Clinical Significance of an Unusual Variation : Anomalous additional belly of the sternothyroid muscle

The infrahyoid muscles are involved in vocalisation and swallowing; among these, the sternothyroid muscle is derived from the common primitive sheet. The improper differentiation of this muscle may therefore result in morphological variations. We report an unusual variation found during the dissection of a 65-year-old male cadaver at the Sri Manakula Vinayagar Medical College, Madagadipet, Pondicherry, India, in 2015. An anomalous belly of the right sternothyroid muscle was observed between the internal jugular (IJ) vein and the internal carotid artery with an additional insertion into the tympanic plate and petrous part of the temporal bone and the presence of a levator glandulae thyroideae muscle. The anomalous muscle may compress the IJ vein if it is related to the neurovascular structures of neck; hence, knowledge of variations of the infrahyoid muscles can aid in the evaluation of IJ vein compression among patients with idiopathic symptoms resulting from venous congestion

On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible

BrowserAudit: Automated testing of browser security features

The security of the client side of a web application relies on browser features such as cookies, the same-origin policy and HTTPS. As the client side grows increasingly powerful and sophisticated, browser vendors have stepped up their offering of security mechanisms which can be leveraged to protect it. These are often introduced experimentally and informally and, as adoption increases, gradually become standardised (e.g., CSP, CORS and HSTS). Considering the diverse landscape of browser vendors, releases, and customised versions for mobile and embedded devices, there is a compelling need for a systematic assessment of browser security. We present BrowserAudit, a tool for testing that a deployed browser enforces the guarantees implied by the main standardised and experimental security mechanisms. It includes more than 400 fully-automated tests that exercise a broad range of security features, helping web users, application developers and security researchers to make an informed security assessment of a deployed browser. We validate BrowserAudit by discovering both fresh and known security-related bugs in major browsers. Copyright is held by the owner/author(s)

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25182-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysi

A Retrospective Look at the Monitoring and Checking (MaC) Framework

The Monitoring and Checking (MaC) project gave rise to a framework for runtime monitoring with respect to formally specified properties, which later came to be known as runtime verification. The project also built a pioneering runtime verification tool, Java-MaC, that was an instantiation of the approach to check properties of Java programs. In this retrospective, we discuss decisions made in the design of the framework and summarize lessons learned in the course of the project

towards formal validation of trust and security in the internet of services

Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination of functionalities, etc., due to the subtle and unforeseeable situations and behaviors that can arise from this panoply of choices. This often results in the release of flawed products to end-users. This issue can be significantly mitigated by empowering designers and developers with tools that offer easy to use graphical interfaces and notations, while employing established verification techniques to efficiently tackle industrial-size problems. The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance

Magnetic resonance imaging of the knee in Norway 2002–2004 (national survey): rapid increase, older patients, large geographic differences

<p>Abstract</p> <p>Background</p> <p>Magnetic resonance imaging (MRI) of the knee is the second most common MRI examination in Norway after head/brain MRI. Little has been published internationally on trends in the use of knee MRI after 1999. This study aimed to describe levels and trends in ambulant knee MRI utilisation in Norway 2002–2004 in relation to type of radiology service, geographic regions, number of MRI-scanners, patient age and gender, and type of referring health care provider.</p> <p>Methods</p> <p>We analysed administrative data on all claims for reimbursement of ambulant knee MRI performed in Norway in 2002, 2003 and 2004 and noted nominal reimbursement. We also recorded the referring health care provider from clinical requests of ambulant knee MRI done consecutively during two months in 2004 at one private institute and three hospitals. Number of MRI-scanners was given by manufacturers and radiology services.</p> <p>Results</p> <p>In Norway, the rate of knee MRI claims for 2004 was 15.6 per 1000 persons. This rate was 74% higher in East than in North region (18.4 vs. 10.6), slightly higher for men than women (16.4 vs. 14.7) and highest for ages 50–59 years (29.0) and 60–69 years (21.2). Most claims (76% for 2004) came from private radiology services. In 2004, the referring health care provider was a general practitioner in 63% of claims (unspecified in 24%) and in 83.5% (394/472) of clinical requests. From 2002 to 2004, the rate of knee MRI claims increased 64%. In the age group 50 years or above the increase was 86%. Rate of MRI-scanners increased 43% to 21 scanners per million persons in 2004. Reimbursement for knee MRI claims (nominal value) increased 80% to 70 million Norwegian kroner in 2004.</p> <p>Conclusion</p> <p>Ambulant knee MRI utilisation in Norway increases rapidly especially for patients over 50, and shows large geographic differences. Evaluation of clinical outcomes of this activity is needed together with clinical guidelines for use of knee MRI.</p