Improving the Policy Specification for Practical Access Control Systems

Access control systems play a crucial role in protecting the security of information systems by ensuring that only authorized users are granted access to sensitive resources, and the protection is only as good as the access control policies. For enabling a security administrator to express her desired policy conveniently, it is paramount that a policy specification is expressive, comprehensible, and free of inconsistencies. In this dissertation, we study the policy specifications for three practical access control systems (i.e., obligation systems, firewalls, and Security-Enhanced Linux in Android) and improve their expressiveness, comprehensibility, and consistency. First, we improve the expressiveness of obligation policies for handling different types of obligations. We propose a language for specifying obligations as well as an architecture for handling access control policies with these obligations, by extending XACML (i.e., the de facto standard for specifying access control policies). We also implement our design into a prototype system named ExtXACML to handle various obligations. Second, we improve the comprehensibility of firewall policies enabling administrators to better understand and manage the policies. We introduce the tri-modularized design of firewall policies for elevating them from monolithic to modular. To support legacy firewall policies, we also define a five-step process and present algorithms for converting them into their modularized form. Finally, we improve the consistency of Security-Enhanced Linux in Android (SEAndroid) policies for reducing the attack surface in Android systems. We propose a systematic approach as well as a semiautomatic tool for uncovering three classes of policy misconfigurations. We also analyze SEAndroid policies from four Android versions and seven Android phone vendors, and in all of them we observe examples of potential policy misconfigurations

Improving the Policy Specification for Practical Access Control Systems

Access control systems play a crucial role in protecting the security of information systems by ensuring that only authorized users are granted access to sensitive resources, and the protection is only as good as the access control policies. For enabling a security administrator to express her desired policy conveniently, it is paramount that a policy specification is expressive, comprehensible, and free of inconsistencies. In this dissertation, we study the policy specifications for three practical access control systems (i.e., obligation systems, firewalls, and Security-Enhanced Linux in Android) and improve their expressiveness, comprehensibility, and consistency. First, we improve the expressiveness of obligation policies for handling different types of obligations. We propose a language for specifying obligations as well as an architecture for handling access control policies with these obligations, by extending XACML (i.e., the de facto standard for specifying access control policies). We also implement our design into a prototype system named ExtXACML to handle various obligations. Second, we improve the comprehensibility of firewall policies enabling administrators to better understand and manage the policies. We introduce the tri-modularized design of firewall policies for elevating them from monolithic to modular. To support legacy firewall policies, we also define a five-step process and present algorithms for converting them into their modularized form. Finally, we improve the consistency of Security-Enhanced Linux in Android (SEAndroid) policies for reducing the attack surface in Android systems. We propose a systematic approach as well as a semiautomatic tool for uncovering three classes of policy misconfigurations. We also analyze SEAndroid policies from four Android versions and seven Android phone vendors, and in all of them we observe examples of potential policy misconfigurations

Measurement of Adhesion Energy of Electrospun Polymer Membranes Using a Shaft-loaded Blister Test

This study aims to examine the adhesion work of electrospun polymer nano- and micro-fibers. The adhesion energy at the interface of electrospun membrane and a rigid substrate is characterized by a shaft-loaded blister test (SLBT). By controlling the processing parameters, polyvinylidene fluoride (PVDF) fibrous membranes are prepared with fiber diameters ranging from 201 ± 86 nm to 2,724 ± 587 nm. The adhesion energy between electrospun membrane and rigid substrate increases from 8.1 ± 0.7 mJ/m2 to 258.8 ± 43.5 mJ/m2 by use of smaller fiber diameters. Adhesion energies between electrospun PVDF membranes and SiC substrates made of different grain sizes are evaluated. Fibrous membrane produces an adhesion energy as high as 420.1 ± 62.9 mJ/m2 in contact with SiC substrate with a 68 μm grit size. The SLBT methodology is extended to understand the adhesion energy between electrospun membranes. The increase in adhesion work is attributed to an increased area between fiber delaminated surfaces and surface asperities

