839 research outputs found
Viewpoint | Personal Data and the Internet of Things: It is time to care about digital provenance
The Internet of Things promises a connected environment reacting to and
addressing our every need, but based on the assumption that all of our
movements and words can be recorded and analysed to achieve this end.
Ubiquitous surveillance is also a precondition for most dystopian societies,
both real and fictional. How our personal data is processed and consumed in an
ever more connected world must imperatively be made transparent, and more
effective technical solutions than those currently on offer, to manage personal
data must urgently be investigated.Comment: 3 pages, 0 figures, preprint for Communication of the AC
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Stochastic models and numerical algorithms for a class of regulatory gene networks
Regulatory gene networks contain generic modules like those involving
feedback loops, which are essential for the regulation of many biological
functions. We consider a class of self-regulated genes which are the building
blocks of many regulatory gene networks, and study the steady state
distributions of the associated Gillespie algorithm by providing efficient
numerical algorithms. We also study a regulatory gene network of interest in
synthetic biology and in gene therapy, using mean-field models with time
delays. Convergence of the related time-nonhomogeneous Markov chain is
established for a class of linear catalytic networks with feedback loop
Recommended from our members
Information Flow Audit for Transparency and Compliance in the Handling of Personal Data
This is the author accepted manuscript. The final version is available from IEEE via http://dx.doi.org/10.1109/IC2EW.2016.29The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As the proportion of services provided using cloud computing increases, legal and regulatory issues are becoming more significant. In this paper we explore how an Information Flow Audit (IFA) mechanism, that provides key data regarding provenance, can be used to verify compliance with regulatory and contractual duty, and survey potential extensions. We explore the use of IFA for such a purpose through a smart electricity metering use case derived from a French Data Protection Agency recommendation.This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud. We acknowledge the support of Microsoft through the Microsoft Cloud Computing Research Centre
Detection of emission lines from z ~ 3 DLAs towards the QSO J2358+0149
Using VLT/X-shooter we searched for emission line galaxies associated to four
damped Lyman- systems (DLAs) and one sub-DLA at 2.73<=z<=3.25 towards
QSO J2358+0149. We detect [O III] emission from a "low-cool" DLA at z_abs =
2.9791 (having log N(HI)=21.69+\-0.10, [Zn/H] = -1.83+\-0.18) at an impact
parameter of, ~12 kpc. The associated galaxy is compact with a dynamical
mass of (1-6)x10^9 M_solar, very high excitation ([O III]/[O II] and [O
III]/[H] both greater than 10), 12+[O/H]<=8.5 and moderate star
formation rate (SFR <=2 M_solar yr^{-1}). Such properties are typically seen in
the low-z extreme blue compact dwarf galaxies. The kinematics of the gas is
inconsistent with that of an extended disk and the gas is part of either a
large scale wind or cold accretion. We detect Ly emission from the
z_abs = 3.2477 DLA (having log N(HI)=21.12+\-0.10 and [Zn/H]=-0.97+\-0.13).The
Ly emission is redshifted with respect to the metal absorption lines by
320 km s^{-1}, consistent with the location of the red hump expected in
radiative transport models. We derive SFR ~0.2-1.7 M_solar yr^{-1} and
Ly escape fraction of >=10 per cent. No other emission line is detected
from this system. Because the DLA has a small velocity separation from the
quasar (~500 km s^{-1}) and the DLA emission is located within a small
projected distance ( kpc), we also explore the possibility that the
Ly emission is being induced by the QSO itself. QSO induced Ly
fluorescence is possible if the DLA is within a physical separation of 340 kpc
to the QSO. Detection of stellar continuum light and/or the oxygen emission
lines would disfavor this possibility. We do not detect any emission line from
the remaining three systems.Comment: 13 pages, 7 figures, 4 tables (3 pages, 5 figures, 5 tables in
Appendix). Accepted for publication in MNRA
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
For safety reasons, unprivileged users today have only limited ways to
customize the kernel through the extended Berkeley Packet Filter (eBPF). This
is unfortunate, especially since the eBPF framework itself has seen an increase
in scope over the years. We propose SandBPF, a software-based kernel isolation
technique that dynamically sandboxes eBPF programs to allow unprivileged users
to safely extend the kernel, unleashing eBPF's full potential. Our early
proof-of-concept shows that SandBPF can effectively prevent exploits missed by
eBPF's native safety mechanism (i.e., static verification) while incurring
0%-10% overhead on web server benchmarks.Comment: 8 pages, 5 figures, to appear in the 1st SIGCOMM Workshop on eBPF and
Kernel Extension
Identification of a Candidate CD5 Homologue in the Amphibian Xenopus laevis
We identified a novel T cell Ag in the South African clawed toad (Xenopus laevis) by a mAb designated 2B1. This Ag is present in relatively high levels on most thymocytes, approximately 65% of splenocytes, 55% of PBL, and 65% of intestinal lymphocytes, but is rarely seen on IgM+ B cells in any of these tissues. Lymphocytes bearing the 2B1 Ag proliferate in response to stimulation with Con A or PHA, whereas the 2B1- lymphocytes are reactive to LPS. Biochemical analysis indicates that this Ag is a differentially phosphorylated glycoprotein of 71 to 82 kDa. The protein core of 64 kDa bears both N- and O-linked carbohydrate side chains. The amino-terminal protein sequence of the 2B1 Ag shares significant homology with both the macrophage scavenger receptor type 1 motif and the mammalian CD5/CD6 family. The biochemical characteristics and cellular distribution of the 2B1 Ag suggest that it represents the CD5 homologue in X. laevis. While T cells constitutively express this highly conserved molecule, Xenopus B cells acquire the CD5 homologue only when they are stimulated in the presence of T cell
Sharing and Preserving Computational Analyses for Posterity with encapsulator
Open data and open-source software may be part of the solution to science's
"reproducibility crisis", but they are insufficient to guarantee
reproducibility. Requiring minimal end-user expertise, encapsulator creates a
"time capsule" with reproducible code in a self-contained computational
environment. encapsulator provides end-users with a fully-featured desktop
environment for reproducible research.Comment: 11 pages, 6 figure
- …