CAge: Taming Certificate Authorities by Inferring Restricted Scopes

Abstract. The existing HTTPS public-key infrastructure (PKI) uses a coarse-grained trust model: either a certificate authority (CA) is trusted by browsers to vouch for the identity of any domain or it is not trusted at all. More than 1200 root and intermediate CAs can currently sign certificates for any domain and be trusted by popular browsers. This violates the principle of least privilege and creates an excessively large attack surface, as highlighted by recent CA compromises. In this paper, we present CAge, a mechanism that browser makers can apply to drastically reduce the excessive trust placed in CAs without fundamentally altering the CA ecosystem or breaking existing practice. CAge works by imposing restrictions on the set of top-level domains (TLDs) under which each CA is trusted to sign certs. Our key observation, based on an Internet-wide survey of TLS certs, is that CAs commonly sign for sites in only a handful of TLDs. We show that it is possible to algorithmically infer reasonable restrictions on CAs ’ trusted scopes based on this behavior, and we present evidence that browser-enforced inferred scopes would be a durable and effective way to reduce the attack surface of the HTTPS PKI. We find that simple inference rules can reduce the attack surface by nearly a factor of ten without hindering 99 % of CA activity over a 6 month period.

Nonlinear Differential Equations Satisfied by Certain Classical Modular Forms

A unified treatment is given of low-weight modular forms on \Gamma_0(N), N=2,3,4, that have Eisenstein series representations. For each N, certain weight-1 forms are shown to satisfy a coupled system of nonlinear differential equations, which yields a single nonlinear third-order equation, called a generalized Chazy equation. As byproducts, a table of divisor function and theta identities is generated by means of q-expansions, and a transformation law under \Gamma_0(4) for the second complete elliptic integral is derived. More generally, it is shown how Picard-Fuchs equations of triangle subgroups of PSL(2,R) which are hypergeometric equations, yield systems of nonlinear equations for weight-1 forms, and generalized Chazy equations. Each triangle group commensurable with \Gamma(1) is treated.Comment: 40 pages, final version, accepted by Manuscripta Mathematic

Dendritic Cells in Chronic Mycobacterial Granulomas Restrict Local Anti-Bacterial T Cell Response in a Murine Model

Background: Mycobacterium-induced granulomas are the interface between bacteria and host immune response. During acute infection dendritic cells (DCs) are critical for mycobacterial dissemination and activation of protective T cells. However, their role during chronic infection in the granuloma is poorly understood. Methodology/Principal Findings: We report that an inflammatory subset of murine DCs are present in granulomas induced by Mycobacteria bovis strain Bacillus Calmette-guerin (BCG), and both their location in granulomas and costimulatory molecule expression changes throughout infection. By flow cytometric analysis, we found that CD11c + cells in chronic granulomas had lower expression of MHCII and co-stimulatory molecules CD40, CD80 and CD86, and higher expression of inhibitory molecules PD-L1 and PD-L2 compared to CD11c + cells from acute granulomas. As a consequence of their phenotype, CD11c + cells from chronic lesions were unable to support the reactivation of newly-recruited, antigen 85Bspecific CD4 + IFNc + T cells or induce an IFNc response from naïve T cells in vivo and ex vivo. The mechanism of this inhibition involves the PD-1:PD-L signaling pathway, as ex vivo blockade of PD-L1 and PD-L2 restored the ability of isolated CD11c + cells from chronic lesions to stimulate a protective IFNc T cell response. Conclusions/Significance: Our data suggest that DCs in chronic lesions may facilitate latent infection by down-regulating protective T cell responses, ultimately acting as a shield that promotes mycobacterium survival. This DC shield may explai

Re-cycling paradigms: cell cycle regulation in adult hippocampal neurogenesis and implications for depression

