Using a virtual machine to protect sensitive Grid resources

Most Grid systems rely on their operating systems (OSs) to protect their sensitive files and networks. Unfortunately, modern OSs are very complex and it is difficult to completely avoid intrusions. Once intruders compromise the OS and gain system privilege, they can easily disable or bypass the OS security protections. This paper proposes a secure virtual Grid system, SVGrid, to protect sensitive system resources. SVGrid works by isolating Grid applications in Grid virtual machines. The Grid virtual machines' filesystem and network services are moved into a dedicated monitor virtual machine. All file and network accesses are forced to go through this monitor virtual machine, where SVGrid checks request parameters and only accepts the requests that comply with security rules. Because SVGrid enforces security policy in the isolated monitor virtual machine, it can continue to protect sensitive files and networks even if a Grid virtual machine is compromised. We tested SVGrid against attacks on Grid virtual machines. SVGrid was able to prevent all of them from accessing files and networks maliciously. We also evaluated the performance of SVGrid and found that performance cost was reasonable considering the security benefits of SVGrid. Furthermore, the experimental results show that the virtual remote procedure call mechanism proposed in this paper significantly improves system performance. Copyright © 2006 John Wiley & Sons, Ltd.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/56163/1/1134_ftp.pd

Predicting breast cancer response to neoadjuvant treatment using multi-feature MRI: results from the I-SPY 2 TRIAL.

Dynamic contrast-enhanced (DCE) MRI provides both morphological and functional information regarding breast tumor response to neoadjuvant chemotherapy (NAC). The purpose of this retrospective study is to test if prediction models combining multiple MRI features outperform models with single features. Four features were quantitatively calculated in each MRI exam: functional tumor volume, longest diameter, sphericity, and contralateral background parenchymal enhancement. Logistic regression analysis was used to study the relationship between MRI variables and pathologic complete response (pCR). Predictive performance was estimated using the area under the receiver operating characteristic curve (AUC). The full cohort was stratified by hormone receptor (HR) and human epidermal growth factor receptor 2 (HER2) status (positive or negative). A total of 384 patients (median age: 49 y/o) were included. Results showed analysis with combined features achieved higher AUCs than analysis with any feature alone. AUCs estimated for the combined versus highest AUCs among single features were 0.81 (95% confidence interval [CI]: 0.76, 0.86) versus 0.79 (95% CI: 0.73, 0.85) in the full cohort, 0.83 (95% CI: 0.77, 0.92) versus 0.73 (95% CI: 0.61, 0.84) in HR-positive/HER2-negative, 0.88 (95% CI: 0.79, 0.97) versus 0.78 (95% CI: 0.63, 0.89) in HR-positive/HER2-positive, 0.83 (95% CI not available) versus 0.75 (95% CI: 0.46, 0.81) in HR-negative/HER2-positive, and 0.82 (95% CI: 0.74, 0.91) versus 0.75 (95% CI: 0.64, 0.83) in triple negatives. Multi-feature MRI analysis improved pCR prediction over analysis of any individual feature that we examined. Additionally, the improvements in prediction were more notable when analysis was conducted according to cancer subtype

Accelerating Medicines Partnership® Schizophrenia (AMP® SCZ): Rationale and Study Design of the Largest Global Prospective Cohort Study of Clinical High Risk for Psychosis

