Security Policy Specification Using a Graphical Approach

A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enforcement of the policy, e.g., using wrappers around legacy systems or after the fact with an intrusion detection system, and (3) other formal manipulation of policies, e.g., the composition of policies. We present LaSCO, the Language for Security Constraints on Objects, in which a policy consists of two parts: the domain (assumptions about the system) and the requirement (what is allowed assuming the domain is satisfied). Thus policies defined in LaSCO have the appearance of conditional access control statements. LaSCO policies are specified as expressions in logic and as directed graphs, giving a visual view of policy. LaSCO has a simple semantics in first order logic (which we provide), thus permitting policies we write, even for complex policies, to be very perspicuous. LaSCO has syntax to express many of the situations we have found to be useful on policies or, more interesting, the composition of policies. LaSCO has an object-oriented structure, permitting it to be useful to describe policies on the objects and methods of an application written in an object-oriented language, in addition to the traditional policies on operating system objects. A LaSCO specification can be automatically translated into executable code that checks an invocation of a program with respect to a policy. The implementation of LaSCO is in Java, and generates wrappers to check Java programs with respect to a policy.Comment: 28 pages, 22 figures, in color (but color is not essential for viewing); UC Davis CS department technical report (July 22, 1998

Formal mechanization of device interactions with a process algebra

The principle emphasis is to develop a methodology to formally verify correct synchronization communication of devices in a composed hardware system. Previous system integration efforts have focused on vertical integration of one layer on top of another. This task examines 'horizontal' integration of peer devices. To formally reason about communication, we mechanize a process algebra in the Higher Order Logic (HOL) theorem proving system. Using this formalization we show how four types of device interactions can be represented and verified to behave as specified. The report also describes the specification of a system consisting of an AVM-1 microprocessor and a memory management unit which were verified in previous work. A proof of correct communication is presented, and the extensions to the system specification to add a direct memory device are discussed

ByzID: Byzantine Fault Tolerance from Intrusion Detection

Building robust network services that can withstand a wide range of failure types is a fundamental problem in distributed systems. The most general approach, called Byzantine fault tolerance, can mask arbitrary failures. Yet it is often considered too costly to deploy in practice, and many solutions are not resilient to performance attacks. To address this concern we leverage two key technologies already widely deployed in cloud computing infrastructures: replicated state machines and intrusiondetection systems.First, we have designed a general framework for constructing Byzantine failure detectors based on an intrusion detection system. Based on such a failure detector, we have designed and built a practical Byzantine fault-tolerant protocol, which has costs comparable to crash-resilient protocols like Paxos. More importantly, our protocol is particularly robust against several key attacks such as flooding attacks, timing attacks, and fairness attacks, that are typically not handled well by Byzantine fault masking procedures

Formal verification of a microcoded VIPER microprocessor using HOL

The Royal Signals and Radar Establishment (RSRE) and members of the Hardware Verification Group at Cambridge University conducted a joint effort to prove the correspondence between the electronic block model and the top level specification of Viper. Unfortunately, the proof became too complex and unmanageable within the given time and funding constraints, and is thus incomplete as of the date of this report. This report describes an independent attempt to use the HOL (Cambridge Higher Order Logic) mechanical verifier to verify Viper. Deriving from recent results in hardware verification research at UC Davis, the approach has been to redesign the electronic block model to make it microcoded and to structure the proof in a series of decreasingly abstract interpreter levels, the lowest being the electronic block level. The highest level is the RSRE Viper instruction set. Owing to the new approach and some results on the proof of generic interpreters as applied to simple microprocessors, this attempt required an effort approximately an order of magnitude less than the previous one

Automated Biochemical, Morphological, and Organizational Assessment of Precancerous Changes from Endogenous Two-Photon Fluorescence Images

