Verifiably-safe software-defined networks for CPS

Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., not requiring manual intervention at any stage), but still maintain iron-clad safety guarantees. Software-defined networking standards like OpenFlow provide a means for scalably building tailor-made network architectures, but there is no guarantee that these systems are safe, correct, or secure. In this work we propose a methodology and accompanying tools for specifying and modeling distributed systems such that existing formal verification techniques can be transparently used to analyze critical requirements and properties prior to system implementation. We demonstrate this methodology by iteratively modeling and verifying an OpenFlow learning switch network with respect to network correctness, network convergence, and mobility-related properties. We posit that a design strategy based on the complementary pairing of software-defined networking and formal verification would enable the CPS community to build next-generation systems without sacrificing the safety and reliability that these systems must deliver

Using alloy to formally model and reason about an OpenFlow network switch

Openflow provides a standard interface for separating a network into a data plane and a programmatic control plane. This enables easy network reconfiguration, but introduces the potential for programming bugs to cause network effects. To study OpenFlow switch behavior, we used Alloy to create a software abstraction describing the internal state of a network and its OpenFlow switches. This work is an attempt to model the static and dynamic behaviour a network built using OpenFlow switches

Verificare: a platform for composable verification with application to SDN-Enabled systems

Software-Defined Networking (SDN) has become increasing prevalent in both the academic and industrial communities. A new class of system built on SDNs, which we refer to as SDN-Enabled, provide programmatic interfaces between the SDN controller and the larger distributed system. Existing tools for SDN verification and analysis are insufficiently expressive to capture this composition of a network and a larger distributed system. Generic verification systems are an infeasible solution, due to their monolithic approach to modeling and rapid state-space explosion. In this thesis we present a new compositional approach to system modeling and verification that is particularly appropriate for SDN-Enabled systems. Compositional models may have sub-components (such as switches and end-hosts) modified, added, or removed with only minimal, isolated changes. Furthermore, invariants may be defined over the composed system that restrict its behavior, allowing assumptions to be added or removed and for components to be abstracted away into the service guarantee that they provide (such as guaranteed packet arrival). Finally, compositional modeling can minimize the size of the state space to be verified by taking advantage of known model structure. We also present the Verificare platform, a tool chain for building compositional models in our modeling language and automatically compiling them to multiple off-the-shelf verification tools. The compiler outputs a minimal, calculus-oblivious formalism, which is accessed by plugins via a translation API. This enables a wide variety of requirements to be verified. As new tools become available, the translator can easily be extended with plugins to support them

The emerging regulatory potential of SCFMet30 -mediated polyubiquitination and proteolysis of the Met4 transcriptional activator

The yeast SCFMet30 ubiquitin ligase plays a critical role in cell division by regulating the Met4 transcriptional activator of genes that control the uptake and assimilation of sulfur into methionine and S-adenosyl-methionine. The initial view on how SCFMet30 performs its function has been driven by the assumption that SCFMet30 acts exclusively as Met4 inhibitor when high levels of methionine drive an accumulation of cysteine. We revisit this model in light of the growing evidence that SCFMet30 can also activate Met4. The notion that Met4 can be inhibited or activated depending on the sulfur metabolite context is not new, but for the first time both aspects have been linked to SCFMet30, creating an interesting regulatory paradigm in which polyubiquitination and proteolysis of a single transcriptional activator can play different roles depending on context. We discuss the emerging molecular basis and the implications of this new regulatory phenomenon

Timed degradation of Mcl-1 controls mitotic cell death

Mitotic arrest can result in cell death through the process of apoptosis. We have shown by live-cell imaging that the ubiquitin-proteasome dependent proteolysis of the apoptotic regulator Mcl-1 under the control of the anaphase-promoting complex or cyclosome (APC/C) provides a timing mechanism that distinguishes prolonged mitotic arrest from normal mitosis

Mycobacterium tuberculosis type VII secretion system effectors differentially impact the ESCRT endomembrane damage response

Mycobacterium tuberculosis causes tuberculosis, which kills more people than any other infection. M. tuberculosis grows in macrophages, cells that specialize in engulfing and degrading microorganisms. Like many intracellular pathogens, in order to cause disease, M. tuberculosis damages the membrane-bound compartment (phagosome) in which it is enclosed after macrophage uptake. Recent work showed that when chemicals damage this type of intracellular compartment, cells rapidly detect and repair the damage, using machinery called the endosomal sorting complex required for transport (ESCRT). Therefore, we hypothesized that ESCRT might also respond to pathogen-induced damage. At the same time, our previous work showed that the EsxG-EsxH heterodimer of M. tuberculosis can inhibit ESCRT, raising the possibility that M. tuberculosis impairs this host response. Here, we show that ESCRT is recruited to damaged M. tuberculosis phagosomes and that EsxG-EsxH undermines ESCRT-mediated endomembrane repair. Thus, our studies demonstrate a battle between host and pathogen over endomembrane integrity.Intracellular pathogens have varied strategies to breach the endolysosomal barrier so that they can deliver effectors to the host cytosol, access nutrients, replicate in the cytoplasm, and avoid degradation in the lysosome. In the case of Mycobacterium tuberculosis, the bacterium perforates the phagosomal membrane shortly after being taken up by macrophages. Phagosomal damage depends upon the mycobacterial ESX-1 type VII secretion system (T7SS). Sterile insults, such as silica crystals or membranolytic peptides, can also disrupt phagosomal and endolysosomal membranes. Recent work revealed that the host endosomal sorting complex required for transport (ESCRT) machinery rapidly responds to sterile endolysosomal damage and promotes membrane repair. We hypothesized that ESCRTs might also respond to pathogen-induced phagosomal damage and that M. tuberculosis could impair this host response. Indeed, we found that ESCRT-III proteins were recruited to M. tuberculosis phagosomes in an ESX-1-dependent manner. We previously demonstrated that the mycobacterial effectors EsxG/TB9.8 and EsxH/TB10.4, both secreted by the ESX-3 T7SS, can inhibit ESCRT-dependent trafficking of receptors to the lysosome. Here, we additionally show that ESCRT-III recruitment to sites of endolysosomal damage is antagonized by EsxG and EsxH, both within the context of M. tuberculosis infection and sterile injury. Moreover, EsxG and EsxH themselves respond within minutes to membrane damage in a manner that is independent of calcium and ESCRT-III recruitment. Thus, our study reveals that T7SS effectors and ESCRT participate in a series of measures and countermeasures for control of phagosome integrity

USP9X limits mitotic checkpoint complex turnover to strengthen the spindle assembly checkpoint and guard against chromosomal instability

Faithful chromosome segregation during mitosis depends on the spindle assembly checkpoint (SAC), which delays progression through mitosis until every chromosome has stably attached to spindle microtubules via the kinetochore. We show here that the deubiquitinase USP9X strengthens the SAC by antagonizing the turnover of the mitotic checkpoint complex produced at unattached kinetochores. USP9X thereby opposes activation of anaphase-promoting complex/cyclosome (APC/C) and specifically inhibits the mitotic degradation of SAC-controlled APC/C substrates. We demonstrate that depletion or loss of USP9X reduces the effectiveness of the SAC, elevates chromosome segregation defects, and enhances chromosomal instability (CIN). These findings provide a rationale to explain why loss of USP9X could be either pro- or anti-tumorigenic depending on the existing level of CIN. Skowyra et al. show the deubiquitinase USP9X limits activation of the ubiquitin ligase APC/C during mitosis. Loss of USP9X causes chromosomal instability (CIN), which can promote cancer. This work also provides a rationale for targeting USP9X when it is expressed in cancer cells with high levels of CIN