ThreatBased Security Risk Evaluation in the Cloud

Research ProblemCyber attacks are targeting the cloud computing systems, where enterprises, governments, and individuals are outsourcing their storage and computational resources for improved scalability and dynamic management of their data. However, the different types of cyber attacks, as well as the different attack goals, create difficulties providing the right security solution needed. This is because different cyber attacks are associated with different threats in the cloud computing systems, where the importance of threats varies based on the cloud user requirements. For example, a hospital patient record system may prioritize the security of cyber attacks tampering patient records, while a media storage system may prioritize the security of cyber attacks carrying out a denial of service attack for ensuring a high availability. As a result, it is of paramount importance to analyze the risk associated with the cloud computing systems taking into account the importance of threats based on different cloud user requirements.However, the current risk evaluation approaches focus on evaluating the risk associated with the asset, rather than the risk associated with different types of threats. Such a holistic approach to risk evaluation does not show explicitly how different types of threats contribute to the overall risk of the cloud computing systems. Consequently, This makes it difficult for security administrators to make fine-grained decisions in order to select security solutions based on different importance of threats given the cloud user requirements. Therefore, it is necessary to analyze the risk of the cloud computing systems taking into account the different importance of threats, which enables the allocation of resources to reduce particular threats, identify the risk associated with different threats imposed, and identify different threats associated with cloud components.Proposed SolutionThe STRIDE threat modeling framework (short for STRIDE) is proposed by Microsoft, which can be used for threat categorization. Using the STRIDE, we propose a threat-guided risk evaluation approach for the cloud computing systems, which can evaluate the risk associated with each threat category from the STRIDE explicitly. Further, we utilize seven different types of security metrics to evaluate the risk namely: \textit{component, component-threat, threat-category, snapshot, path-components, path-threat}, and \textit{overall asset}. Component, component-threat, threat-cateory, and snapshot risks measure the total risk on a component, component risk for a particular threat category, total snapshot risk for a single threat, and the total risk of the snapshot considering all threat categories, respectively. Path-components, path-threat, and overall asset measure the total risk of components in an attack path, the risk of a single threat category in the attack path, and the overal risk to an asset considering all attack paths, respectively. These metrics makes it possible to measure the contribution of each threat category to the overall risk more precisely.When a vulnerability is discovered in a component (e.g. a Virtual Machine) of the Cloud deployment, the administrator first determines which types of threats could be posed should the vulnerability be successfully exploited, and what would be the impacts of each of those threats on the asset. The impact assignment of each threat type is weighted depending on the importance of the component. For example, a Virtual Machine (VM) that acts a Web Server in a medical records management application could be assigned a higher weighting for \textit{denial-of-service} threats because if such attacks are successfully launched then the rest of the VMs that are reached through the Web Server will be unavailable. On the other hand, a vulnerability discovered in a VM that hosts a database of medical records would be rated highest impact for \textit{information disclosure} because if it is compromised confidentiality of the medical history of patients will be violated.By multiplying the probability of successfully exploiting the vulnerability with the threat impact, we compute the risk of each threat type. The variation in the assignment of impact for different threat types enables our approach to compute risks associated with the threats - thus empowering the security administrator with the ability to make fine-grained decisions on how much resources to allocate for mitigating which type of threat and which threats to prioritize. We evaluated the usefulness of our approach through its application to attack scenarios in an example Cloud deployment. Our results show that it is more effective and informative to administrators compared to asset-based approaches to risk evaluation.qscienc