Multi-photon fluorescence microscopy techniques allow for non-invasive interrogation of live samples in their native environment. These methods are particularly appealing for identifying pre-cancers because they are sensitive to the early changes that occur on the microscopic scale and can provide additional information not available using conventional screening techniques.In this study, we developed novel automated approaches, which can be employed for the real-time analysis of two-photon fluorescence images, to non-invasively discriminate between normal and pre-cancerous/HPV-immortalized engineered tissues by concurrently assessing metabolic activity, morphology, organization, and keratin localization. Specifically, we found that the metabolic activity was significantly enhanced and more uniform throughout the depths of the HPV-immortalized epithelia, based on our extraction of the NADH and FAD fluorescence contributions. Furthermore, we were able to separate the keratin contribution from metabolic enzymes to improve the redox estimates and to use the keratin localization as a means to discriminate between tissue types. To assess morphology and organization, Fourier-based, power spectral density (PSD) approaches were employed. The nuclear size distribution throughout the epithelial depths was quantified by evaluating the variance of the corresponding spatial frequencies, which was found to be greater in the normal tissue compared to the HPV-immortalized tissues. The PSD was also used to calculate the Hurst parameter to identify the level of organization in the tissues, assuming a fractal model for the fluorescence intensity fluctuations within a field. We found the range of organization was greater in the normal tissue and closely related to the level of differentiation.A wealth of complementary morphological, biochemical and organizational tissue parameters can be extracted from high resolution images that are acquired based entirely on endogenous sources of contrast. They are promising diagnostic parameters for the non-invasive identification of early cancerous changes and could improve significantly diagnosis and treatment for numerous patients

Diasporas and democratization in the post-communist world

If diaspora communities are socialized with democratic values in Western societies, they could be expected to be sympathetic to the democratization of their home countries. However, there is a high degree of variation in their behavior. Contrary to the predominant understanding in the literature that diasporas act in exclusively nationalist ways, this article argues that they do engage with the democratization of their home countries. Various challenges to the sovereignty of their homelands explain whether diasporas involve with procedural or liberal aspects of democratization. Drawing evidence from the activities of the Ukrainian, Serbian, Albanian and Armenian diasporas after the end of communism, I argue that unless diasporas are linked to home countries that enjoy both international legal and domestic sovereignty, they will involve only with procedural aspects of democratization. Diasporas filter international pressure to democratize post-communist societies by utilizing democratic procedures to advance unresolved nationalist goals

Pyrazolo-triazolo-pyrimidines as adenosine receptor antagonists: Effect of the N-5 bond type on the affinity and selectivity at the four adenosine receptor subtypes

In the last few years, many efforts have been made to search for potent and selective human A3 adenosine antagonists. In particular, one of the most promising human A3 adenosine receptor antagonists is represented by the pyrazolo-triazolo-pyrimidine family. This class of compounds has been strongly investigated from the point of view of structure-activity relationships. In particular, it has been observed that fundamental requisites for having both potency and selectivity at the human A3 adenosine receptors are the presence of a small substituent at the N8 position and an unsubstitued phenyl carbamoyl moiety at the N5 position. In this study, we report the role of the N5-bond type on the affinity and selectivity at the four adenosine receptor subtypes. The observed structure-activity relationships of this class of antagonists are also exhaustively rationalized using the recently published ligand-based homology modeling approach

Understanding Pitch Perception as a Hierarchical Process with Top-Down Modulation

Pitch is one of the most important features of natural sounds, underlying the perception of melody in music and prosody in speech. However, the temporal dynamics of pitch processing are still poorly understood. Previous studies suggest that the auditory system uses a wide range of time scales to integrate pitch-related information and that the effective integration time is both task- and stimulus-dependent. None of the existing models of pitch processing can account for such task- and stimulus-dependent variations in processing time scales. This study presents an idealized neurocomputational model, which provides a unified account of the multiple time scales observed in pitch perception. The model is evaluated using a range of perceptual studies, which have not previously been accounted for by a single model, and new results from a neurophysiological experiment. In contrast to other approaches, the current model contains a hierarchy of integration stages and uses feedback to adapt the effective time scales of processing at each stage in response to changes in the input stimulus. The model has features in common with a hierarchical generative process and suggests a key role for efferent connections from central to sub-cortical areas in controlling the temporal dynamics of pitch processing