Security policy refinement using data integration: a position paper.

In spite of the wide adoption of policy-based approaches for security management, and many existing treatments of policy verification and analysis, relatively little attention has been paid to policy refinement: the problem of deriving lower-level, runnable policies from higher-level policies, policy goals, and specifications. In this paper we present our initial ideas on this task, using and adapting concepts from data integration. We take a view of policies as governing the performance of an action on a target by a subject, possibly with certain conditions. Transformation rules are applied to these components of a policy in a structured way, in order to translate the policy into more refined terms; the transformation rules we use are similar to those of global-as-view database schema mappings, or to extensions thereof. We illustrate our ideas with an example. Copyright 2009 ACM

Data Supply Chain (DSC): development and validation of a measurement instrument

The volume and availability of data produced and affordably stored has become an important new resource for building organizational competitive advantage. Reflecting this, and expanding the concept of the supply chain, we propose the Data Supply Chain (DSC) as a novel concept to aid investigations into how the interconnected data characteristics relate to and impact organizational performance. Initially, we define the concept and develop a research agenda on DSC coupling theoretical background of strategy and operations literature. Along with the conceptualization, we develop a set of propositions and make suggestions for future research including testing and validating the model fit

A hybrid threat model for smart systems

Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system’s components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system’s components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sector

erbB-2 antisense oligonucleotides inhibit the proliferation of breast carcinoma cells with erbB-2 oncogene amplification.

Amplification and overexpression of the erbB-2 oncogene is an unfavourable prognostic marker in human breast cancer and occurs in approximately 25% of breast carcinomas. We used erbB-2 antisense oligonucleotides to inhibit the proliferation of human breast cancer cell lines. erbB-2 antisense oligonucleotides (20 microM) inhibited the growth and DNA synthesis of breast cancer cell lines with an amplified erbB-2 gene by up to 60%. Control complementary sense oligonucleotides did not inhibit cellular proliferation at the same concentration but showed inhibitory effects at higher concentrations. There was no specific effect of erbB-2 antisense oligonucleotides on breast cancer cell lines that had no amplification of erbB-2. erbB-2 antisense oligonucleotides reduced erbB-2 protein levels, measured by immunohistochemistry, in a dose-dependent manner. erbB-2 sense oligonucleotides did not decrease the levels of erbB-2 protein. These data indicate that erbB-2 antisense oligonucleotides induce a specific inhibition of erbB-2 protein expression and that erbB-2 gene overexpression is important for the proliferation of the breast cancer cells that have been selected for erbB-2 amplification

Observations and modeling of H_2 fluorescence with partial frequency redistribution in giant planet atmospheres

Partial frequency redistribution (PRD), describing the formation of the line profile, has negligible observational effects for optical depths smaller than ~10^3, at the resolving power of most current instruments. However, when the spectral resolution is sufficiently high, PRD modeling becomes essential in interpreting the line shapes and determining the total line fluxes. We demonstrate the effects of PRD on the H_2 line profiles observed at high spectral resolution by the Far-Ultraviolet Spectroscopic Explorer (FUSE) in the atmospheres of Jupiter and Saturn. In these spectra, the asymmetric shapes of the lines in the Lyman (v"- 6) progression pumped by the solar Ly-beta are explained by coherent scattering of the photons in the line wings. We introduce a simple computational approximation to mitigate the numerical difficulties of radiative transfer with PRD, and show that it reproduces the exact radiative transfer solution to better than 10%. The lines predicted by our radiative transfer model with PRD, including the H_2 density and temperature distribution as a function of height in the atmosphere, are in agreement with the line profiles observed by FUSE. We discuss the observational consequences of PRD, and show that this computational method also allows us to include PRD in modeling the continuum pumped H_2 fluorescence, treating about 4000 lines simultaneously.Comment: 17 pages, accepted for publication in Ap

A formal framework for policy analysis

We present a formal, logical framework for the representation and analysis of an expressive class of authorization and obligation policies. Basic concepts of the language and operational model are given, and details of the representation are defined, with an attention to how different classes of policies can be written in our framework. We show how complex dependencies amonst policy rules can be represented, and illustrate how the formalization of policies is joined to a dynamic depiction of system behaviour. Algorithmically, we use a species of abductive, constraint logic programming to analyse for the holding of a number of interesting properties of policies (coverage, modality conflict, equivalence of policies, etc.). We describe one implementation of our ideas, and conclude with remarks on related work and future research