38 research outputs found
Towards Secure and Leak-Free Workflows Using Microservice Isolation
Data leaks and breaches are on the rise. They result in huge losses of money
for businesses like the movie industry, as well as a loss of user privacy for
businesses dealing with user data like the pharmaceutical industry. Preventing
data exposures is challenging, because the causes for such events are various,
ranging from hacking to misconfigured databases. Alongside the surge in data
exposures, the recent rise of microservices as a paradigm brings the need to
not only secure traffic at the border of the network, but also internally,
pressing the adoption of new security models such as zero-trust to secure
business processes.
Business processes can be modeled as workflows, where the owner of the data
at risk interacts with contractors to realize a sequence of tasks on this data.
In this paper, we show how those workflows can be enforced while preventing
data exposure. Following the principles of zero-trust, we develop an
infrastructure using the isolation provided by a microservice architecture, to
enforce owner policy. We show that our infrastructure is resilient to the set
of attacks considered in our security model. We implement a simple, yet
realistic, workflow with our infrastructure in a publicly available proof of
concept. We then verify that the specified policy is correctly enforced by
testing the deployment for policy violations, and estimate the overhead cost of
authorization
Dust Temperatures in the Infrared Space Observatory Atlas of Bright Spiral Galaxies
We examine far-infrared and submillimeter spectral energy distributions for
galaxies in the Infrared Space Observatory Atlas of Bright Spiral Galaxies. For
the 71 galaxies where we had complete 60-180 micron data, we fit blackbodies
with lambda^-1 emissivities and average temperatures of 31 K or lambda^-2
emissivities and average temperatures of 22 K. Except for high temperatures
determined in some early-type galaxies, the temperatures show no dependence on
any galaxy characteristic. For the 60-850 micron range in eight galaxies, we
fit blackbodies with lambda^-1, lambda-2, and lambda^-beta (with beta variable)
emissivities to the data. The best results were with the lambda^-beta
emissivities, where the temperatures were ~30 K and the emissivity coefficient
beta ranged from 0.9 to 1.9. These results produced gas to dust ratios that
ranged from 150 to 580, which were consistent with the ratio for the Milky Way
and which exhibited relatively little dispersion compared to fits with fixed
emissivities.Comment: AJ, 2003, in pres
The ArT\'eMiS wide-field submillimeter camera: preliminary on-sky performances at 350 microns
ArTeMiS is a wide-field submillimeter camera operating at three wavelengths
simultaneously (200, 350 and 450 microns). A preliminary version of the
instrument equipped with the 350 microns focal plane, has been successfully
installed and tested on APEX telescope in Chile during the 2013 and 2014
austral winters. This instrument is developed by CEA (Saclay and Grenoble,
France), IAS (France) and University of Manchester (UK) in collaboration with
ESO. We introduce the mechanical and optical design, as well as the cryogenics
and electronics of the ArTeMiS camera. ArTeMiS detectors are similar to the
ones developed for the Herschel PACS photometer but they are adapted to the
high optical load encountered at APEX site. Ultimately, ArTeMiS will contain 4
sub-arrays at 200 microns and 2x8 sub-arrays at 350 and 450 microns. We show
preliminary lab measurements like the responsivity of the instrument to hot and
cold loads illumination and NEP calculation. Details on the on-sky
commissioning runs made in 2013 and 2014 at APEX are shown. We used planets
(Mars, Saturn, Uranus) to determine the flat-field and to get the flux
calibration. A pointing model was established in the first days of the runs.
The average relative pointing accuracy is 3 arcsec. The beam at 350 microns has
been estimated to be 8.5 arcsec, which is in good agreement with the beam of
the 12 m APEX dish. Several observing modes have been tested, like On-The-Fly
for beam-maps or large maps, spirals or raster of spirals for compact sources.