Discovery and Early Evolution of ASASSN-19bt, the First TDE Detected by TESS

We present the discovery and early evolution of ASASSN-19bt, a tidal disruption event (TDE) discovered by the All-Sky Automated Survey for Supernovae (ASAS-SN) at a distance of $d\simeq115$ Mpc and the first TDE to be detected by TESS. As the TDE is located in the TESS Continuous Viewing Zone, our dataset includes 30-minute cadence observations starting on 2018 July 25, and we precisely measure that the TDE begins to brighten $\sim8.3$ days before its discovery. Our dataset also includes 18 epochs of Swift UVOT and XRT observations, 2 epochs of XMM-Newton observations, 13 spectroscopic observations, and ground data from the Las Cumbres Observatory telescope network, spanning from 32 days before peak through 37 days after peak. ASASSN-19bt thus has the most detailed pre-peak dataset for any TDE. The TESS light curve indicates that the transient began to brighten on 2019 January 21.6 and that for the first 15 days its rise was consistent with a flux $\propto t^2$ power-law model. The optical/UV emission is well-fit by a blackbody SED, and ASASSN-19bt exhibits an early spike in its luminosity and temperature roughly 32 rest-frame days before peak and spanning up to 14 days that has not been seen in other TDEs, possibly because UV observations were not triggered early enough to detect it. It peaked on 2019 March 04.9 at a luminosity of $L\simeq1.3\times10^{44}$ ergs s$^{-1}$ and radiated $E\simeq3.2\times10^{50}$ ergs during the 41-day rise to peak. X-ray observations after peak indicate a softening of the hard X-ray emission prior to peak, reminiscent of the hard/soft states in X-ray binaries.Comment: 23 pages, 14 figures, 5 tables. A machine-readable table containing the host-subtracted photometry presented in this manuscript is included as an ancillary fil

Circumstellar Medium Interaction in SN 2018lab, A Low-Luminosity II-P Supernova observed with TESS

We present photometric and spectroscopic data of SN 2018lab, a low luminosity type IIP supernova (LLSN) with a V-band peak luminosity of $-15.1\pm0.1$ mag. SN 2018lab was discovered by the Distance Less Than 40 Mpc (DLT40) SNe survey only 0.73 days post-explosion, as determined by observations from the Transiting Exoplanet Survey Satellite (TESS). TESS observations of SN 2018lab yield a densely sampled, fast-rising, early time light curve likely powered by circumstellar medium (CSM) interaction. The blue-shifted, broadened flash feature in the earliest spectra ($<$2 days) of SN 2018lab provide further evidence for ejecta-CSM interaction. The early emission features in the spectra of SN 2018lab are well described by models of a red supergiant progenitor with an extended envelope and close-in CSM. As one of the few LLSNe with observed flash features, SN 2018lab highlights the need for more early spectra to explain the diversity of flash feature morphology in type II SNe

Circuit-wide Transcriptional Profiling Reveals Brain Region-Specific Gene Networks Regulating Depression Susceptibility

Depression is a complex, heterogeneous disorder and a leading contributor to the global burden of disease. Most previous research has focused on individual brain regions and genes contributing to depression. However, emerging evidence in humans and animal models suggests that dysregulated circuit function and gene expression across multiple brain regions drive depressive phenotypes. Here we performed RNA-sequencing on 4 brain regions from control animals and those susceptible or resilient to chronic social defeat stress at multiple time points. We employed an integrative network biology approach to identify transcriptional networks and key driver genes that regulate susceptibility to depressive-like symptoms. Further, we validated in vivo several key drivers and their associated transcriptional networks that regulate depression susceptibility and confirmed their functional significance at the levels of gene transcription, synaptic regulation and behavior. Our study reveals novel transcriptional networks that control stress susceptibility and offers fundamentally new leads for antidepressant drug discovery

Improving the feasibility of household and community energy storage : a techno-enviro-economic study for the UK

Rooftop photovoltaics (PV) have become widely adopted by domestic customers in tandem with energy storage systems to generate clean energy and limit import from the grid, however most applications struggle to achieve profitability. The level at which energy storage is deployed, be it household energy storage (HES), or as a community energy storage (CES) system, can potentially increase the economic feasibility. Furthermore, the introduction of a Time-of-Use (TOU) tariff enables households to further reduce their energy costs through demand side management (DSM). Here we investigate and compare the performance of HES and CES with DSM. The results suggest that TOU tariffs can effectively shave peak demand by up to 30% and lower energy bills by at least 20%, but do not improve self-consumption or selfsufficiency rate. This study indicates that all cases considered are environmentally friendly and can pay back the total CO2 emissions associated with the manufacturing within 8 years. However, the levelised cost of storage (LCOS) is still beyond a household’s affordability, ranging from £0.4 to £2.03 kWh-1, though CES is proven more effective at improving self-consumption for consumers and shaving peak demand for network operators. The feasibility can be improved by 1) combining different services and tariffs to obtain more revenues for households; 2) more legislative and financial support to reduce system costs; and 3) more innovative business models and policies to optimise revenues with existing resourc

Use of Novel Strategies to Develop Guidelines for Management of Pyogenic Osteomyelitis in Adults: A WikiGuidelines Group Consensus Statement.

