Enforcing Security and Assurance Properties in Cloud Environment

International audienceBefore deploying their infrastructure (resources, data, communications, ...) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced

Enforcing Security and Assurance Properties in Cloud Environment

International audienceBefore deploying their infrastructure (resources, data, communications, ...) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced

Energy and macronutrient intake and risk of differentiated thyroid carcinoma in the European Prospective Investigation into Cancer and Nutrition study

Incidence rates of differentiated thyroid carcinoma (TC) have increased in many countries. Adiposity and dietary risk factors may play a role, but little is known on the influence of energy intake and macronutrient composition. The aim of this study was to investigate the associations between TC and the intake of energy, macronutrients, glycemic index (GI) and glycemic load in the European Prospective Investigation into Cancer and Nutrition (EPIC) cohort. The study included 477,274 middle-age participants (70.2% women) from ten European countries. Dietary data were collected using country-specific validated dietary questionnaires. Total carbohydrates, proteins, fats, saturated, monounsaturated and polyunsaturated fats (PUFA), starch, sugar, and fiber were computed as g/1,000 kcal. Multivariable Cox regression was used to calculate multivariable adjusted hazard ratios (HR) and 95% confidence interval (CI) by intake quartile (Q). After a mean follow-up time of 11 years, differentiated TC was diagnosed in 556 participants (90% women). Overall, we found significant associations only with total energy (HRQ4vs.Q1, 1.29; 95% CI, 1.00-1.68) and PUFA intakes (HRQ4vs.Q1, 0.74; 95% CI, 0.57-0.95). However, the associations with starch and sugar intake and GI were significantly heterogeneous across body mass index (BMI) groups, i.e., positive associations with starch and GI were found in participants with a BMI25 and with sugar intake in those with BMI<25. Moreover, inverse associations with starch and GI were observed in subjects with BMI<25. In conclusion, our results suggest that high total energy and low PUFA intakes may increase the risk of differentiated TC. Positive associations with starch intake and GI in participants with BMI25 suggest that those persons may have a greater insulin response to high starch intake and GI than lean people. What’s New? The role of lifestyle factors in the growing numbers of thyroid cancer remains unclear. Here, the authors uncover associations with high total energy intake and low consumption of polyunsaturated fatty acids in a large European cohort (EPIC). They further find positive associations with starch intake and glycemic index only in people with a body mass index equal or larger than 25, possibly implicating an altered insulin response in the etiology of this cancer