Practical whole-system provenance capture

Data provenance describes how data came to be in its present form. It includes data sources and the transformations that have been applied to them. Data provenance has many uses, from forensics and security to aiding the reproducibility of scientific experiments. We present CamFlow, a whole-system provenance capture mechanism that integrates easily into a PaaS offering. While there have been several prior whole-system provenance systems that captured a comprehensive, systemic and ubiquitous record of a system’s behavior, none have been widely adopted. They either A) impose too much overhead, B) are designed for long-outdated kernel releases and are hard to port to current systems, C) generate too much data, or D) are designed for a single system. CamFlow addresses these shortcoming by: 1) leveraging the latest kernel design advances to achieve efficiency; 2) using a self-contained, easily maintainable implementation relying on a Linux Security Module, NetFilter, and other existing kernel facilities; 3) providing a mechanism to tailor the captured provenance data to the needs of the application; and 4) making it easy to integrate provenance across distributed systems. The provenance we capture is streamed and consumed by tenant-built auditor applications. We illustrate the usability of our implementation by describing three such applications: demonstrating compliance with data regulations; performing fault/intrusion detection; and implementing data loss prevention. We also show how CamFlow can be leveraged to capture meaningful provenance without modifying existing applications.Engineering and Applied Science

What If I Don't Treat My PSA-Detected Prostate Cancer? Answers from Three Natural History Models

Background: Making an informed decision about treating a prostate cancer detected after a routine prostate-specific antigen (PSA) test requires knowledge about disease natural history, such as the chances that it would have been clinically diagnosed in the absence of screening and that it would metastasize or lead to death in the absence of treatment. Methods: We use three independently developed models of prostate cancer natural history to project risks of clinical progression events and disease-specific deaths for PSA-detected cases assuming they receive no primary treatment. Results: The three models project that 20%-33% of men have preclinical onset; of these 38%-50% would be clinically diagnosed and 12%-25% would die of the disease in the absence of screening and primary treatment. The risk that men age less than 60 at PSA detection with Gleason score 2-7 would be clinically diagnosed in the absence of screening is 67%-93% and would die of the disease in the absence of primary treatment is 23%-34%. For Gleason score 8 to 10 these risks are 90%-96% and 63%-83%. Conclusions: Risks of disease progression among untreated PSA-detected cases can be nontrivial, particularly for younger men and men with high Gleason scores. Model projections can be useful for informing decisions about treatment. Impact: This is the first study to project population-based natural history summaries in the absence of screening or primary treatment and risks of clinical progression events following PSA detection in the absence of primary treatment. Cancer Epidemiol Biomarkers Prev; 20(5); 740-50. (C)2011 AACR

Development of a Core Outcome Set for Therapeutic Studies in Eosinophilic Esophagitis (COREOS).

BACKGROUND Endpoints used to determine treatment efficacy in eosinophilic esophagitis (EoE) have evolved over time. With multiple novel therapies in development for EoE, harmonization of outcomes measures will facilitate evidence synthesis and appraisal when comparing different treatments. OBJECTIVE To develop a core outcome set (COS) for controlled and observational studies of pharmacologic and diet interventions in adult and pediatric patients with EoE. METHODS Candidate outcomes were generated from systematic literature reviews and patient engagement interviews and surveys. Consensus was established using an iterative Delphi process, with items voted on using a 9-point Likert scale and with feedback from other participants to allow score refinement. Consensus meetings were held to ratify the outcome domains of importance and the core outcome measures. Stakeholders were recruited internationally and included adult and pediatric gastroenterologists, allergists, dieticians, pathologists, psychologists, researchers, and methodologists. RESULTS The COS consists of four outcome domains for controlled and observational studies: histopathology, endoscopy, patient-reported symptoms, and EoE-specific quality of life (QoL). A total of 69 stakeholders (response rate 95.8%) prioritized 42 outcomes in a two-round Delphi process and the final ratification meeting generated consensus on 33 outcome measures. These included measurement of the peak eosinophil count, EoE Histology Scoring System, EoE Endoscopic Reference Score, and patient-reported measures of dysphagia and QoL. CONCLUSIONS This interdisciplinary collaboration involving global stakeholders has produced a COS that can be applied to adult and pediatric studies of pharmacologic and diet therapies for EoE, which will facilitate meaningful treatment comparisons and improve the quality of data synthesis