With this preliminary version of ArTeMiS, we concluded that the mapping speed
is already more than 5 times better than the previous 350 microns instrument at
APEX. The median NEFD at 350 microns is 600 mJy.s1/2, with best values at 300
mJy.s1/2. The complete instrument with 5760 pixels and optimized settings will
be installed during the first half of 2015.Comment: 11 pages, 11 figures. Presented at SPIE Millimeter, Submillimeter,
and Far-Infrared Detectors and Instrumentation for Astronomy VII, June 24,
2014. To be published in Proceedings of SPIE Volume 915
L'activite dans les regions centrales de galaxies: l'apport de l'imagerie infrarouge entre 1 et 5 microns
Available from INIST (FR), Document Supply Service, under shelf-number : T 78733 / INIST-CNRS - Institut de l'Information Scientifique et TechniqueSIGLEFRFranc
Path Diversity in Energy-Efficient Wireless Sensor Networks
Abstract—Energy efficiency is one of the most important issue to be tackled in wireless sensor networks. Activity scheduling protocols aim at prolonging the network lifetime by reducing the proportion of nodes that participate in the application. Among the vast range of criteria existing to schedule nodes activities, area coverage by connected sets is one of the most studied. Active nodes must ensure area coverage while remaining connected in order to guarantee proper data collection to the sink stations. As wireless communications stand for the main source of energy consumption, we investigated the communication redundancy of the active nodes set. We define a path diversity based metric that allows to characterize the communication redundancy of a given set of nodes. We show that one of the most used connectivity criterion is far from building minimal connected sets in terms of communicating nodes involved. Our results open new directions to design localized connected sets solutions. I
Securing Workflows Using Microservices and Metagraphs
International audienceCompanies such as Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured. In this paper, we first show how those workflows can be deployed and enforced while preventing data exposure. Second, this paper provides a global framework to enable the verification of workflow policies. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture to enforce owner policy. We implement a workflow with our infrastructure in a publicly available proof of concept. This work allows us to verify that the specified policy is correctly enforced by testing the deployment for policy violations, and find the overhead cost of authorization to be reasonable for the benefits. In addition, this paper presents a way to verify policies using a suite of tools transforming and checking policies as metagraphs. It is evident from the results that our verification method is very efficient regarding the size of the policies. Overall, this infrastructure and the mechanisms that verify the policy is correctly enforced, and then correctly implemented, help us deploy workflows in the cloud securely
Infrared and submillimeter space missions in the coming decade: programmes, programmatics, and technology
A revolution similar to that brought by CCDs to visible astronomy is still ahead in IR and submillimeter astronomy. There is certainly no wavelength range which has, over the past several years, seen such impressive advances in technology: large-scale detector arrays, new designs for cooling in space, lightweight mirror technologies. Scientific cases for observing the cold universe are outstanding. Observations in the FIR/Submm range will provide answers to such fundamental questions as: What is the spectrum of the primordial fluctuations? How do primeval galaxies look? What are the first stages of star formation? Most of the international space missions that have been triggered by these questions are presented in detail here. Technological issues raised by these missions are reviewed, as are the most recent achievements in cooling and detector technologies
Verification of cloud security policies
Companies like Netflix increasingly use the cloud to deploy their business processes. Those pro-cesses often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured. In practice, access control is an essential building block to deploy these secured workflows. This com-ponent is generally managed by administrators using high-level policies meant to represent the requirements and restrictions put on the workflow. Handling access control with a high-level scheme comes with the benefit of separating the problem of specification, i.e. defining the desired behavior of the system, from the problem of implementation, i.e. enforcing this desired behavior. However, translating such high-level policies into a deployed implementation can be error-prone. Even though semi-automatic and automatic tools have been proposed to assist this translation, policy verification remains highly challenging in practice. In this paper, our aim is to define and propose struc- tures assisting the checking and correction of poten-tial errors introduced on the ground due to a faulty translation or corrupted deployments. In particular, we investigate structures with formal foundations able to naturally model policies. Metagraphs, a generalized graph theoretic structure, fulfill those requirements : their usage enables to compare high-level policies to their implementation. In practice, we consider Rego, a language used by companies like Netflix and Plex for their release process, as a valuable representative of most common policy languages. We propose a suite of tools transforming and checking policies as metagraphs, and use them in a global framework to show how policy verification can be achieved with such structures. Finally, we evaluate the performance of our verification method
De l'utilisation des métagraphes pour la vérification de politiques de sécurité
Les processus métier multi-agents aux interactions complexes sont généralement modélisés en tant que workflows. Le propriétaire des données confidentielles interagit avec des sous-traitants pour réaliser une séquence de tâches, en déléguant aux différents acteurs des droits limités sur les données sensibles. Cette délégation repose sur le contrôle d'accès aux données. Pour faciliter sa configuration, les administrateurs proposent une spécification des politiques d'accès et se reposent ensuite souvent sur un traducteur. Cependant, la traduction de la spécification vers l'implémentation peut mener à des erreurs lors d'un déploiement effectif entre les différentes entités du workflow et ainsi engendrer des failles de sécurité. Dans cet article, nous proposons des structures facilitant la détection et la correction d'erreurs potentiellement introduites en raison d'une traduction défectueuse ou d'un déploiement défaillant. En particulier, nous considérons une structure aux fondations formelles capables de modéliser naturellement et surtout très finement les politiques de sécurité : les métagraphes. Nous proposons une suite d'outils de traduction permettant de détecter ces erreurs potentielles et évaluons ses performances
Workflow Policy Verification Using Metagraphs
Data and code accompanying the paper 'Workflow Policy Verification Using Metagraphs'