Since adult neurogenesis became a widely accepted phenomenon, much effort has been put in trying to understand the mechanisms involved in its regulation. In addition, the pathophysiology of several neuropsychiatric disorders, such as depression, has been associated with imbalances in adult hippocampal neurogenesis. These imbalances may ultimately reflect alterations at the cell cycle level, as a common mechanism through which intrinsic and extrinsic stimuli interact with the neurogenic niche properties. Thus, the comprehension of these regulatory mechanisms has become of major importance to disclose novel therapeutic targets. In this review, we first present a comprehensive view on the cell cycle components and mechanisms that were identified in the context of the homeostatic adult hippocampal neurogenic niche. Then, we focus on recent work regarding the cell cycle changes and signaling pathways that are responsible for the neurogenesis imbalances observed in neuropathological conditions, with a particular emphasis on depression

On the Origin of Scanning: The Impact of Location on Internet-Wide Scans

Fast IPv4 scanning has enabled researchers to answer a wealth of security and networking questions. Yet, despite widespread use, there has been little validation of the methodology’s accuracy, including whether a single scan provides sufficient coverage. In this paper, we analyze how scan origin affects the results of Internet-wide scans by completing three HTTP, HTTPS, and SSH scans from seven geographically and topologically diverse networks. We find that individual origins miss an average 1.6–8.4% of HTTP, 1.5–4.6% of HTTPS, and 8.3–18.2% of SSH hosts. We analyze why origins see different hosts, and show how permanent and temporary blocking, packet loss, geographic biases, and transient outages affect scan results. We discuss the implications for scanning and provide recommendations for future studies

Lawson criterion for ignition exceeded in an inertial fusion experiment

For more than half a century, researchers around the world have been engaged in attempts to achieve fusion ignition as a proof of principle of various fusion concepts. Following the Lawson criterion, an ignited plasma is one where the fusion heating power is high enough to overcome all the physical processes that cool the fusion plasma, creating a positive thermodynamic feedback loop with rapidly increasing temperature. In inertially confined fusion, ignition is a state where the fusion plasma can begin "burn propagation" into surrounding cold fuel, enabling the possibility of high energy gain. While "scientific breakeven" (i.e., unity target gain) has not yet been achieved (here target gain is 0.72, 1.37 MJ of fusion for 1.92 MJ of laser energy), this Letter reports the first controlled fusion experiment, using laser indirect drive, on the National Ignition Facility to produce capsule gain (here 5.8) and reach ignition by nine different formulations of the Lawson criterion

Hyperreactive onchocerciasis is characterized by a combination of Th17-Th2 immune responses and reduced regulatory T cells

<div><p>Clinical manifestations in onchocerciasis range from generalized onchocerciasis (GEO) to the rare but severe hyperreactive (HO)/sowda form. Since disease pathogenesis is associated with host inflammatory reactions, we investigated whether Th17 responses could be related to aggravated pathology in HO. Using flow cytometry, filarial-specific cytokine responses and PCR arrays, we compared the immune cell profiles, including Th subsets, in individuals presenting the two polar forms of infection and endemic normals (EN). In addition to elevated frequencies of memory CD4⁺ T cells, individuals with HO showed accentuated Th17 and Th2 profiles but decreased CD4⁺CD25^hiFoxp3⁺ regulatory T cells. These profiles included increased IL-17A⁺, IL-4⁺, RORC2⁺ and GATA3⁺CD4⁺ T cell populations. Flow cytometry data was further confirmed using a PCR array since Th17-related genes (IL-17 family members, IL-6, IL-1β and IL-22) and Th2-related (IL-4, IL-13, STAT6) genes were all significantly up-regulated in HO individuals. In addition, stronger <i>Onchocerca volvulus</i>-specific Th2 responses, especially IL-13, were observed <i>in vitro</i> in hyperreactive individuals when compared to GEO or EN groups. This study provides initial evidence that elevated frequencies of Th17 and Th2 cells form part of the immune network instigating the development of severe onchocerciasis.</p></div