ENDPOINT DEFENSE AS CODE (EDAC): CONFIGURABLE CONTEXTUAL ANALYSIS OF PROCESS BEHAVIORS FROM KERNEL/USER EVENT TRACING

The current industry standard to detect cyber threat activity on endpoints (workstations, servers, etc.) centers around the use of endpoint defense software. The software products marketed are Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR), and eXtended Detection and Response (XDR) solutions. These solutions are typically deployed onto endpoints across enterprises and monitor various aspects of each operating system for malicious activity. Current generations of these three solutions have similar underlying software architectures, user workflows, and detection capabilities. These solutions also have a number of issues that inadvertently allow advanced cyber threat actors to succeed in their operations, such as, lack of resilience to intentional evasions against critical software components, lack of resilience against user configuration errors, low detection rates of atomic techniques, low configurability for process-level behaviors, and semantically inappropriate alert messages. As proven in prior research and research that the author is conducting concurrently alongside this research, these issues can be capitalized on by knowledgeable and observant attackers to enable their technique chains to succeed undetected. Through years of professional experience deploying, testing, and evaluating various commercial endpoint solutions in various system architectures (commercial enterprise systems, government systems, disconnected/air-gapped systems, etc.), the author has learned that many commercial endpoint defense technologies are designed to make decisions for the operators on what activity is benign and what activity is malicious, without giving operators the ability to change this decision making. Vendors of these solutions add to this by illustrating a measure of trust in the solution’s ecacy by releasing their detection statistics of known Indicators of Compromise (IOCs). These IOCs may or may not be used by attackers in the future as new attack techniques are developed. This creates a iv detection gap between known techniques that can be detected, and actual techniques that are being executed. In addition to this, the author has observed in organizations across many industries a level of indiscriminate trust in commercial endpoint solutions. Many organizations fully trust endpoint solutions to be the sole defense mechanism on an endpoint without fully testing the solution for resiliency or detection gaps. All of these facts and circumstances create gaps, inconsistencies, and avenues for highly observant cyber attackers to maneuver in and out of systems undetected. This document illustrates all of the research that has been completed as part of this dissertation to solve the identified issues with current-generation endpoint defense solutions. The overarching approach to solving the identified problems was to use the Design Science Research (DSR) methodology to develop a software artifact that is su- ciently di↵erent and more impactful than existing solutions, and test the designed artifact against real-world attack technique stimulus to prove its validity and usefulness within real-world system architectures. The developed artifact gives operators the flexibility to define attack technique behaviors of interest through a custom developed configuration syntax and utilizes Event Tracing for Windows (ETW) telemetry emanating from the Windows operating system in a unique way to detect the defined attack behaviors. Validation experiments on the developed artifact proved that the artifact, along with the user-defined configuration file, successfully detected 36/48 of the chosen atomic attack technique stimuli. The results represent a significantly broad coverage of detection that current-generation endpoint solutions fail to accomplish, thereby illustrating the need to incorporate the developed artifact into real-world environments to combat cyber-attack activity

A Single P-loop Glutamate Point Mutation to either Lysine or Arginine Switches the Cation–Anion Selectivity of the CNGA2 Channel