Importance Traditional approaches to practice guidelines frequently result in dissociation between strength of recommendation and quality of evidence. Objective To construct a clinical guideline for pyogenic osteomyelitis management, with a new standard of evidence to resolve the gap between strength of recommendation and quality of evidence, through the use of a novel open access approach utilizing social media tools. Evidence Review This consensus statement and systematic review study used a novel approach from the WikiGuidelines Group, an open access collaborative research project, to construct clinical guidelines for pyogenic osteomyelitis. In June 2021 and February 2022, authors recruited via social media conducted multiple PubMed literature searches, including all years and languages, regarding osteomyelitis management; criteria for article quality and inclusion were specified in the group's charter. The GRADE system for evaluating evidence was not used based on previously published concerns regarding the potential dissociation between strength of recommendation and quality of evidence. Instead, the charter required that clear recommendations be made only when reproducible, prospective, controlled studies provided hypothesis-confirming evidence. In the absence of such data, clinical reviews were drafted to discuss pros and cons of care choices. Both clear recommendations and clinical reviews were planned with the intention to be regularly updated as new data become available. Findings Sixty-three participants with diverse expertise from 8 countries developed the group's charter and its first guideline on pyogenic osteomyelitis. These participants included both nonacademic and academic physicians and pharmacists specializing in general internal medicine or hospital medicine, infectious diseases, orthopedic surgery, pharmacology, and medical microbiology. Of the 7 questions addressed in the guideline, 2 clear recommendations were offered for the use of oral antibiotic therapy and the duration of therapy. In addition, 5 clinical reviews were authored addressing diagnosis, approaches to osteomyelitis underlying a pressure ulcer, timing for the administration of empirical therapy, specific antimicrobial options (including empirical regimens, use of antimicrobials targeting resistant pathogens, the role of bone penetration, and the use of rifampin as adjunctive therapy), and the role of biomarkers and imaging to assess responses to therapy. Conclusions and Relevance The WikiGuidelines approach offers a novel methodology for clinical guideline development that precludes recommendations based on low-quality data or opinion. The primary limitation is the need for more rigorous clinical investigations, enabling additional clear recommendations for clinical questions currently unresolved by high-quality data

Prevention of dementia using mobile phone applications (PRODEMOS): protocol for an international randomised controlled trial.

IntroductionProfiles of high risk for future dementia are well understood and are likely to concern mostly those in low-income and middle-income countries and people at greater disadvantage in high-income countries. Approximately 30%-40% of dementia cases have been estimated to be attributed to modifiable risk factors, including hypertension, smoking and sedentary lifestyle. Tailored interventions targeting these risk factors can potentially prevent or delay the onset of dementia. Mobile health (mHealth) improves accessibility of such prevention strategies in hard-to-reach populations while at the same time tailoring such approaches. In the current study, we will investigate the effectiveness and implementation of a coach-supported mHealth intervention, targeting dementia risk factors, to reduce dementia risk.Methods and analysisThe prevention of dementia using mobile phone applications (PRODEMOS) randomised controlled trial will follow an effectiveness-implementation hybrid design, taking place in the UK and China. People are eligible if they are 55-75 years old, of low socioeconomic status (UK) or from the general population (China); have ≥2 dementia risk factors; and own a smartphone. 2400 participants will be randomised to either a coach-supported, interactive mHealth platform, facilitating self-management of dementia risk factors, or a static control platform. The intervention and follow-up period will be 18 months. The primary effectiveness outcome is change in the previously validated Cardiovascular Risk Factors, Ageing and Incidence of Dementia dementia risk score. The main secondary outcomes include improvement of individual risk factors and cost-effectiveness. Implementation outcomes include acceptability, adoption, feasibility and sustainability of the intervention.Ethics and disseminationThe PRODEMOS trial is sponsored in the UK by the University of Cambridge and is granted ethical approval by the London-Brighton and Sussex Research Ethics Committee (reference: 20/LO/01440). In China, the trial is approved by the medical ethics committees of Capital Medical University, Beijing Tiantan Hospital, Beijing Geriatric Hospital, Chinese People's Liberation Army General Hospital, Taishan Medical University and Xuanwu Hospital. Results will be published in a peer-reviewed journal.Trial registration numberISRCTN15986016

