Analysis of the IBM CCA Security API Protocols in Maude-NPA

Standards for cryptographic protocols have long been attractive candidates for formal verification. It is important that such standards be correct, and cryptographic protocols are tricky to design and subject to non-intuitive attacks even when the underlying cryptosystems are secure. Thus a number of general-purpose cryptographic protocol analysis tools have been developed and applied to protocol standards. However, there is one class of standards, security application programming interfaces (security APIs), to which few of these tools have been applied. Instead, most work has concentrated on developing special-purpose tools and algorithms for specific classes of security APIs. However, there can be much advantage gained from having general-purpose tools that could be applied to a wide class of problems, including security APIs. One particular class of APIs that has proven difficult to analyze using general-purpose tools is that involving exclusive-or. In this paper we analyze the IBM 4758 Common Cryptographic Architecture (CCA) protocol using an advanced automated protocol verification tool with full exclusive-or capabilities, the Maude-NPA tool. This is the first time that API protocols have been satisfactorily specified and analyzed in the Maude-NPA, and the first time XOR-based APIs have been specified and analyzed using a general-purpose unbounded session cryptographic protocol verification tool that provides direct support for AC theories. We describe our results and indicate what further research needs to be done to make such protocol analysis generally effective.Antonio González-Burgueño, Sonia Santiago and Santiago Escobar have been partially supported by the EU (FEDER) and the Spanish MINECO under grants TIN 2010-21062-C02-02 and TIN 2013-45732-C4-1-P, and by Generalitat Valenciana PROMETEO2011/052. José Meseguer has been partially supported by NSF Grant CNS 13-10109.González Burgueño, A.; Santiago Pinazo, S.; Escobar Román, S.; Meadows, C.; Meseguer, J. (2014). Analysis of the IBM CCA Security API Protocols in Maude-NPA. En Security Standardisation Research. Springer International Publishing. 111-130. https://doi.org/10.1007/978-3-319-14054-4_8S111130Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. ACM Trans. Inf. Syst. Secur. 10(3) (2007)Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW 2014), Cape Breton, Nova Scotia, Canada, June 2001, pp. 82–96. IEEE Computer Society (2014)Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220–234. Springer, Heidelberg (2001)Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A.: A formal analysis of some properties of kerberos 5 using msr. In: CSFW, pp. 175–1790. IEEE Computer Society (2002)Cachin, C., Chandran, N.: A secure cryptographic token interface. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium, CSF 2009, Port Jefferson, New York, USA, July 8-10, pp. 141–153 (2009)Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: 18th Annual IEEE Symposium on Logic in Computer Science, LICS 2003 (2003)Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive-or. In: 18th Annual IEEE Symposium on Logic in Computer Science (LICS 2003), pp. 271–280 (2003)Comon-Lundh, H., Cortier, V.: New decidability results for fragments of first-order logic and application to cryptographic protocols. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 148–164. Springer, Heidelberg (2003)Cortier, V., Keighren, G., Steel, G.: Automatic analysis of the aecurity of XOR-based key management schemes. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 538–552. Springer, Heidelberg (2007)Cortier, V., Steel, G.: A generic security API for symmetric key management on cryptographic devices. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 605–620. Springer, Heidelberg (2009)Erbatur, S., et al.: Effective Symbolic Protocol Analysis via Equational Irreducibility Conditions. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 73–90. Springer, Heidelberg (2012)Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007/2008/2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2007)Escobar, S., Meadows, C., Meseguer, J., Santiago, S.: Sequential Protocol Composition in Maude-NPA. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 303–318. Springer, Heidelberg (2010)Thayer Fabrega, F.J., Herzog, J., Guttman, J.: Strand Spaces: What Makes a Security Protocol Correct? Journal of Computer Security 7, 191–230 (1999)González-Burgueño, A.: Protocol Analysis Modulo Exclusive-Or Theories: A Case study in Maude-NPA. Master’s thesis, Universitat Politècnica de València (March 2014), https://angonbur.webs.upv.es/Previous_work/Master_Thesis.pdfIBM. Comment on Mike’s Bond paper A Chosen Key Difference Attack on Control Vectors (2001), http://www.cl.cam.ac.uk/~mkb23/research/CVDif-Response.pdfIBM. CCA basic services reference and guide: CCA basic services reference and guide for the IBM 4758 PCI and IBM 4764 (2001), http://www-03.ibm.com/security/cryptocards/pdfs/bs327.pdf.2008Keighren, G.: Model Checking IBM’s Common Cryptographic Architecture API. Technical Report 862, University of Edinburgh (October 2006)Kemmerer, R.A.: Using formal verification techniques to analyze encryption protocols. In: IEEE Symposium on Security and Privacy, pp. 134–139. IEEE Computer Society (1987)Küsters, R., Truderung, T.: Reducing protocol analysis with xor to the xor-free case in the horn theory based approach. J. Autom. Reasoning 46(3-4), 325–352 (2011)Linn, J.: Generic security service application program interface version 2, update 1. IETF RFC 2743 (2000), https://datatracker.ietf.org/doc/rfc2743Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Computers & Security 11(1), 75–89 (1992)Meadows, C.: Applying formal methods to the analysis of a key management protocol. Journal of Computer Security 1(1) (1992)Meadows, C.: The NRL protocol analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)Meadows, C., Cervesato, I., Syverson, P.: Specification and Analysis of the Group Domain of Interpretation Protocol using NPATRL and the NRL Protocol Analyzer. Journal of Computer Security 12(6), 893–932 (2004)Meadows, C.: Analysis of the internet key exchange protocol using the nrl protocol analyzer. In: IEEE Symposium on Security and Privacy, pp. 216–231. IEEE Computer Society (1999)Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic snalysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013)Mukhamedov, A., Gordon, A.D., Ryan, M.: Towards a verified reference implementation of a trusted platform module. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 69–81. Springer, Heidelberg (2013)National Institute of Standards and Technology. FIPS PUB 46-3: Data Encryption Standard (DES), supersedes FIPS 46-2 (October 1999)Nieuwenhuis, R. (ed.): CADE 2005. LNCS (LNAI), vol. 3632. Springer, Heidelberg (2005)Steel, G.: Deduction with xor constraints in security api modelling. In: Nieuwenhuis (ed.) [30], pp. 322–336Verma, K.N., Seidl, H., Schwentick, T.: On the complexity of equational horn clauses. In: Nieuwenhuis (ed.) [30], pp. 337–35

