPC post-chemotherapy state.MethodsMen with CRPC and performance status 0-3, adequate organ function and who had received prior docetaxel were treated with low-dose ketoconazole (200 mg orally three times daily) and hydrocortisone (20 mg PO qAM and 10 mg PO qPM) until disease progression. Primary endpoint was PSA response rate (>50% reduction from baseline) where a rate of 25% was to be considered promising for further study (versus a null rate of <5%); 25 patients were required. Secondary endpoints included PSA response >30% from baseline, progression-free survival (PFS), duration of stable disease and evaluation of adverse events (AEs).ResultsThirty patients were accrued with median age of 72 years (range 55-86) and median pre-treatment PSA of 73 ng ml(-1) (range 7-11,420). Twenty-nine patients were evaluable for response and toxicity. PSA response (>50% reduction) was seen in 48% of patients; PSA response (>30% reduction) was seen in 59%. Median PFS was 138 days; median duration of stable disease was 123 days. Twelve patients experienced grade 3 or 4 AEs. Of the 17 grade 3 AEs, only 3 were attributed to treatment. None of the two grade 4 AEs were considered related to treatment.ConclusionsIn docetaxel pre-treated CRPC patients, low-dose ketoconazole and hydrocortisone is a well-tolerated, relatively inexpensive and clinically active treatment option. PSA response to low-dose ketoconazole appears historically comparable to that of abiraterone in this patient context. A prospective, randomized study of available post-chemotherapy options is warranted to assess comparative efficacy

Termination-insensitive noninterference leaks more than just a bit

Current tools for analysing information flow in programs build upon ideas going back to Denning's work from the 70's. These systems enforce an imperfect notion of information flow which has become known as termination-insensitive noninterference. Under this version of noninterference, information leaks are permitted if they are transmitted purely by the program's termination behaviour (i.e., whether it terminates or not). This imperfection is the price to pay for having a security condition which is relatively liberal (e.g. allowing while-loops whose termination may depend on the value of a secret) and easy to check. But what is the price exactly? We argue that, in the presence of output, the price is higher than the “one bit” often claimed informally in the literature, and effectively such programs can leak all of their secrets. In this paper we develop a definition of termination-insensitive noninterference suitable for reasoning about programs with outputs. We show that the definition generalises “batch-job” style definitions from the literature and that it is indeed satisfied by a Denning-style program analysis with output. Although more than a bit of information can be leaked by programs satisfying this condition, we show that the best an attacker can do is a brute-force attack, which means that the attacker cannot reliably (in a technical sense) learn the secret in polynomial time in the size of the secret. If we further assume that secrets are uniformly distributed, we show that the advantage the attacker gains when guessing the secret after observing a polynomial amount of output is negligible in the size of the secret

The Cost of Increasing Adoption of Beneficial Nutrient-Management Practices

We estimate the cost of offsets tied to reductions in the use of nitrogen on U.S. cornfields under the proposed American Clean Energy and Security Act.offsets, nitrogen, corn, Agricultural and Food Policy, Crop Production/Industries, Environmental Economics and Policy,

Where Are the Industrial Technologies in Energy-Economy Models? An Innovative CGE Approach for Steel Production in Germany

Top-down computable general equilibrium (CGE) models are used extensively for analysis of energy and climate policies. Energy-intensive industries are usually represented in top-down economic models as abstract economic production functions, of the constant-elasticity-ofsubstitution (CES) functional form. This study explores methods for improving the realism of energy-intensive industries in top-down economic models. We replace the CES production function with a set of specific technologies and provide a comparison between the traditional production function approach in CGE models and an approach with separate technologies for making iron and steel. In particular, we investigate the response of the iron and steel sector to a set of CO2 price scenarios. Our technology-based, integrated approach permits a choice between several technologies for producing iron and steel and allows for shifts in technology characteristics over time towards best practice, innovative technologies. In addition, the general equilibrium framework allows us to analyze interactions between production sectors, for example between electricity generation and iron and steel production, investigate simultaneous economy-wide reactions and capture the main driving forces of greenhouse gas emissions reductions under a climate policy. We conclude that technology specific effects are crucial for the economic assessment of climate policies, in particular the effects relating to process shifts and fuel input structure