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

International audienceDespite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such an approach may put the system into a degraded mode. This degraded mode prevents attackers to reinfect the system or to achieve their goals if they managed to reinfect it. It maintains the availability of core functions while waiting forpatches to be deployed. We devised a cost-sensitive response selection process to ensure that while the service is in a degraded mode, its core functions are still operating. We built a Linux-based prototype and evaluated the effectiveness of our approach against different types of intrusions. The results show that our solution removes the effects of the intrusions, that it can select appropriate responses, and that it allows services to survive when reinfected. In terms of performance overhead, in most cases, we observed a small overhead, except in the rare case of services that write many small files asynchronously in a burst, where we observed a higher but acceptable overhead

Alignment of parent- and child-reported outcomes and histology in eosinophilic esophagitis across multiple CEGIR sites.

BACKGROUND: Patient-reported outcome metrics for eosinophilic esophagitis (EoE) have been developed and validated but not used in a multicenter pediatric population or systematically aligned with histology. OBJECTIVE: We sought to understand (1) the potential of caregiver report to predict patient self-reported symptoms and (2) the correlation of patient-reported outcome domains with histology. METHODS: Patients with EoE (n = 310) and their parents participating in the Consortium of Gastrointestinal Eosinophilic Disease Researchers (CEGIR) observational clinical trial were queried for baseline patient symptoms and quality of life (QOL) by using the Pediatric Eosinophilic Esophagitis Symptom Score, version 2 (PEESSv2.0), and the Pediatric QOL EoE module (PedsQL-EoE), and biopsy specimens were analyzed by using the EoE Histology Scoring System. RESULTS: PEESSv2.0 parental and child reports aligned across all domains (r = 0.68-0.73, P < .001). PedsQL-EoE reports correlated between parents and children across ages and multiple domains (r = 0.48-0.79, P < .001). There was a tight correlation between symptoms on PEESSv2.0 and their effects on QOL both on self-report and parental report (P < .001). Self-reported symptoms on PEESSv2.0 (positively) and PedsQL-EoE (inversely) showed a weak correlation with proximal, but not distal, peak eosinophil counts and features and architectural tissue changes on the EoE Histology Scoring System (P < .05). CONCLUSIONS: Parents of children with EoE aged 3 to 18 years accurately reflected their childrens disease symptoms and QOL. Self- and parent-reported symptoms correlate with proximal esophageal histology. Our data suggest that parental report in young children can function as an adequate marker for self-reported symptoms and that self-reported symptoms can reflect changes in tissue histology in the proximal esophagus. These findings should be considered during clinical trials for drug development

The impact of PLCO control arm contamination on perceived PSA screening efficacy

PURPOSE: To quantify the extent to which a clinically significant prostate cancer mortality reduction due screening could have been masked by control arm screening (contamination) in the Prostate, Lung, Colorectal, and Ovarian (PLCO) trial. METHODS: We used three independently developed models of prostate cancer natural history to conduct a virtual PLCO trial. Simulated participants underwent pre-trial screening based on population patterns. The intervention arm followed observed compliance during the trial then resumed population screening. A contaminated control arm followed observed contamination during the trial then resumed population screening, while an uncontaminated control arm discontinued screening upon entry. We assumed a clinically significant screening benefit, applied population treatments and survival patterns, and calculated mortality rate ratios relative to the contaminated and uncontaminated control arms. RESULTS: The virtual trial reproduced observed incidence, including stage and grade distributions, and control arm mortality after 10 years of complete follow-up. Under the assumed screening benefit, the three models found that contamination increased the mortality rate ratio from 0.68–0.77 to 0.86–0.91, increased the chance of excess mortality in the intervention arm from 0–4% to 15–28%, and decreased the power of the trial to detect a mortality difference from 40–70% to 9–25%. CONCLUSIONS: Our computer simulation models indicate that contamination substantially limited the ability of the PLCO to identify a clinically significant screening benefit. While the trial shows annual screening doesn’t reduce mortality relative to population screening, contamination prevents concluding whether screening reduces mortality relative to no screening