An Optimizing Protocol Transformation for Constructor Finite Variant Theories in Maude-NPA

[EN] Maude-NPA is an analysis tool for cryptographic security protocols that takes into account the algebraic properties of the cryptosystem. Maude-NPA can reason about a wide range of cryptographic properties. However, some algebraic properties, and protocols using them, have been beyond Maude-NPA capabilities, either because the cryptographic properties cannot be expressed using its equational unification features or because the state space is unmanageable. In this paper, we provide a protocol transformation that can safely get rid of cryptographic properties under some conditions. The time and space difference between verifying the protocol with all the crypto properties and verifying the protocol with a minimal set of the crypto properties is remarkable. We also provide, for the first time, an encoding of the theory of bilinear pairing into Maude-NPA that goes beyond the encoding of bilinear pairing available in the Tamarin toolPartially supported by the EU (FEDER) and the Spanish MCIU under grant RTI2018-094403-B-C32, by the Spanish Generalitat Valenciana under grant PROMETEO/2019/098, and by the US Air Force Office of Scientific Research under award number FA9550-17-1-0286. Julia Sapiña has been supported by the Generalitat Valenciana APOSTD/2019/127 grantAparicio-Sánchez, D.; Escobar Román, S.; Gutiérrez Gil, R.; Sapiña-Sanchis, J. (2020). An Optimizing Protocol Transformation for Constructor Finite Variant Theories in Maude-NPA. Springer Nature. 230-250. https://doi.org/10.1007/978-3-030-59013-0_12S230250Maude-NPA manual v3.1. http://maude.cs.illinois.edu/w/index.php/Maude_Tools:_Maude-NPAThe Tamarin-Prover Manual, 4 June 2019. https://tamarin-prover.github.io/manual/tex/tamarin-manual.pdfAl-Riyami, S.S., Paterson, K.G.: Tripartite authenticated key agreement protocols from pairings. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 332–359. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-40974-8_27Baader, F., Snyder, W.: Unification theory. In: Robinson, J.A., Voronkov, A. (eds.) Handbook of Automated Reasoning, vol. 1, pp. 447–533. Elsevier Science (2001)Baelde, D., Delaune, S., Gazeau, I., Kremer, S.: Symbolic verification of privacy-type properties for security protocols with XOR. In: 30th IEEE Computer Security Foundations Symposium, CSF 2017, pp. 234–248. IEEE Computer Society (2017)Blanchet, B.: Modeling and verifying security protocols with the applied pi calculus and ProVerif. Found. Trends Privacy Secur. 1(1–2), 1–135 (2016)Clavel, M., et al.: Maude manual (version 3.0). Technical report, SRI International, Computer Science Laboratory (2020). http://maude.cs.uiuc.eduComon-Lundh, H., Delaune, S.: The finite variant property: how to get rid of some algebraic properties. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 294–307. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-32033-3_22Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38Dreier, J., Duménil, C., Kremer, S., Sasse, R.: Beyond subterm-convergent equational theories in automated verification of stateful protocols. In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 117–140. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_6Escobar, S., Hendrix, J., Meadows, C., Meseguer, J.: Diffie-Hellman cryptographic reasoning in the Maude-NRL protocol analyzer. In: Proceedings of 2nd International Workshop on Security and Rewriting Techniques (SecReT 2007) (2007)Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1–2), 162–202 (2006)Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1Escobar, S., et al.: Protocol analysis in Maude-NPA using unification modulo homomorphic encryption. In: Proceedings of PPDP 2011, pp. 65–76. ACM (2011)Escobar, S., Meadows, C.A., Meseguer, J., Santiago, S.: State space reduction in the Maude-NRL protocol analyzer. Inf. Comput. 238, 157–186 (2014)Escobar, S., Sasse, R., Meseguer, J.: Folding variant narrowing and optimal variant termination. J. Log. Algebr. Program. 81(7–8), 898–928 (2012)Fabrega, F.J.T., Herzog, J.C., Guttman, J.D.: Strand spaces: why is a security protocol correct? In: Proceedings of IEEE Symposium on Security and Privacy, pp. 160–171 (1998)Guttman, J.D.: Security goals and protocol transformations. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 130–147. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27375-9_8Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000). https://doi.org/10.1007/10722028_23Kim, Y., Perrig, A., Tsudik, G.: Communication-efficient group key agreement. In: Dupuy, M., Paradinas, P. (eds.) SEC 2001. IIFIP, vol. 65, pp. 229–244. Springer, Boston, MA (2002). https://doi.org/10.1007/0-306-46998-7_16Küsters, R., Truderung, T.: Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In: IEEE Computer Security Foundations, pp. 157–171 (2009)Küsters, R., Truderung, T.: Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach. J. Autom. Reason. 46(3–4), 325–352 (2011)Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996)Meier, S., Cremers, C., Basin, D.: Strong invariants for the efficient construction of machine-checked protocol security proofs. In: 2010 23rd IEEE Computer Security Foundations Symposium, pp. 231–245 (2010)Meseguer, J.: Conditional rewriting logic as a united model of concurrency. Theoret. Comput. Sci. 96(1), 73–155 (1992)Meseguer, J.: Variant-based satisfiability in initial algebras. Sci. Comput. Program. 154, 3–41 (2018)Meseguer, J.: Generalized rewrite theories, coherence completion, and symbolic methods. J. Log. Algebr. Meth. Program. 110, 100483 (2020)Mödersheim, S., Viganò, L.: The open-source fixed-point model checker for symbolic analysis of security protocols. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 166–194. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_6Sasse, R., Escobar, S., Meadows, C., Meseguer, J.: Protocol analysis modulo combination of theories: a case study in Maude-NPA. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 163–178. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22444-7_11Schmidt, B., Sasse, R., Cremers, C., Basin, D.A.: Automated verification of group key agreement protocols. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 179–194. IEEE Computer Society (2014)Skeirik, S., Meseguer, J.: Metalevel algorithms for variant satisfiability. J. Log. Algebraic Methods Program. 96, 81–110 (2018)TeReSe: Term Rewriting Systems. Cambridge University Press, Cambridge (2003)Yang, F., Escobar, S., Meadows, C.A., Meseguer, J., Narendran, P.: Theories of homomorphic encryption, unification, and the finite variant property. In: Proceedings of PPDP 2014, pp. 123–133. ACM (2014

Brain tumour diagnostics using a DNA methylation-based classifier as a diagnostic support tool

