Emergency response for cyber infrastructure management

The objective of this research is to investigate architectural mechanisms to provide an emergency response capability for Cyber Infrastructure management through the use of distributed, highly secure, protected domains. Instead of creating a costly physically separate cyber domain, logical separation is used. This work developed an architecture and prototype demonstration in the context of an open source operating system.Approved for public release; distribution is unlimited

An introduction to Quality of Security Services

We examine the concept of security as a dimension of Quality of Service in distributed systems. We provide a discussion and examples of user- specified security variables and show how the range of service levels associated with these variables can support the provision of Quality of Security Service. We also discuss various design implications regarding security ranges provided in a QoS-aware distributed system. Our goal has been to provide an understanding of QoSS and variant security, and to determine whether these concepts can be useful in improving security service and system performance in QoS-aware distributed systems. We described the general requirements for system attributes to participate in the provision of Quality of Service, and described how certain security attributes might meet these requirements. We then described various forms of user and application security "ranges "and showed how these ranges can make sense in relation to existing security policies, when those ranges are presented as user choices. Finally we described security ranges as forming a coherent system of relationships in a distributed multi-tiered system. Our conclusion is that it may be possible for security to be a semantically meaningful dimension of Quality of Service without compromising existing security policies. Further study is needed to understand the effectiveness of QoSS in improving system performance in QoS-aware systems.Approved for public release; distribution is unlimited

“Rhodes Must Fall”: South Africa’s Ongoing University Student Protests Against Contemporary Globalization’s Neoliberal Violence

Despite apartheid’s 1994 de jure abolition, contemporary university students in South Africa transgressively protest for ongoing, radical, de facto “decolonization” that they allege, and I agree, has not occurred. My thesis historicizes and analyzes the Rhodes Must Fall (RMF) and Open Stellenbosch (OS) protests at University of Cape Town (UCT) and Stellenbosch University (SU), respectively. I analyze how university students’ protests drive counter-hegemonic social movements locally, regionally, and potentially globally. I highlight marginalized students’ imagination and articulation of alternatives to global neoliberalism, which is transgressive and perceived as radical. I contextualize this case study of contemporary counter-hegemony in South Africa through a theoretical-conceptual approach, and a deep, colonial, historical approach. I present three critical premises: (1) neoliberalism is de-democratization and covert authoritarianism; (2) universities are potential sites of critical democratization; and (3) marginalized university students drive a radical, transgressive imagination of alternative worlds. I provide critical historical background to situate South Africa within Contemporary Globalization before chronicling the emergent themes of ongoing protests. Following my South Africa case study, I briefly compare RMF and OS to other university student protests around the globe, including California and Germany. I suggest that under Contemporary Globalization, apparently dissimilar social movements share much in common, including universities’ simultaneous assimilation into, and potential for resistance against, the new, covert authoritarianism and de-democratization of global neoliberalism

MYSEA Testbed

The technical vision of the emerging net-centric Global Information Grid (GIG) encompasses support for high assurance authentication and multilevel security (MLS) as well as flexible, dynamic security policies. The GIG is intended to address the inefficient exchange of information in current military and intelligence operations that utilize a variety of specialized (so-called "stove-piped") systems. In this context, secure information access problems are exacerbated by the need to share information from networks at different classifications (e.g., Unclassified, Secret, and Top Secret) and within multinational coalitions in episodic, ad hoc situations. These challenges provide the impetus for the creation of the Monterey Security Architecture (MYSEA) Testbed. The purpose of this Testbed is to support research in high assurance multilevel security (MLS) [1, 2] and dynamic security, two areas that are critical to the realization of the GIG's assured information sharing vision.Approved for public release; distribution is unlimited

Trusted emergency management

The ability for emergency first responders to access sensitive information for which they have not been pre-vetted can save lives and property. We describe a trusted emergency management solution for ensuring that sensitive information is protected from unauthorized access, while allowing for extraordinary access to be authorized under the duress of an emergency. Our solution comprises an emergency access control policy, an operational model and a scalable system security architecture. The operational model involves endusers who are on call as first responders, providers of critical information, and a coordinating authority. Extraordinary access to information is allowed to occur only during emergencies, and only in a confined emergency partition, which is unavailable before the emergency and can be completely purged after the emergency. As all information remains within its assigned partition, after the emergency the system can meaningfully enforce its pre-emergency access control policy. A major component of the architecture is the end-user device, and we describe mechanisms on the device for secure storage of data, and for management of emergency state, to indicate feasibility.Grant numbers: CNS-0430566 and CNS-0430598.Approved for public release; distribution is unlimited

Evaluating Aspen Responses to Changes in Elk Abundance, Distribution and Behavior Following Wolf Reestablishment in West-Central Yellowstone National Park

