Automatic Verification of Distributed and Layered Security Policy Implementations

Coordinated Science Laboratory was formerly known as Control Systems LaboratoryNational Science Foundation / CNS-0524695U.S. Department of Homeland Security / 2006-CS-001-00000

Adoption Trend of Climate-Resilient Rice Varieties in Bangladesh

Rice is a major crop in Bangladesh that supports both food security and livelihoods. However, a need remains for improved productivity and adaptation to the risks associated with climate change. To accomplish this, the increased adoption of climate-resilient and high-yielding rice varieties can be beneficial. Therefore, we conducted a study in Bangladesh over three consecutive years: 2016, 2017, and 2018. The scope of the study included the major cropping season (wet), Aman. The yield advantages of climate-resilient rice varieties were evaluated and compared with those of the varieties popular with farmers. We included new stress-tolerant varieties, such as submergencetolerant rice (BRRI dhan51 and BRRI dhan52) and drought-tolerant rice (BRRI dhan56 and BRRI dhan71), along with farmer-chosen controls, in the study. We conducted the evaluation through on-farm trials to compare the varieties in both submergence- and drought-affected environments. The seasonal trials provided measured results of yield advantages. The participating farmers were also studied over the three-year-period to capture their varietal adoption rates. We calculated both the location estimated yield advantages (LEYA) and the location observed yield advantages (LOYA). The results revealed that, under non-stress conditions, the grain yields of climate-resilient varieties were either statistically similar to or higher than those of the farmer-chosen controls. Our study also revealed a year-to-year progressive adoption rate for the introduced varieties. The study suggests that the widescale introduction and popularization of climate-resilient varieties can ensure higher productivity and climate risk adaptation. The close similarity between LOYA and LEYA indicated that the observational and experiential conclusions of the host farmers were similar to the scientific performance of the varieties. We also found that comparison performed through on-farm trials was a critical method for enhancing experiential learning and obtaining an accurate estimation of yield advantages

Automatic verification of security policy implementations

Networked systems are ubiquitous in our modern society. They are found in settings that vary from mundane enterprise IT systems to critical infrastructure systems. The security of networked systems is important given their widespread use. In particular, the emerging scenarios and the likely trends for the future of critical networked systems make the security of those systems a paramount concern, especially in the area of controlling access to the critical elements of the system over communication networks; successful cyber-attacks on such systems, in a worst-case scenario, could result in loss of life, or in massive financial losses through loss of data, actual physical destruction, misuse, or theft. Access control is a cornerstone of network security. In a modern networked system, access control is implemented through a variety of devices and mechanisms that include, but are not limited to, router-based dedicated firewalls; host-based firewalls, which could be based in software or hardware; operating-system-based mechanisms, such as the mandatory access control in the National Security Agency's (NSA's) SELinux; and middleware-based mechanisms, such as the Java Security Manager. Such devices and mechanisms collectively implement a networked system's global policy (which is usually implicit), which specifies the overall system-level objectives with respect to resource access. However, it has been shown in empirical studies that misconfiguration of access control enforcement points is common. The problem of identifying those misconfigurations is compounded when several such mechanisms are present, as the complex interactions among those distributed and layered mechanisms can mask problems and lead to subtle errors. In this dissertation, we propose a framework for performing comprehensive security analysis of an automatically obtained snapshot of an access control policy implementation (e.g., firewall rule-sets) to check for compliance against a (potentially partial) specification of the global access policy. We identify and classify possible errors that can be found in global policy implementations, including both policy violations and internal inconsistencies. We provide detailed formalisms that can be used to efficiently model the topology of the networked system being analyzed and the rule-sets from multiple types and makes of firewalls that may be present on the network. The formalisms are XML-based, with sound mathematical underpinnings. We present an XML-based global policy specification language, with algorithms that ensure internal consistency of specifications written in that language and resolve any conflicts. We show that our specification language is at least as expressive as linear temporal logic. We describe an efficient algorithm for exhaustive analysis to identify all the inconsistencies and policy violations. The analysis algorithm utilizes specialized data structures, that we call multilayered rule-graphs, to dramatically improve performance. We provide additional mechanisms for identifying the root causes of any problems discovered. We further enhance the scalability of our analysis by presenting an algorithm for statistical analysis of the networked system; the algorithm uses importance sampling, and produces a sample set of violations and a quantitative estimate of the remainder. To facilitate the analysis, our framework includes techniques that automatically infer the network topology for the system being analyzed based simply on the firewall rule-sets implemented. The framework has been implemented with a sophisticated graphical front-end as the Network Access Policy Tool (NetAPT). We demonstrate the efficiency, scalability, and extensibility of our techniques through analytic evaluation and empirical evidence based on real-world testing. We also present an algorithm for automatically generating a benchmark suite for testing NetAPT; the algorithm learns the defining characteristics of our real-world data sets and generates random networks and firewall rule-sets that are representative of the real-world ones

Optimization of Routing Protocol in MANET using GA

Abstract: Ad hoc mobile devices heavily depend on the performance of batteries. Optimizing the power consumption is a very crucial issue. To maximize the lifetime of mobile ad hoc network, the power consumption rate of each node must be reduced. In this paper we present a novel energy efficient routing algorithm based on mobile agents to deal with the routing mechanism in the energy-critical environments. A few mobile agents move in the network and communicate with each node. They collect the network information to build the global information matrix of nodes. The routing algorithm chooses a shortest path of all nodes in all possible routes. Additionally, we compare the performance of power-relation routing protocol DSR (Dynamic Source Routing) in simulation environment. The results show that the survivability of Ad Hoc network has been better because of less energy consumption when using our improved DSR as compare to standard DSR protocol

Anemia in Intensive Care: A review of Current Concepts

Anemia in patients admitted to an intensive care unit is common and affects almost all critically ill patients. The intensivist is faced with the challenge of treating multifactorial etiologies, mainly bleeding and blood loss due to phlebotomy and decreased erythropoiesis. Red cell transfusion, the most common treatment for anemia, comes with associated risks, which may further reduce the chance of survival of these patients. The best evidence suggests the practice of restrictive RBC transfusion (transfusion at Hb<7 g/dl)