Viewpoint | Personal Data and the Internet of Things: It is time to care about digital provenance

The Internet of Things promises a connected environment reacting to and addressing our every need, but based on the assumption that all of our movements and words can be recorded and analysed to achieve this end. Ubiquitous surveillance is also a precondition for most dystopian societies, both real and fictional. How our personal data is processed and consumed in an ever more connected world must imperatively be made transparent, and more effective technical solutions than those currently on offer, to manage personal data must urgently be investigated.Comment: 3 pages, 0 figures, preprint for Communication of the AC

CamFlow: Managed Data-sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure

Stochastic models and numerical algorithms for a class of regulatory gene networks

Regulatory gene networks contain generic modules like those involving feedback loops, which are essential for the regulation of many biological functions. We consider a class of self-regulated genes which are the building blocks of many regulatory gene networks, and study the steady state distributions of the associated Gillespie algorithm by providing efficient numerical algorithms. We also study a regulatory gene network of interest in synthetic biology and in gene therapy, using mean-field models with time delays. Convergence of the related time-nonhomogeneous Markov chain is established for a class of linear catalytic networks with feedback loop

Information Flow Audit for Transparency and Compliance in the Handling of Personal Data

This is the author accepted manuscript. The final version is available from IEEE via http://dx.doi.org/10.1109/IC2EW.2016.29The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As the proportion of services provided using cloud computing increases, legal and regulatory issues are becoming more significant. In this paper we explore how an Information Flow Audit (IFA) mechanism, that provides key data regarding provenance, can be used to verify compliance with regulatory and contractual duty, and survey potential extensions. We explore the use of IFA for such a purpose through a smart electricity metering use case derived from a French Data Protection Agency recommendation.This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud. We acknowledge the support of Microsoft through the Microsoft Cloud Computing Research Centre

Detection of emission lines from z ~ 3 DLAs towards the QSO J2358+0149

Using VLT/X-shooter we searched for emission line galaxies associated to four damped Lyman-$\alpha$ systems (DLAs) and one sub-DLA at 2.73<=z<=3.25 towards QSO J2358+0149. We detect [O III] emission from a "low-cool" DLA at z_abs = 2.9791 (having log N(HI)=21.69+\-0.10, [Zn/H] = -1.83+\-0.18) at an impact parameter of, $\rho$ ~12 kpc. The associated galaxy is compact with a dynamical mass of (1-6)x10^9 M_solar, very high excitation ([O III]/[O II] and [O III]/[H$\beta$] both greater than 10), 12+[O/H]<=8.5 and moderate star formation rate (SFR <=2 M_solar yr^{-1}). Such properties are typically seen in the low-z extreme blue compact dwarf galaxies. The kinematics of the gas is inconsistent with that of an extended disk and the gas is part of either a large scale wind or cold accretion. We detect Ly$\alpha$ emission from the z_abs = 3.2477 DLA (having log N(HI)=21.12+\-0.10 and [Zn/H]=-0.97+\-0.13).The Ly$\alpha$ emission is redshifted with respect to the metal absorption lines by 320 km s^{-1}, consistent with the location of the red hump expected in radiative transport models. We derive SFR ~0.2-1.7 M_solar yr^{-1} and Ly$\alpha$ escape fraction of >=10 per cent. No other emission line is detected from this system. Because the DLA has a small velocity separation from the quasar (~500 km s^{-1}) and the DLA emission is located within a small projected distance ($\rho<5$ kpc), we also explore the possibility that the Ly$\alpha$ emission is being induced by the QSO itself. QSO induced Ly$\alpha$ fluorescence is possible if the DLA is within a physical separation of 340 kpc to the QSO. Detection of stellar continuum light and/or the oxygen emission lines would disfavor this possibility. We do not detect any emission line from the remaining three systems.Comment: 13 pages, 7 figures, 4 tables (3 pages, 5 figures, 5 tables in Appendix). Accepted for publication in MNRA

Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing

For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter (eBPF). This is unfortunate, especially since the eBPF framework itself has seen an increase in scope over the years. We propose SandBPF, a software-based kernel isolation technique that dynamically sandboxes eBPF programs to allow unprivileged users to safely extend the kernel, unleashing eBPF's full potential. Our early proof-of-concept shows that SandBPF can effectively prevent exploits missed by eBPF's native safety mechanism (i.e., static verification) while incurring 0%-10% overhead on web server benchmarks.Comment: 8 pages, 5 figures, to appear in the 1st SIGCOMM Workshop on eBPF and Kernel Extension

Identification of a Candidate CD5 Homologue in the Amphibian Xenopus laevis

We identified a novel T cell Ag in the South African clawed toad (Xenopus laevis) by a mAb designated 2B1. This Ag is present in relatively high levels on most thymocytes, approximately 65% of splenocytes, 55% of PBL, and 65% of intestinal lymphocytes, but is rarely seen on IgM+ B cells in any of these tissues. Lymphocytes bearing the 2B1 Ag proliferate in response to stimulation with Con A or PHA, whereas the 2B1- lymphocytes are reactive to LPS. Biochemical analysis indicates that this Ag is a differentially phosphorylated glycoprotein of 71 to 82 kDa. The protein core of 64 kDa bears both N- and O-linked carbohydrate side chains. The amino-terminal protein sequence of the 2B1 Ag shares significant homology with both the macrophage scavenger receptor type 1 motif and the mammalian CD5/CD6 family. The biochemical characteristics and cellular distribution of the 2B1 Ag suggest that it represents the CD5 homologue in X. laevis. While T cells constitutively express this highly conserved molecule, Xenopus B cells acquire the CD5 homologue only when they are stimulated in the presence of T cell

Sharing and Preserving Computational Analyses for Posterity with encapsulator

Open data and open-source software may be part of the solution to science's "reproducibility crisis", but they are insufficient to guarantee reproducibility. Requiring minimal end-user expertise, encapsulator creates a "time capsule" with reproducible code in a self-contained computational environment. encapsulator provides end-users with a fully-featured desktop environment for reproducible research.Comment: 11 pages, 6 figure