Towards operational measures of computer security

Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of ‘the ability of the system to resist attack’. That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit ‘more secure behaviour’ in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behaviour will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working towards measures of ‘operational security’ similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches (cf rate of occurrence of failures in reliability), or the probability that a specified ‘mission’ can be accomplished without a security breach (cf reliability function). This new approach is based on the analogy between system failure and security breach. A number of other analogies to support this view are introduced. We examine this duality critically, and have identified a number of important open questions that need to be answered before this quantitative approach can be taken further. The work described here is therefore somewhat tentative, and one of our major intentions is to invite discussion about the plausibility and feasibility of this new approach

History-sensitive versus future-sensitive approaches to security in distributed systems

We consider the use of aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. Recent work suggests to use aspects for analysing the future behaviour of programs and to make access control decisions based on this; this gives the flavour of dealing with information flow rather than mere access control. We show in this paper that it is beneficial to augment this approach with history-based components as is the traditional approach in reference monitor-based approaches to mandatory access control. Our developments are performed in an aspect-oriented coordination language aiming to describe the Bell-LaPadula policy as elegantly as possible. Furthermore, the resulting language has the capability of combining both history- and future-sensitive policies, providing even more flexibility and power.Comment: In Proceedings ICE 2010, arXiv:1010.530

Identifying Safety and Human Factors Issues in Rail using IRIS and CAIRIS

Abstract. Security, safety and human factors engineering techniques are largely disconnected although the concepts are interlinked. We present a tool-supported approach based on the Integrating Requirements and Information Security (IRIS) framework using Computer Aided Integration of Requirements and Information Security (CAIRIS) platform to identify the safety and human factors issues in rail. We illustrate this approach with a case study, which provides a vehicle for increasing the existing collaboration between engineers in security, safety and human factors

miR-19a-3p containing exosomes improve function of ischemic myocardium upon shock wave therapy

AIMS: As many current approaches for heart regeneration exert unfavorable side-effects, the induction of endogenous repair mechanisms in ischemic heart disease is of particular interest. Recently, exosomes carrying angiogenic miRNAs have been described to improve heart function. However, it remains challenging to stimulate specific release of reparative exosomes in ischemic myocardium. In the present study, we sought to test the hypothesis that the physical stimulus of shock wave therapy (SWT) causes the release of exosomes. We aimed to substantiate the pro-angiogenic impact of the released factors, to identify the nature of their cargo, and to test their efficacy in vivo supporting regeneration and recovery after myocardial ischemia. METHODS AND RESULTS: Mechanical stimulation of ischemic muscle via SWT caused extracellular vesicle (EV) release from endothelial cells both in vitro and in vivo. Characterization of EVs via electron microscopy, nanoparticle tracking analysis and flow cytometry revealed specific exosome morphology and size with presence of exosome markers CD 9, CD81 and CD63. Exosomes exhibited angiogenic properties activating protein kinase b (Akt) and extracellular-signal regulated kinase (ERK) resulting in enhanced endothelial tube formation and proliferation. A miRNA array and transcriptome analysis via next-generation sequencing were performed to specify exosome content. miR-19a-3p was identified as responsible cargo, antimir-19a-3p antagonized angiogenic exosome effects. Exosomes and target miRNA were injected intramyocardially in mice after left anterior descending artery (LAD) ligation. Exosomes resulted in improved vascularization, decreased myocardial fibrosis and increased left ventricular ejection fraction as shown by transthoracic echocardiography. CONCLUSIONS: The mechanical stimulus of SWT causes release of angiogenic exosomes. miR-19a-3p is the vesicular cargo responsible for the observed effects. Released exosomes induce angiogenesis, decrease myocardial fibrosis and improve left ventricular function after myocardial ischemia. Exosome release via SWT could develop an innovative approach for the regeneration of ischemic myocardium

Sphingosine-1-phosphate receptor-1 (S1P1) is expressed by lymphocytes, dendritic cells, and endothelium and modulated during inflammatory bowel disease

The sphingosine-1-phosphate receptor-1 (S1P1) agonist ozanimod ameliorates ulcerative colitis, yet its mechanism of action is unknown. Here, we examine the cell subsets that express S1P1 in intestine using S1P1-eGFP mice, the regulation of S1P1 expression in lymphocytes after administration of dextran sulfate sodium (DSS), after colitis induced by transfer of CD4+CD45RBhi cells, and by crossing a mouse with TNF-driven ileitis with S1P1-eGFP mice. We then assayed the expression of enzymes that regulate intestinal S1P levels, and the effect of FTY720 on lymphocyte behavior and S1P1 expression. We found that not only T and B cells express S1P1, but also dendritic (DC) and endothelial cells. Furthermore, chronic but not acute inflammatory signals increased S1P1 expression, while the enzymes that control tissue S1P levels in mice and humans with inflammatory bowel disease (IBD) were uniformly dysregulated, favoring synthesis over degradation. Finally, we observed that FTY720 reduced T-cell velocity and induced S1P1 degradation and retention of Naïve but not effector T cells. Our data demonstrate that chronic inflammation modulates S1P1 expression and tissue S1P levels and suggests that the anti-inflammatory properties of S1PR agonists might not be solely due to their lymphopenic effects, but also due to potential effects on DC migration and vascular barrier function

Perspectives on privacy in the use of online systems

Human-Computer Interaction looks to better understand the relationship between people and computers. Our work considers this relationship in the context of privacy and the privacy expectations users have when using online systems. While many surveys suggest the public care about this subject, users often act in a manner perceived contrary to their claims; a notion termed the ‘Privacy Paradox’. However, research suggests privacy is inherently subjective and contextual, leading us to question: do users actually define ‘private online behaviour’ in the same manner as those who study the topic? Although our exploratory survey found a general intersection between participants’ perceptions and those in existing literature, opinions differed in several key areas. For example, we found users often conceptualise protection in less-technical terms and are prone to conflating privacy and security. We believe that when we expand our analyses to the general public, we will see an even greater disparity between privacy perceptions. Through this research we look to inform the development of systems and privacy-protective tools that users can actually appreciate