Cyclic nucleotide-gated (CNG) channels play a critical role in olfactory and visual transduction. Site-directed mutagenesis and inside-out patch-clamp recordings were used to investigate ion permeation and selectivity in two mutant homomeric rat olfactory CNGA2 channels expressed in HEK293 cells. A single point mutation of the negatively charged pore loop (P-loop) glutamate (E342) to either a positively charged lysine or arginine resulted in functional channels, which consistently responded to cGMP, although the currents were generally extremely small. The concentration–response curve of the lysine mutant channel was very similar to that of wild-type (WT) channels, suggesting no major structural alteration to the mutant channels. Reversal potential measurements, during cytoplasmic NaCl dilutions, showed that the lysine and the arginine mutations switched the selectivity of the channel from cations (PCl/PNa = 0.07 [WT]) to anions (PCl/PNa = 14 [Lys] or 10 [Arg]). Relative anion permeability sequences for the two mutant channels, measured with bi-ionic substitutions, were NO3− > I− > Br− > Cl− > F− > acetate−, the same as those obtained for anion-selective GABA and glycine channels. The mutant channels also seem to have an extremely small single-channel conductance, measured using noise analysis of about 1–2 pS, compared to a WT value of about 29 pS. The results showed that it is predominantly the charge of the E342 residue in the P-loop, rather than the pore helix dipoles, which controls the cation–anion selectivity of this channel. However, the outward rectification displayed by both mutant channels in symmetrical NaCl solutions suggests that the negative ends of the pore helix dipoles may play a role in reducing the outward movement of Cl− ions through these anion-selective channels. These results have potential implications for the determinants of anion–cation selectivity in the large family of P-loop–containing channels

Minimally Invasive Mitral Valve Surgery III: Training and Robotic-Assisted Approaches.

Minimally invasive mitral valve operations are increasingly common in the United States, but robotic-assisted approaches have not been widely adopted for a variety of reasons. This expert opinion reviews the state of the art and defines best practices, training, and techniques for developing a successful robotics program

Minimally Invasive Mitral Valve Surgery I: Patient Selection, Evaluation, and Planning.

Widespread adoption of minimally invasive mitral valve repair and replacement may be fostered by practice consensus and standardization. This expert opinion, first of a 3-part series, outlines current best practices in patient evaluation and selection for minimally invasive mitral valve procedures, and discusses preoperative planning for cannulation and myocardial protection

Minimally Invasive Mitral Valve Surgery II: Surgical Technique and Postoperative Management.

Techniques for minimally invasive mitral valve repair and replacement continue to evolve. This expert opinion, the second of a 3-part series, outlines current best practices for nonrobotic, minimally invasive mitral valve procedures, and for postoperative care after minimally invasive mitral valve surgery

The dependence of galaxy group star formation rates and metallicities on large scale environment

We construct a sample of 75,863 star forming galaxies with robust metallicity and star formation rate measurements from the Sloan Digital Sky Survey Data Release 7 (SDSS DR7), from which we select a clean sample of compact group (CG) galaxies. The CGs are defined to be close configurations of at least 4 galaxies that are otherwise apparently isolated. Our selection results in a sample of 112 spectroscopically identified compact group galaxies, which can be further divided into groups that are either embedded within a larger structure, such as a cluster or large group, or truly isolated systems. The compact groups then serve as a probe into the influence of large scale environment on a galaxy's evolution, while keeping the local density fixed at high values. We find that the star formation rates (SFRs) of star forming galaxies in compact groups are significantly different between isolated and embedded systems. Galaxies in isolated systems show significantly enhanced SFR, relative to a control sample matched in mass and redshift, a trend not seen in the embedded systems. Galaxies in isolated systems exhibit a median SFR enhancement at fixed stellar mass of +0.07 \pm 0.03 dex. These dependences on large scale environment are small in magnitude relative to the apparent influence of local scale effects found in previous studies, but the significance of the difference in SFRs between our two samples constrains the effect of large scale environment to be non-zero. We find no significant change in the gas-phase interstellar metallicity for either the isolated or embedded compact group sample relative to their controls. However, simulated samples that include artificial offsets indicate that we are only sensitive to metallicity changes of log O/H >0.13 dex (at 99% confidence), which is considerably larger than the typical metallicity differences seen in previous environmental studies.Comment: Accepted for publication in MNRAS. 16 pages, 9 figure

Revising acute care systems and processes to improve breastfeeding and maternal postnatal health: a pre and post intervention study in one English maternity unit