Aims: Methylation profiling (MP) is increasingly incorporated in the diagnostic process of central nervous system (CNS) tumours at our centres in The Netherlands and Scandinavia. We aimed to identify the benefits and challenges of MP as a support tool for CNS tumour diagnostics. Methods: About 502 CNS tumour samples were analysed using (850 k) MP. Profiles were matched with the DKFZ/Heidelberg CNS Tumour Classifier. For each case, the final pathological diagnosis was compared to the diagnosis before MP. Results: In 54.4% (273/502) of all analysed cases, the suggested methylation class (calibrated score ≥0.9) corresponded with the initial pathological diagnosis. The diagnosis of 24.5% of these cases (67/273) was more refined after incorporation of the MP result. In 9.8% of cases (49/502), the MP result led to a new diagnosis, resulting in an altered WHO grade in 71.4% of these cases (35/49). In 1% of cases (5/502), the suggested class based on MP was initially disregarded/interpreted as misleading, but in retrospect, the MP result predicted the right diagnosis for three of these cases. In six cases, the suggested class was interpreted as ‘discrepant but noncontributory’. The remaining 33.7% of cases (169/502) had a calibrated score <0.9, including 7.8% (39/502) for which no class indication was given at all (calibrated score <0.3). Conclusions: MP is a powerful tool to confirm and fine-tune the pathological diagnosis of CNS tumours, and to avoid misdiagnoses. However, it is crucial to interpret the results in the context of clinical, radiological, histopathological and other molecular information

Neuroinflammation and structural injury of the fetal ovine brain following intra-amniotic Candida albicans exposure.

BackgroundIntra-amniotic Candida albicans (C. Albicans) infection is associated with preterm birth and high morbidity and mortality rates. Survivors are prone to adverse neurodevelopmental outcomes. The mechanisms leading to these adverse neonatal brain outcomes remain largely unknown. To better understand the mechanisms underlying C. albicans-induced fetal brain injury, we studied immunological responses and structural changes of the fetal brain in a well-established translational ovine model of intra-amniotic C. albicans infection. In addition, we tested whether these potential adverse outcomes of the fetal brain were improved in utero by antifungal treatment with fluconazole.MethodsPregnant ewes received an intra-amniotic injection of 10(7) colony-forming units C. albicans or saline (controls) at 3 or 5 days before preterm delivery at 0.8 of gestation (term ~ 150 days). Fetal intra-amniotic/intra-peritoneal injections of fluconazole or saline (controls) were administered 2 days after C. albicans exposure. Post mortem analyses for fungal burden, peripheral immune activation, neuroinflammation, and white matter/neuronal injury were performed to determine the effects of intra-amniotic C. albicans and fluconazole treatment.ResultsIntra-amniotic exposure to C. albicans caused a severe systemic inflammatory response, illustrated by a robust increase of plasma interleukin-6 concentrations. Cerebrospinal fluid cultures were positive for C. albicans in the majority of the 3-day C. albicans-exposed animals whereas no positive cultures were present in the 5-day C. albicans-exposed and fluconazole-treated animals. Although C. albicans was not detected in the brain parenchyma, a neuroinflammatory response in the hippocampus and white matter was seen which was characterized by increased microglial and astrocyte activation. These neuroinflammatory changes were accompanied by structural white matter injury. Intra-amniotic fluconazole reduced fetal mortality but did not attenuate neuroinflammation and white matter injury.ConclusionsIntra-amniotic C. albicans exposure provoked acute systemic and neuroinflammatory responses with concomitant white matter injury. Fluconazole treatment prevented systemic inflammation without attenuating cerebral inflammation and injury

Improved discrimination of melanotic schwannoma from melanocytic lesions by combined morphological and GNAQ mutational analysis