The reintroduction of wolves to Yellowstone National Park created a unique “natural experiment” to study trophic interactions in a large-scale terrestrial system among wolves, elk, and aspen. This study utilized data from a long-term elk demography study that was established prior to wolf reintroduction. Significant changes in the abundance and distribution of the Madison headwaters elk herd were observed following wolf reestablishment. The spatial arrangement of these changes made it possible to directly test for the occurrence of a density-mediated trophic cascade. The objectives of this study were to answer the following questions: 1) was there a marked decrease in browsing pressure on aspen where elk densities declined, and 2) was there a corresponding plant-growth response indicating that aspen were released from browsing pressure? Historical browsing conditions and aspen height were observed for 31 aspen stands to assess the occurrence of a density-mediated trophic cascade following wolf reintroduction. Browse conditions and aspen morphology in stands where elk densities declined dramatically following wolf reintroduction were compared to stands that experienced persistent heavy browsing throughout this period. A major decline in browsing pressure along with a modest increase in aspen height and leader longevity was detected, supporting the hypothesis of a density-mediated trophic cascade. However, the magnitude of the growth response was weak, suggesting that browsing was not the dominant limiting factor to aspen growth in the study area and that aspen may be more strongly limited by bottom-up regulation

Use of Trusted Software Modules for Emergency-Integrity Display

This report provides summary of the interface, mechanisms and semantics for high integrity display of information in a secure computer system, based on the use of a high assurance separation kernel and trusted software modules in both the application domain and the trusted software domain.Grant number: CNS-0430566 and CNS-0430598.Approved for public release; distribution is unlimited

A Program for Education in Certification and Accreditation

Large complex systems need to be analyzed prior to operation so that those depending upon them for the protection of their information have a well defined understanding of the measures that have been taken to achieve security and the residual risk the system owner assumes during its operation. The U.S. military calls this analysis and vetting process certification and accreditation. Today there is a large, unsatisfied need for personnel qualified to conduct system certifications. An educational program to address those needs is described. Large complex systems need to be analyzed prior to operation so that those depending upon them for the protection of their information have a well defined understanding of the measures that have been taken to achieve security and the residual risk the system owner assumes during its operation. The U.S. military calls this analysis and vetting process certification and accreditation. Today there is a large, unsatisfied need for personnel qualified to conduct system certifications. An educational program to address those needs is described.Approved for public release; distribution is unlimited

Targeted inactivation of integrin-linked kinase in hair follicle stem cells reveals an important modulatory role in skin repair after injury

Integrin-linked kinase (ILK) is key for normal epidermal morphogenesis, but little is known about its role in hair follicle stem cells and epidermal regeneration. Hair follicle stem cells are important contributors to newly formed epidermis following injury. We inactivated the Ilk gene in the keratin 15 - expressing stem cell population of the mouse hair follicle bulge. Loss of ILK expression in these cells resulted in impaired cutaneous wound healing, with substantially decreased wound closure rates. ILK-deficient stem cells produced very few descendants that moved toward the epidermal surface and into the advancing epithelium that covers the wound. Furthermore, those few mutant cells that homed in the regenerated epidermis exhibited a reduced residence time. Paradoxically, ILK-deficient bulge stem cells responded to anagen growth signals and contributed to newly regenerated hair follicles during this phase of hair follicle growth. Thus ILK plays an important modulatory role in the normal contribution of hair follicle stem cell progeny to the regenerating epidermis following injury. © 2011 Nakrieko et al

Aerodynamic roughness of glacial ice surfaces derived from high-resolution topographic data

This paper presents new methods of estimating the aerodynamic roughness (z0) of glacier ice directly from three-dimensional point clouds and digital elevation models (DEMs), examines temporal variability of z0, and presents the first fully distributed map of z0 estimates across the ablation zone of an Arctic glacier. The aerodynamic roughness of glacier ice surfaces is an important component of energy balance models and meltwater runoff estimates through its influence on turbulent fluxes of latent and sensible heat. In a warming climate these fluxes are predicted to become more significant in contributing to overall melt volumes. Ice z0 is commonly estimated from measurements of ice surface microtopography, typically from topographic profiles taken perpendicular to the prevailing wind direction. Recent advances in surveying permit rapid acquisition of high-resolution topographic data allowing revision of assumptions underlying conventional z0 measurement. Using Structure from Motion (SfM) photogrammetry with Multi-View Stereo (MVS) to survey ice surfaces with millimeter-scale accuracy, z0 variation over 3 orders of magnitude was observed. Different surface types demonstrated different temporal trajectories in z0 through 3 days of intense melt. A glacier-scale 2 m resolution DEM was obtained through terrestrial laser scanning (TLS), and subgrid roughness was significantly related to plot-scale z0. Thus, we show for the first time that glacier-scale TLS or SfM-MVS surveys can characterize z0 variability over a glacier surface potentially leading to distributed representations of z0 in surface energy balance models