This article describes the rationale, aims, and methodology of the Accelerating Medicines Partnership® Schizophrenia (AMP® SCZ). This is the largest international collaboration to date that will develop algorithms to predict trajectories and outcomes of individuals at clinical high risk (CHR) for psychosis and to advance the development and use of novel pharmacological interventions for CHR individuals. We present a description of the participating research networks and the data processing analysis and coordination center, their processes for data harmonization across 43 sites from 13 participating countries (recruitment across North America, Australia, Europe, Asia, and South America), data flow and quality assessment processes, data analyses, and the transfer of data to the National Institute of Mental Health (NIMH) Data Archive (NDA) for use by the research community. In an expected sample of approximately 2000 CHR individuals and 640 matched healthy controls, AMP SCZ will collect clinical, environmental, and cognitive data along with multimodal biomarkers, including neuroimaging, electrophysiology, fluid biospecimens, speech and facial expression samples, novel measures derived from digital health technologies including smartphone-based daily surveys, and passive sensing as well as actigraphy. The study will investigate a range of clinical outcomes over a 2-year period, including transition to psychosis, remission or persistence of CHR status, attenuated positive symptoms, persistent negative symptoms, mood and anxiety symptoms, and psychosocial functioning. The global reach of AMP SCZ and its harmonized innovative methods promise to catalyze the development of new treatments to address critical unmet clinical and public health needs in CHR individuals

Protecting Confidential Information from Malicious Software.

Protecting confidential information is a major concern for organizations and individuals alike, who stand to suffer huge losses if private data falls into the wrong hands. One of the primary threats to confidentiality is malicious software, which is estimated to already reside on 100 to 150 million computers. Current security controls, such as anti-virus software and intrusion detection systems, are inadequate at preventing malware infection. Due to its diversity and the openness of personal computing systems, eliminating malware is a difficult, open problem that is unlikely to go away in the near future. Yet, computers that are infected with malicious software and connected to the Internet still need access to sensitive information. The first security system introduced in this thesis, named Capsule, protects locally- modified confidential files. Capsule allows a compromised machine to securely view and edit encrypted files without malware being able to steal their contents. It achieves this goal by taking a checkpoint of system state, disabling network device output, and switching into secure mode. When the user is finished editing the sensitive file, Capsule re-encrypts it with an isolated module, restores the system to its original state, and re-enables device output. For files that can be edited offline, Capsule delivers guaranteed confidentiality against malicious software. Not all access to confidential information can be isolated from network activity. Some applications, such as online banking, necessitate interaction with both sensitive data and the Internet simultaneously. The network monitoring systems introduced in this thesis seek to maintain confidentiality in such scenarios. The specific contributions include: (1) methods for detecting and classifying web traffic generated by network applications; (2) algorithms for quantifying information leakage in outbound web traffic; and (3) an approach for identifying unwanted web traffic by excluding benign traffic with a whitelist. We evaluate these systems on live network traffic from several hundred computers to show their effectiveness in detecting real confidentiality threats with a low false-positive rate. This thesis raises the bar significantly for malicious software attempting to breach confidentiality, and limits the rate at which data can be stolen from a network.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/63795/1/kborders_1.pd

Web tap: Detecting covert web traffic

As network security is a growing concern, system administrators lock down their networks by closing inbound ports and only allowing outbound communication over selected protocols such as HTTP. Hackers, in turn, are forced to find ways to communicate with compromised workstations by tunneling through web requests. While several tools attempt to analyze inbound traffic for denial-of-service and other attacks on web servers, Web Tap’s focus is on detecting attempts to send significant amounts of information out via HTTP tunnels to rogue Web servers from within an otherwise firewalled network. A related goal of Web Tap is to help detect spyware programs, which often send out personal data to servers using HTTP transactions and may open up security holes in the network. Based on the analysis of HTTP traffic over a training period, we designed filters to help detect anomalies in outbound HTTP traffic using metrics such as request regularity, bandwidth usage, interrequest delay time, and transaction size. Subsequently, Web Tap was evaluated on several available HTTP covert tunneling programs as well as a test backdoor program, which creates a remote shell from outside the network to a protected machine using only outbound HTTP transactions. Web Tap’s filters detected all the tunneling programs tested after modest use. Web Tap also analyzed the activity of approximately thirty faculty and students who agreed to use it as a proxy server over a 40 day period. It successfully detected a significant number of spyware and adware programs. This paper presents the design of Web Tap, results from its evaluation, as well as potential limits to Web Tap’s capabilities