Background Most women in the UK give birth in a hospital labour ward, following which they are transferred to a postnatal ward and discharged home within 24 to 48 hours of the birth. Despite policy and guideline recommendations to support planned, effective postnatal care, national surveys of women’s views of maternity care have consistently found in-patient postnatal care, including support for breastfeeding, is poorly rated. Methods Using a Continuous Quality Improvement approach, routine antenatal, intrapartum and postnatal care systems and processes were revised to support implementation of evidence based postnatal practice. To identify if implementation of a multi-faceted QI intervention impacted on outcomes, data on breastfeeding initiation and duration, maternal health and women’s views of care, were collected in a pre and post intervention longitudinal survey. Primary outcomes included initiation, overall duration and duration of exclusive breastfeeding. Secondary outcomes included maternal morbidity, experiences and satisfaction with care. As most outcomes of interest were measured on a nominal scale, these were compared pre and post intervention using logistic regression. Results Data were obtained on 741/1160 (64%) women at 10 days post-birth and 616 (54%) at 3 months post-birth pre-intervention, and 725/1153 (63%) and 575 (50%) respectively postintervention. Post intervention there were statistically significant differences in the initiation (p = 0.050), duration of any breastfeeding (p = 0.020) and duration of exclusive breastfeeding to 10 days (p = 0.038) and duration of any breastfeeding to three months (p = 0.016). Post intervention, women were less likely to report physical morbidity within the first 10 days of birth, and were more positive about their in-patient care. Conclusions It is possible to improve outcomes of routine in-patient care within current resources through continuous quality improvement

Reduced blood flow through intrapulmonary arteriovenous anastomoses at rest and during exercise in lowlanders during acclimatization to high altitude

Blood flow through intrapulmonary arteriovenous anastomoses (QIPAVA ) is elevated during exercise at sea level (SL) and at rest in acute normobaric hypoxia. Following high altitude (HA) acclimatization, resting QIPAVA is similar to SL, but it is unknown if this is true during exercise at HA. We reasoned that exercise at HA (5,050 m) would exacerbate QIPAVA due to heightened pulmonary arterial pressure. Using a supine cycle ergometer, seven healthy adults free from intracardiac shunts underwent an incremental exercise test at SL (25, 50, 75% of SL VO2peak ) and at HA (25, 50% of SL VO2peak ). Echocardiography was used to determine cardiac output (Q) and pulmonary artery systolic pressure (PASP) and agitated saline contrast was used to determine QIPAVA (bubble score; 0-5). The principal findings were: (1) Q was similar at SL-rest (3.9 +/- 0.47 l min-1 ) compared with HA-rest (4.5 +/- 0.49 l min-1 ; P = 0.382), but increased from rest during both SL and HA exercise (P < 0.001); (2) PASP increased from SL-rest (19.2 +/- 0.7 mmHg) to HA-rest (33.7 +/- 2.8 mmHg; P = 0.001) and, compared with SL, PASP was further elevated during HA exercise (P = 0.003); (3) QIPAVA was increased from SL-rest (0) to HA-rest (median = 1; P = 0.04) and increased from resting values during SL exercise (P < 0.05), but were unchanged during HA exercise (P = 0.91), despite significant increases in Q and PASP. Theoretical modeling of microbubble dissolution suggests that the lack of QIPAVA in response to exercise at HA is unlikely caused by saline contrast instability

Photolithographic patterning of conducting polyaniline films via flash welding

In this work, two significant advances in photolithographic patterning of polyaniline (PANI) films are reported. Firstly, flash welding was enhanced through the use of polymeric substrates, enabling complete penetration of the welding of PANI films with thicknesses ranging from 5 to over 14 mu m, significantly thicker than reported previously. Masking of parts of the PANI films during flash welding enabled the formation of adjacent conducting and insulating regions as the welding changes the electrical properties of the film. Raman spectroscopy was used to determine the sharpness of these edges, and indicated that the interface between the flash welded and masked regions of the PANI films was typically less than 15 mu m wide. Secondly, using longpass filters, light with a wavelength less than 570 nm was found not to contribute to the welding process. This was confirmed by the use of a 635 nm laser diode for welding the PANI films. This novel approach enabled patterning of PANI films using a direct writing technique with a narrow wavelength light source