The case for studying other planetary magnetospheres and atmospheres in Heliophysics

Heliophysics is the field that "studies the nature of the Sun, and how it influences the very nature of space - and, in turn, the atmospheres of planetary bodies and the technology that exists there." However, NASA's Heliophysics Division tends to limit study of planetary magnetospheres and atmospheres to only those of Earth. This leaves exploration and understanding of space plasma physics at other worlds to the purview of the Planetary Science and Astrophysics Divisions. This is detrimental to the study of space plasma physics in general since, although some cross-divisional funding opportunities do exist, vital elements of space plasma physics can be best addressed by extending the expertise of Heliophysics scientists to other stellar and planetary magnetospheres. However, the diverse worlds within the solar system provide crucial environmental conditions that are not replicated at Earth but can provide deep insight into fundamental space plasma physics processes. Studying planetary systems with Heliophysics objectives, comprehensive instrumentation, and new grant opportunities for analysis and modeling would enable a novel understanding of fundamental and universal processes of space plasma physics. As such, the Heliophysics community should be prepared to consider, prioritize, and fund dedicated Heliophysics efforts to planetary targets to specifically study space physics and aeronomy objectives

Astro2020 Must Issue Actionable Recommendations Regarding Diversity, Inclusion, and Harassment

The 2010 Decadal survey failed to issue any recommendations on diversity and inclusion.Astro2020 cannot make the same mistake. Findings can be ignored by funding agencies;recommendations cannot. In the past decade, multiple groups have assembled detailed actionplans to fix a broken climate within our profession. Astro2020 should play a key role, bysynthesizing this work to produce actionable recommendations to support diversity andinclusion and stop harassment within our profession

The origin and evolution of the normal Type Ia SN 2018aoz with infant-phase reddening and excess emission

SN~2018aoz is a Type Ia SN with a $B$-band plateau and excess emission in the infant-phase light curves $\lesssim$ 1 day after first light, evidencing an over-density of surface iron-peak elements as shown in our previous study. Here, we advance the constraints on the nature and origin of SN~2018aoz based on its evolution until the nebular phase. Near-peak spectroscopic features show the SN is intermediate between two subtypes of normal Type Ia: Core-Normal and Broad-Line. The excess emission could have contributions from the radioactive decay of surface iron-peak elements as well as ejecta interaction with either the binary companion or a small torus of circumstellar material. Nebular-phase limits on H$\alpha$ and He~I favour a white dwarf companion, consistent with the small companion size constrained by the low early SN luminosity, while the absence of [O~I] and He~I disfavours a violent merger of the progenitor. Of the two main explosion mechanisms proposed to explain the distribution of surface iron-peak elements in SN~2018aoz, the asymmetric Chandrasekhar-mass explosion is less consistent with the progenitor constraints and the observed blueshifts of nebular-phase [Fe~II] and [Ni~II]. The helium-shell double-detonation explosion is compatible with the observed lack of C spectral features, but current 1-D models are incompatible with the infant-phase excess emission, $B_{\rm max}-V_{\rm max}$ color, and absence of nebular-phase [Ca~II]. Although the explosion processes of SN~2018aoz still need to be more precisely understood, the same processes could produce a significant fraction of Type Ia SNe that appear normal after $\sim$ 1 day.Comment: Submitted for publication in ApJ. 35 pages, 16 figures, 7 table