Protecting Private Data in the Cloud

Companies that process business critical and secret data are reluctant to use utility and cloud computing for the risk that their data gets stolen by rogue system administrators at the hosting company. We describe a system organization that prevents host administrators from directly accessing or installing eaves-dropping software on the machine that holds the client's valuable data. Clients are monitored via machine code probes that are inlined into the clients' programs at runtime. The system enables the cloud provider to install and remove software probes into the machine code without stopping the client's program, and it prevents the provider from installing probes not granted by the client

Libra, a Multi-hop Radio Network Bandwidth Market

Libra is a two-level market which assigns fractional shares of time to the transmitting nodes in local regions of a multi-hop network. In Libra, users are assigned budgets by management and users assign funding to services within their budget limits. The purpose is to prioritize users and also optimize network utilization by preventing source nodes from injecting too much traffic into the network and thereby causing downstream packet loss. All transmitting nodes sell capacity in the region surrounding them, and buy capacity from their neighbors in order to be able to transmit. Streams buy capacity from each of the nodes on their paths, thus streams that cross the same region compete directly for the bandwidth in that region. Prices are adjusted incrementally on both levels

Hypervisor Integrity Measurement Assistant

An attacker who has gained access to a computer may want to upload or modify configuration files, etc., and run arbitrary programs of his choice. We can severely restrict the power of the attacker by having a white-list of approved file checksums and preventing the kernel from loading loading any file with a bad checksum. The check may be placed in the kernel, but that requires a kernel that is prepared for it. The check may also be placed in a hypervisor which intercepts and prevents the kernel from loading a bad file. We describe the implementation of and give performance results for two systems. In one the checksumming, or integrity measurement, and decision is performed by the hypervisor instead of the OS. In the other only the final integrity decision is done in the hypervisor. By moving the integrity check out from the VM kernel it becomes harder for the intruder to bypass the check. We conclude that it is technically possible to put file integrity control into the hypervisor, both for kernels without and with pre-compiled support for integrity measurement

Pricing Virtual Paths with Quality-of-Service Guarantees as Bundle Derivatives

We describe a model of a communication network that allows us to price complex network services as financial derivative contracts based on the spot price of the capacity in individual routers. We prove a theorem of a Girsanov transform that is useful for pricing linear derivatives on underlying assets, which can be used to price many complex network services, and it is used to price an option that gives access to one of several virtual channels between two network nodes, during a specified future time interval. We give the continuous time hedging strategy, for which the option price is independent of the service providers attitude towards risk. The option price contains the density function of a sum of lognormal variables, which has to be evaluated numerically.Comment: 22 pages (15 in main tex and 7 appendix), 5 postscript figure

Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud

In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the provider promised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis

A Price Dynamics in Bandwidth Markets for Point-to-point Connections

We simulate a network of N routers and M network users making concurrent point-to-point connections by buying and selling router capacity from each other. The resources need to be acquired in complete sets, but there is only one spot market for each router. In order to describe the internal dynamics of the market, we model the observed prices by N-dimensional Ito-processes. Modeling using stochastic processes is novel in this context of describing interactions between end-users in a system with shared resources, and allows a standard set of mathematical tools to be applied. The derived models can also be used to price contingent claims on network capacity and thus to price complex network services such as quality of service levels, multicast, etc.Comment: 18 pages, 10 postscript figure

Osteotomies in Orthognathic Surgery

Orthognathic surgery is mostly performed to correct developmental or acquired oral and maxillofacial skeletal deformities (OMSDs). During the past three decades, significant advances in surgical osteotomy techniques and instrumentation have been developed and carried out in orthognathic surgery. However, the basic surgical principles have more or less remained unchanged. At the same time, numerous surgical techniques have been developed and refined and used by surgeons in the field of oral and maxillofacial surgery. These techniques have treatment of the most complex dentofacial deformities with confidence. Additionally, it has been possible to predict the results of the treatment. Although the initial surgical techniques for correction of anterior mandibular open bite were reported as early as the late 1800s, widespread use of currently acceptable techniques began in the middle of the last century. Detailed surgical planning is essential for a successful outcome. The treatment involves an accurate treatment plan, correct type of instruments for a specific procedure, a thorough surgical routine, and adherence to the guidelines for each routine. Although similar orthognathic surgical techniques are used, there are multiple important differences related to each osteotomy. It is essential for the surgeon to understand these differences in order to provide an effective and safe surgical care for the patient with facial anomalies. Choosing an optimal method of osteotomy depends on many factors, including the indication for treatment, the goal of therapy, patient profile, underlying medical conditions, and the magnitude of surgical movement. The major objective of this chapter is to provide practical guidelines and principles of osteotomies and commonly used techniques. These guidelines are based on a review of the current literature and the author\u27s personal experience. The chapter focuses on the history of orthognathic surgery, anatomical considerations, indications for different osteotomies, and the surgical technique for each osteotomy. Techniques such as the Le Fort I, II, III osteotomies, segmental osteotomies of the maxilla, bilateral sagittal split osteotomy (BSSO), bilateral vertical osteotomy (BVO) genioplasty, segmental osteotomy of the mandible, and the chin wing osteotomy are described

METHODS FOR PROFILING MOLECULES WITH AN OBJECTIVE FUNCTION

Methods relating to profiling and/or identifying molecules in a sample, particularly chemical or biological molecules contained in an experimental sample using measured data about molecules actually present and known information about candidate molecules that may be present. Information tags can be assigned to candidates. This may be achieved with a high degree of accuracy and a low false positive rate by minimising the effect of one or more possible sources of error. An objective goal (assignment) may be optimised by linear programming or by mixed integer programmin