Precisely Answering Multi-Dimensional Range Queries without Privacy Breach

This paper investigates the privacy breaches caused by multi-dimensional range (MDR) sum queries in OLAP systems. We show that existing inference control methods are generally ineffective or infeasible for MDR queries. We then consider restricting users to even MDR queries (that is, the MDR queries involving even number of data values). We show that the collection of such even MDR queries is safe if and only if a special set of sum-two queries (that is, queries involving exactly two values) is safe. On the basis of this result, we give an efficient method to decide the safety of even MDR queries. Besides safe even MDR queries we show that any odd MDR query is unsafe. Moreover, any such odd MDR query is different from the union of some even MDR queries by only one tuple. We also extend those results to the safe subsets of unsafe even MDR queries

Allergen-induced IgE-dependent gut inflammation in a human PBMC-engrafted murine model of allergy.

BACKGROUND: Humanized murine models comprise a new tool to analyze novel therapeutic strategies for allergic diseases of the intestine.¦OBJECTIVE: In this study we developed a human PBMC-engrafted murine model of allergen-driven gut inflammation and analyzed the underlying immunologic mechanisms.¦METHODS: Nonobese diabetic (NOD)-scid-γc(-/-) mice were injected intraperitoneally with human PBMCs from allergic donors together with the respective allergen or not. Three weeks later, mice were challenged with the allergen orally or rectally, and gut inflammation was monitored with a high-resolution video miniendoscopic system, as well as histologically.¦RESULTS: Using the aeroallergens birch or grass pollen as model allergens and, for some donors, also hazelnut allergen, we show that allergen-specific human IgE in murine sera and allergen-specific proliferation and cytokine production of human CD4(+) T cells recovered from spleens after 3 weeks could only be measured in mice treated with PBMCs plus allergen. Importantly, these mice had the highest endoscopic scores evaluating translucent structure, granularity, fibrin, vascularity, and stool after oral or rectal allergen challenge and a strong histologic inflammation of the colon. Analyzing the underlying mechanisms, we demonstrate that allergen-associated colitis was dependent on IgE, human IgE receptor-expressing effector cells, and the mediators histamine and platelet-activating factor.¦CONCLUSION: These results demonstrate that allergic gut inflammation can be induced in human PBMC-engrafted mice, allowing the investigation of pathophysiologic mechanisms of allergic diseases of the intestine and evaluation of therapeutic interventions

Trust management in strand spaces: A rely-guarantee method

Abstract. We show how to combine trust management theories with nonce-based cryptographic protocols. The strand space framework for protocol analysis is extended by associating formulas from a trust management logic with the transmit and receive actions of the protocol principals. The formula on a transmission is a guarantee; the sender must ensure that this formula is true before sending the message. The formula on a receive event is an assumption that the recipient may rely on in deducing future guarantee formulas. The strand space framework allows us to prove that a protocol is sound, in the sense that when a principal relies on a formula, another principal has previously guaranteed it. We explain the ideas in reference to a simple new electronic commerce protocol, in which a customer obtains a money order from a bank to pay a merchant to ship some goods. Cryptographic protocol analysis has aimed primarily to determine what messages another principal must have sent or received, when one principal is know

Analysis of EAP-GPSK authentication protocol

Abstract. The EAP-GPSK protocol is a lightweight, flexible authentication protocol relying on symmetric key cryptography. It is part of an ongoing IETF process to develop authentication methods for the EAP framework. We analyze the protocol and find three weaknesses: a repairable Denial-of-Service attack, an anomaly with the key derivation function used to create a short-term master session key, and a ciphersuite downgrading attack. We propose fixes to these anomalies, and use a finite-state verification tool to search for remaining problems after making these repairs. We then prove the fixed version correct using a protocol verification logic. We discussed the attacks and our suggested fixes with the authors of the specification document which has subsequently been modified to include our proposed changes.

Universally composable symbolic analysis of mutual authentication and key-exchange protocols

Abstract. Symbolic analysis of cryptographic protocols is dramatically simpler than full-fledged cryptographic analysis. In particular, it is simple enough to be automated. However, symbolic analysis does not, by itself, provide any cryptographic soundness guarantees. Following recent work on cryptographically sound symbolic analysis, we demonstrate how Dolev-Yao style symbolic analysis can be used to assert the security of cryptographic protocols within the universally composable (UC) security framework. Consequently, our methods enable security analysis that is completely symbolic, and at the same time cryptographically sound with strong composability properties. More specifically, we concentrate on mutual authentication and keyexchange protocols. We restrict attention to protocols that use public-key encryption as their only cryptographic primitive and have a specific restricted format. We define a mapping from such protocols to Dolev-Yao style symbolic protocols, and show that the symbolic protocol satisfies a certain symbolic criterion if and only if the corresponding cryptographic protocol is UC-secure. For mutual authentication, our symbolic criterion is similar to the traditional Dolev-Yao criterion. For key exchange, we demonstrate that the traditional Dolev-Yao style symbolic criterion is insufficient, and formulate an adequate symbolic criterion. Finally, to demonstrate the viability of our treatment, we use an existing tool to automatically verify whether some prominent key-exchange protocols are UC-secure.

Security protocol verification: Symbolic and computational models

Security protocol verification has been a very active research area since the 1990s. This paper surveys various approaches in this area, considering the verification in the symbolic model, as well as the more recent approaches that rely on the computational model or that verify protocol implementations rather than specifications. Additionally, we briefly describe our symbolic security protocol verifier ProVerif and situate it among these approaches