Data-centric access control for cloud computing

© 2016 ACM. The usual approach to security for cloud-hosted applications is strong separation. However, it is often the case that the same data is used by different applications, particularly given the increase in data-driven (big data' and IoT) applications. We argue that access control for the cloud should no longer be application-specific but should be data-centric, associated with the data that can ow between applications. Indeed, the data may originate outside cloud services from diverse sources such as medical monitoring, environmental sensing etc. Information Flow Control (IFC) potentially offers data-centric, system-wide data access control. It has been shown that IFC can be provided at operating system level as part of a PaaS offering, with an acceptable overhead. In this paper we consider how IFC can be integrated with application-specific access control, transparently from application developers, while building from simple IFC primitives, access control policies that align with the data management obligations of cloud providers and tenants.This work was supported by the UK EPSRC grant EP/ K011510 CloudSafetyNet. We acknowledge the support of Microsoft through the Microsoft Cloud Computing Research Centre

Low cost TV based messaging for remote desert communities

In recent years telecommunications services in remote Australia have received considerable attention, with services for indigenous desert communities a key focus. This project, known as Desert Interactive Remote Television (DIRT), uses existing community rebroadcast TV infrastructure to provide low cost multimedia messaging services for remote desert communities. The system architecture, key applications, and field trial outcomes are described

Targeted messages on TV screens in remote Indigenous communities

This paper describes a research project to enhance the viability of remote Indigenous communities through culturally-appropriate use of information and communications technologies (ICT). The project investigated the use of community rebroadcast TV infrastructure for new low cost communications services. A key part of the project was establishment of trusting relationships with the Ngaanyatjaara Lands communities of Irrunytju and Kanpa. Community members,administrative staff, and external service providers were involved in investigations into current communication problems and potential solutions. A working prototype of a messaging system using satellite broadcasting infrastructure to send multimedia messages to TV sets within remote communities was developed and evaluated. Such a system could be used by government agencies or remote communities themselves to deliver messages about visitors to the community (e.g.health workers), emergencies (e.g. bushfire); cultural business, sporting events, etc. The expected outcomes of such a system are increased social capital within the region, developed through more efficient and effective communication, leading to enhanced viability and sustainability of remote communities

CAP-VMs: Capability-based isolation and sharing in the cloud

Cloud stacks must isolate application components, while permitting efficient data sharing between components deployed on the same physical host. Traditionally, the MMU enforces isolation and permits sharing at page granularity. MMU approaches, however, lead to cloud stacks with large TCBs in kernel space, and page granularity requires inefficient OS interfaces for data sharing. Forthcoming CPUs with hardware support for memory capabilities offer new opportunities to implement isolation and sharing at a finer granularity. We describe cVMs, a new VM-like abstraction that uses memory capabilities to isolate application components while supporting efficient data sharing, all without mandating application code to be capability-aware. cVMs share a single virtual address space safely, each having only capabilities to access its own memory. A cVM may include a library OS, thus minimizing its dependency on the cloud environment. cVMs efficiently exchange data through two capability-based primitives assisted by a small trusted monitor: (i) an asynchronous read/write interface to buffers shared between cVMs; and (ii) a call interface to transfer control between cVMs. Using these two primitives, we build more expressive mechanisms for efficient cross-cVM communication. Our prototype implementation using CHERI RISC-V capabilities shows that cVMs isolate services (Redis and Python) with low overhead while improving data sharing

ORC: Increasing cloud memory density via object reuse with capabilities

Cloud environments host many tenants, and typically there is substantial overlap between the application binaries and libraries executed by tenants. Thus, memory de-duplication can increase memory density by allocating memory for shared binaries only once. Existing de-duplication approaches, however, either rely on a shared OS to de-deduplicate binary objects, which provides unacceptably weak isolation; or exploit hypervisor-based de-duplication at the level of memory pages, which is blind to the semantics of the objects to be shared. We describe Object Reuse with Capabilities (ORC), which supports the fine-grained sharing of binary objects between tenants, while isolating tenants strongly through a small trusted computing base (TCB). ORC uses hardware sup- port for memory capabilities to isolate tenants, which permits shared objects to be accessible to multiple tenants safely. Since ORC shares binary objects within a single address space through capabilities, it uses a new relocation type to create per-tenant state when loading shared objects. ORC supports the loading of objects by an untrusted guest, outside of its TCB, only verifying the safety of the loaded data. Our experiments show that ORC achieves a higher memory density with a lower overhead than hypervisor-based de-deduplication

3D printing the future: scenarios for supply chains reviewed

Purpose: The aim of this paper is to evaluate existing scenarios for 3D Printing in order to identify the “white space” where future opportunities have not been proposed or developed to date. Based around aspects of order penetration points, geographical scope and type of manufacturing, these gaps are identified. Design/methodology/approach: A structured literature review has been carried out on both academic and trade publications. As of the end of May 2016, this identified 128 relevant articles containing 201 future scenarios. Coding these against aspects of existing manufacturing and supply chain theory has led to the development of a framework for identify “white space” in existing thinking. Findings: The coding shows that existing future scenarios are particularly concentrated on job shop applications and pull based supply chain processes, although there are fewer constraints on geographical scope. Five distinct areas of “white space” are proposed, reflecting various opportunities for future 3DP supply chain development. Research limitations: Being a structured literature review, there are potentially articles not identified through the search criteria used. The nature of the findings is also dependent upon the coding criteria selected. However, these are theoretically derived and reflect important aspect of strategic supply chain management. Practical implications: Practitioners may wish to explore the development of business models within the “white space” areas. Originality/value: Currently, existing future 3DP scenarios are scattered over a wide, multi-disciplinary literature base. By providing a consolidated view of these scenarios, it is possible to identify gaps in current thinking. These gaps are multidisciplinary in nature and represent opportunities for both academics and practitioners to exploit

