A logic-based reasoner for discovering authentication vulnerabilities between interconnected accounts

With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts. This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user ac- counts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise

An Attack Graph-Based Probabilistic Security Metric

Abstract. To protect critical resources in today’s networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal re-lationships between vulnerabilities, namely, attack graph. This paper proposes an attack graph-based probabilistic metric for network security and studies its effi-cient computation. We first define the basic metric and provide an intuitive and meaningful interpretation to the metric. We then study the definition in more com-plex attack graphs with cycles and extend the definition accordingly. We show that computing the metric directly from its definition is not efficient in many cases and propose heuristics to improve the efficiency of such computation.

Direct Visualization by Cryo-EM of the Mycobacterial Capsular Layer: A Labile Structure Containing ESX-1-Secreted Proteins

The cell envelope of mycobacteria, a group of Gram positive bacteria, is composed of a plasma membrane and a Gram-negative-like outer membrane containing mycolic acids. In addition, the surface of the mycobacteria is coated with an ill-characterized layer of extractable, non-covalently linked glycans, lipids and proteins, collectively known as the capsule, whose occurrence is a matter of debate. By using plunge freezing cryo-electron microscopy technique, we were able to show that pathogenic mycobacteria produce a thick capsule, only present when the cells were grown under unperturbed conditions and easily removed by mild detergents. This detergent-labile capsule layer contains arabinomannan, α-glucan and oligomannosyl-capped glycolipids. Further immunogenic and proteomic analyses revealed that Mycobacterium marinum capsule contains high amounts of proteins that are secreted via the ESX-1 pathway. Finally, cell infection experiments demonstrated the importance of the capsule for binding to cells and dampening of pro-inflammatory cytokine response. Together, these results show a direct visualization of the mycobacterial capsular layer as a labile structure that contains ESX-1-secreted proteins