Enterprise’s Strategies to Deal with Epidemic Crisis Based on Super-Dynamic Capability Theory

In this paper, the supply chain management risks arising from 2019-novel coronavirus (hereinafter referred to as “COVID-19”) outbreak was proposed, and they were further analyzed from three main aspects such as change in demand conditions of domestic customers, change in domestic supply market, impact on domestic logistics industry. Besides, multiple feasible strategies for coping with such epidemic situation were proposed for enterprises based on the super-dynamic capability theory. The research in this paper has powerful theoretical value and practical significance for the current development of enterprises, especially the reorganization of enterprises under the current epidemic crisis in China

Preoperative imatinib for patients with primary unresectable or metastatic/recurrent gastrointestinal stromal tumor

OBJECTIVES: Despite its rising popularity, reports on the use of preoperative imatinib mesylate (IM) in patients with advanced gastrointestinal stromal tumor (GIST) are limited. This study aims to explore the clinical efficacy of preoperative IM in patients with primarily unresectable or metastatic/recurrent GIST. METHODS: Between September 2009 and February 2014, patients with primarily unresectable or metastatic/recurrent GIST treated by a single medical team were recruited and considered for preoperative IM therapy. Re-examination was conducted regularly and abdominal enhanced CT data, blood biochemistry and responses to IM were recorded. RESULTS: A total of 18 patients were enrolled, including 13 with a primary tumor (7 stomach, 3 small bowel, 2 rectal and 1 pelvic tumor) and 5 with recurrent or metastatic GIST (2 with liver metastasis, 2 with anastomotic recurrence and 1 with pelvic GIST). The median follow-up time was 9.5 months (range of 3-63). The median tumor sizes before and after initiation of IM treatment were 9.1 cm and 6.0 cm (p = 0.003) based on the CT findings, respectively. All patients showed a decrease in tumor burden and the median tumor size reduction was 35%. Sixteen of the 18 patients showed a partial response to IM and two possessed stable disease. Nine of the 18 patients (50%) underwent surgical resection of primary or metastatic/recurrent tumors, with a median of 7 months of IM therapy. One case each of multivisceral resection and tumor recurrence were noted. CONCLUSIONS: IM as a preoperative therapy is feasible and safe for unresectable or metastatic/recurrent GIST that can effectively decrease tumor size, facilitating resection

On XACML\u27s adequacy to specify and to enforce HIPAA

In the medical sphere, personal and medical informa-tion is collected, stored, and transmitted for various pur-poses, such as, continuity of care, rapid formulationof diagnoses, and billing. Many of these operationsmust comply with federal regulations like the HealthInsurance Portability and Accountability Act (HIPAA).To this end, we need a specification language that canprecisely capture the requirements of HIPAA. We alsoneed an enforcement engine that can enforce the pri-vacy policies specified in the language. In the currentwork, we evaluate eXtensible Access Control MarkupLanguage (XACML) as a candidate specification lan-guage for HIPAA privacy rules. We evaluate XACMLbased on the set of features required to sufficiently ex-press HIPAA, proposed by a prior work. We also discusswhich of the features necessary for expressing HIPAAare missing in XACML. We then present high level de-signs of how to enhance XACM

A Bayesian localised conditional auto-regressive model for estimating the health effects of air pollution

Estimation of the long-term health effects of air pollution is a challenging task, especially when modeling spatial small-area disease incidence data in an ecological study design. The challenge comes from the unobserved underlying spatial autocorrelation structure in these data, which is accounted for using random effects modeled by a globally smooth conditional autoregressive model. These smooth random effects confound the effects of air pollution, which are also globally smooth. To avoid this collinearity a Bayesian localized conditional autoregressive model is developed for the random effects. This localized model is flexible spatially, in the sense that it is not only able to model areas of spatial smoothness, but also it is able to capture step changes in the random effects surface. This methodological development allows us to improve the estimation performance of the covariate effects, compared to using traditional conditional auto-regressive models. These results are established using a simulation study, and are then illustrated with our motivating study on air pollution and respiratory ill health in Greater Glasgow, Scotland in 2011. The model shows substantial health effects of particulate matter air pollution and nitrogen dioxide, whose effects have been consistently attenuated by the currently available globally smooth models