Industrial Additive Manufacturing: a manufacturing systems perspective

As Additive Manufacturing becomes increasingly prevalent in commercial manufacturing environments, the need to effectively consider optimal strategies for management is increased. At present most research has focused on individual machines, yet there is a wealth of evidence to suggest competitive manufacturing is best managed from a systems perspective. Through 14 case studies developed with four long-established Additive Manufacturing companies this paper explores the conduct of Industrial AM in contemporary manufacturing environments. A multitude of activities, mechanisms, and controls are identified through this detailed investigation of Additive Manufacturing operations. Based on these empirical results a general four component Industrial Additive Manufacturing System is developed, together with the identification of potential strategic opportunities to enhance future manufacturing

Benefits Analysis of Wind-Optimal Operations For Trans-Atlantic Flights

North Atlantic Tracks are trans-Atlantic routes across the busiest oceanic airspace in the world. This study analyzes and compares current flight-plan routes to wind-optimal routes for trans-Atlantic flights in terms of aircraft fuel burn, emissions and the associated climate impact. The historical flight track data recorded by EUROCONTROL's Central Flow Management Unit is merged with data from FAA's Enhanced Traffic Management System to provide an accurate flight movement database containing the highest available flight path resolution in both systems. The combined database is adopted for airspace simulation integrated with aircraft fuel burn and emissions models, contrail models, simplified climate response models, and a common climate metric to assess the climate impact of flight routes within the Organized Track System (OTS). The fuel burn and emissions for the tracks in the OTS are compared with the corresponding quantities for the wind-optimized routes to evaluate the potential environmental benefits of flying wind-optimal routes in North Atlantic Airspace. The potential fuel savings and reduction in emissions depend on existing inefficiencies in current flight plans, atmospheric conditions and location of the city-pairs. The potential benefits are scaled by comparing them with actual flight tests that have been conducted since 2010 between a few city-pairs in the transatlantic and trans-pacific region to improve fuel consumption and reduce the environmental impact of aviation

KinView: A visual comparative sequence analysis tool for integrated kinome research

Multiple sequence alignments (MSAs) are a fundamental analysis tool used throughout biology to investigate relationships between protein sequence, structure, function, evolutionary history, and patterns of disease-associated variants. However, their widespread application in systems biology research is currently hindered by the lack of user-friendly tools to simultaneously visualize, manipulate and query the information conceptualized in large sequence alignments, and the challenges in integrating MSAs with multiple orthogonal data such as cancer variants and post-translational modifications, which are often stored in heterogeneous data sources and formats. Here, we present the Multiple Sequence Alignment Ontology (MSAOnt), which represents a profile or consensus alignment in an ontological format. Subsets of the alignment are easily selected through the SPARQL Protocol and RDF Query Language for downstream statistical analysis or visualization. We have also created the Kinome Viewer (KinView), an interactive integrative visualization that places eukaryotic protein kinase cancer variants in the context of natural sequence variation and experimentally determined post-translational modifications, which play central roles in the regulation of cellular signaling pathways. Using KinView, we identified differential phosphorylation patterns between tyrosine and serine/threonine kinases in the activation segment, a major kinase regulatory region that is often mutated in proliferative diseases. We discuss cancer variants that disrupt phosphorylation sites in the activation segment, and show how KinView can be used as a comparative tool to identify differences and similarities in natural variation, cancer variants and post-translational modifications between kinase groups, families and subfamilies. Based on KinView comparisons, we identify and experimentally characterize a regulatory tyrosine (Y177PLK4) in the PLK4 C-terminal activation segment region termed the P+1 loop. To further demonstrate the application of KinView in hypothesis generation and testing, we formulate and validate a hypothesis explaining a novel predicted loss-of-function variant (D523NPKCβ) in the regulatory spine of PKCβ, a recently identified tumor suppressor kinase. KinView provides a novel, extensible interface for performing comparative analyses between subsets of kinases and for integrating multiple types of residue specific annotations in user friendly formats

The flexibility of industrial additive manufacturing systems

Purpose Flexibility is a fundamental performance objective for manufacturing operations, allowing them to respond to changing requirements in uncertain and competitive global markets. Additive manufacturing machines are often described as “flexible,” but there is no detailed understanding of such flexibility in an operations management context. The purpose of this paper is to examine flexibility from a manufacturing systems perspective, demonstrating the different competencies that can be achieved and the factors that can inhibit these in commercial practice. Design/methodology/approach This study extends existing flexibility theory in the context of an industrial additive manufacturing system through an investigation of 12 case studies, covering a range of sectors, product volumes, and technologies. Drawing upon multiple sources, this research takes a manufacturing systems perspective that recognizes the multitude of different resources that, together with individual industrial additive manufacturing machines, contribute to the satisfaction of demand. Findings The results show that the manufacturing system can achieve seven distinct internal flexibility competencies. This ability was shown to enable six out of seven external flexibility capabilities identified in the literature. Through a categorical assessment the extent to which each competency can be achieved is identified, supported by a detailed explanation of the enablers and inhibitors of flexibility for industrial additive manufacturing systems. Originality/value Additive manufacturing is widely expected to make an important contribution to future manufacturing, yet relevant management research is scant and the flexibility term is often ambiguously used. This research contributes the first detailed examination of flexibility for industrial additive manufacturing systems