The histological differential diagnosis between melanotic schwannoma, primary leptomeningeal melanocytic lesions and cellular blue nevus can be challenging. Correct diagnosis of melanotic schwannoma is important to select patients who need clinical evaluation for possible association with Carney complex. Recently, we described the presence of activating codon 209 mutations in the GNAQ gene in primary leptomeningeal melanocytic lesions. Identical codon 209 mutations have been described in blue nevi. The aims of the present study were to (1) perform a histological review of a series of lesions (initially) diagnosed as melanotic schwannoma and analyze them for GNAQ mutations, and (2) test the diagnostic value of GNAQ mutational analysis in the differential diagnosis with leptomeningeal melanocytic lesions. We retrieved 25 cases that were initially diagnosed as melanotic schwannoma. All cases were reviewed using established criteria and analyzed for GNAQ codon 209 mutations. After review, nine cases were classified as melanotic schwannoma. GNAQ mutations were absent in these nine cases. The remaining cases were reclassified as conventional schwannoma (n = 9), melanocytoma (n = 4), blue nevus (n = 1) and lesions that could not be classified with certainty as melanotic schwannoma or melanocytoma (n = 2). GNAQ codon 209 mutations were present in 3/4 melanocytomas and the blue nevus. Including results from our previous study in leptomeningeal melanocytic lesions, GNAQ mutations were highly specific (100%) for leptomeningeal melanocytic lesions compared to melanotic schwannoma (sensitivity 43%). We conclude that a detailed analysis of morphology combined with GNAQ mutational analysis can aid in the differential diagnosis of melanotic schwannoma with leptomeningeal melanocytic lesions

Mutations in Potassium Channel KCND3 Cause Spinocerebellar Ataxia Type 19

OBJECTIVE: To identify the causative gene for the neurodegenerative disorder spinocerebellar ataxia type 19 (SCA19) located on chromosomal region 1p21-q21. METHODS: Exome sequencing was used to identify the causal mutation in a large SCA19 family. We then screened 230 ataxia families for mutations located in the same gene (KCND3, also known as Kv4.3) using high-resolution melting. SCA19 brain autopsy material was evaluated, and in vitro experiments using ectopic expression of wild-type and mutant Kv4.3 were used to study protein localization, stability, and channel activity by patch-clamping. RESULTS: We detected a T352P mutation in the third extracellular loop of the voltage-gated potassium channel KCND3 that cosegregated with the disease phenotype in our original family. We identified 2 more novel missense mutations in the channel pore (M373I) and the S6 transmembrane domain (S390N) in 2 other ataxia families. T352P cerebellar autopsy material showed severe Purkinje cell degeneration, with abnormal intracellular accumulation and reduced protein levels of Kv4.3 in their soma. Ectopic expression of all mutant proteins in HeLa cells revealed retention in the endoplasmic reticulum and enhanced protein instability, in contrast to wild-type Kv4.3 that was localized on the plasma membrane. The regulatory β subunit Kv channel interacting protein 2 was able to rescue the membrane localization and the stability of 2 of the 3 mutant Kv4.3 complexes. However, this either did not restore the channel function of the membrane-located mutant Kv4.3 complexes or restored it only partially. INTERPRETATION: KCND3 mutations cause SCA19 by impaired protein maturation and/or reduced channel function

Activating mutations of the GNAQ gene: a frequent event in primary melanocytic neoplasms of the central nervous system

Primary melanocytic neoplasms of the central nervous system (CNS) are uncommon neoplasms derived from melanocytes that normally can be found in the leptomeninges. They cover a spectrum of malignancy grades ranging from low-grade melanocytomas to lesions of intermediate malignancy and overtly malignant melanomas. Characteristic genetic alterations in this group of neoplasms have not yet been identified. Using direct sequencing, we investigated 19 primary melanocytic lesions of the CNS (12 melanocytomas, 3 intermediate-grade melanocytomas, and 4 melanomas) for hotspot oncogenic mutations commonly found in melanocytic tumors of the skin (BRAF, NRAS, and HRAS genes) and uvea (GNAQ gene). Somatic mutations in the GNAQ gene at codon 209, resulting in constitutive activation of GNAQ, were detected in 7/19 (37%) tumors, including 6/12 melanocytomas, 0/3 intermediate-grade melanocytomas, and 1/4 melanomas. These GNAQ-mutated tumors were predominantly located around the spinal cord (6/7). One melanoma carried a BRAF point mutation that is frequently found in cutaneous melanomas (c.1799 T>A, p.V600E), raising the question whether this is a metastatic rather than a primary tumor. No HRAS or NRAS mutations were detected. We conclude that somatic mutations in the GNAQ gene at codon 209 are a frequent event in primary melanocytic neoplasms of the CNS. This finding provides new insight in the pathogenesis of these lesions and suggests that GNAQ-dependent mitogen-activated kinase signaling is a promising therapeutic target in these tumors. The prognostic and predictive value of GNAQ mutations in primary melanocytic lesions of the CNS needs to be determined in future studies