Low Complexity MDS Matrices Using GF(2n)GF(2^n) SPB or GPB

While $GF(2^n)$ polynomial bases are widely used in symmetric-key components, e.g. MDS matrices, we show that even low time/space complexities can be achieved by using $GF(2^n)$ shifted polynomial bases (SPB) or generalized polynomial bases (GPB)

Dynamic Cycling of t-SNARE Acylation Regulates Platelet Exocytosis

Platelets regulate vascular integrity by secreting a host of molecules that promote hemostasis and its sequelae. Given the importance of platelet exocytosis, it is critical to understand how it is controlled. The t-SNAREs, SNAP-23 and syntaxin-11, lack classical transmembrane domains (TMDs), yet both are associated with platelet membranes and redistributed into cholesterol-dependent lipid rafts when platelets are activated. Using metabolic labeling and hydroxylamine (HA)/HCl treatment, we showed that both contain thioester-linked acyl groups. Mass spectrometry mapping further showed that syntaxin-11 was modified on cysteine 275, 279, 280, 282, 283, and 285, and SNAP-23 was modified on cysteine 79, 80, 83, 85, and 87. Interestingly, metabolic labeling studies showed incorporation of [3H]palmitate into the t-SNAREs increased although the protein levels were unchanged, suggesting that acylation turns over on the two t-SNAREs in resting platelets. Exogenously added fatty acids did compete with [3H]palmitate for t-SNARE labeling. To determine the effects of acylation, we measured aggregation, ADP/ATP release, as well as P-selectin exposure in platelets treated with the acyltransferase inhibitor cerulenin or the thioesterase inhibitor palmostatin B. We found that cerulenin pretreatment inhibited t-SNARE acylation and platelet function in a dose- and time-dependent manner whereas palmostatin B had no detectable effect. Interestingly, pretreatment with palmostatin B blocked the inhibitory effects of cerulenin, suggesting that maintaining the acylation state is important for platelet function. Thus, our work shows that t-SNARE acylation is actively cycling in platelets and suggests that the enzymes regulating protein acylation could be potential targets to control platelet exocytosis in vivo

ALS Mutations of FUS Suppress Protein Translation and Disrupt the Regulation of Nonsense-Mediated Decay

Amyotrophic lateral sclerosis (ALS) is an incurable neurodegenerative disease characterized by preferential motor neuron death. Approximately 15% of ALS cases are familial, and mutations in the fused in sarcoma (FUS) gene contribute to a subset of familial ALS cases. FUS is a multifunctional protein participating in many RNA metabolism pathways. ALS-linked mutations cause a liquid–liquid phase separation of FUS protein in vitro, inducing the formation of cytoplasmic granules and inclusions. However, it remains elusive what other proteins are sequestered into the inclusions and how such a process leads to neuronal dysfunction and degeneration. In this study, we developed a protocol to isolate the dynamic mutant FUS-positive cytoplasmic granules. Proteomic identification of the protein composition and subsequent pathway analysis led us to hypothesize that mutant FUS can interfere with protein translation. We demonstrated that the ALS mutations in FUS indeed suppressed protein translation in N2a cells expressing mutant FUS and fibroblast cells derived from FUS ALS cases. In addition, the nonsense-mediated decay (NMD) pathway, which is closely related to protein translation, was altered by mutant FUS. Specifically, NMD-promoting factors UPF1 and UPF3b increased, whereas a negative NMD regulator, UPF3a, decreased, leading to the disruption of NMD autoregulation and the hyperactivation of NMD. Alterations in NMD factors and elevated activity were also observed in the fibroblast cells of FUS ALS cases. We conclude that mutant FUS suppresses protein biosynthesis and disrupts NMD regulation, both of which likely contribute to motor neuron death