Protecting Private Data in the Cloud

Companies that process business critical and secret data are reluctant to use utility and cloud computing for the risk that their data gets stolen by rogue system administrators at the hosting company. We describe a system organization that prevents host administrators from directly accessing or installing eaves-dropping software on the machine that holds the client's valuable data. Clients are monitored via machine code probes that are inlined into the clients' programs at runtime. The system enables the cloud provider to install and remove software probes into the machine code without stopping the client's program, and it prevents the provider from installing probes not granted by the client

Libra, a Multi-hop Radio Network Bandwidth Market

Libra is a two-level market which assigns fractional shares of time to the transmitting nodes in local regions of a multi-hop network. In Libra, users are assigned budgets by management and users assign funding to services within their budget limits. The purpose is to prioritize users and also optimize network utilization by preventing source nodes from injecting too much traffic into the network and thereby causing downstream packet loss. All transmitting nodes sell capacity in the region surrounding them, and buy capacity from their neighbors in order to be able to transmit. Streams buy capacity from each of the nodes on their paths, thus streams that cross the same region compete directly for the bandwidth in that region. Prices are adjusted incrementally on both levels

Hypervisor Integrity Measurement Assistant

An attacker who has gained access to a computer may want to upload or modify configuration files, etc., and run arbitrary programs of his choice. We can severely restrict the power of the attacker by having a white-list of approved file checksums and preventing the kernel from loading loading any file with a bad checksum. The check may be placed in the kernel, but that requires a kernel that is prepared for it. The check may also be placed in a hypervisor which intercepts and prevents the kernel from loading a bad file. We describe the implementation of and give performance results for two systems. In one the checksumming, or integrity measurement, and decision is performed by the hypervisor instead of the OS. In the other only the final integrity decision is done in the hypervisor. By moving the integrity check out from the VM kernel it becomes harder for the intruder to bypass the check. We conclude that it is technically possible to put file integrity control into the hypervisor, both for kernels without and with pre-compiled support for integrity measurement

Personalized Decentralized Communication

Search engines, portals and topic-centered web sites are all attempts to create more or less personalized web-services. However, no single service can in general fulfill all needs of a particular user, so users have to search and maintain personal profiles at several locations. We propose an architecture where each person has his own information management environment where all personalization is made locally. Information is exchanged with other’s if it’s of mutual interest that the information is published or received. We assume that users are self-interested, but that there is some overlap in their interests. Our recent work has focused on decentralized dissemination of information, specifically what we call decentralized recommender systems. We are investigating the behavior of such systems and have also done some preliminary work on the users’ information environment

Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud

In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the provider promised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis

Pricing Virtual Paths with Quality-of-Service Guarantees as Bundle Derivatives

We describe a model of a communication network that allows us to price complex network services as financial derivative contracts based on the spot price of the capacity in individual routers. We prove a theorem of a Girsanov transform that is useful for pricing linear derivatives on underlying assets, which can be used to price many complex network services, and it is used to price an option that gives access to one of several virtual channels between two network nodes, during a specified future time interval. We give the continuous time hedging strategy, for which the option price is independent of the service providers attitude towards risk. The option price contains the density function of a sum of lognormal variables, which has to be evaluated numerically.Comment: 22 pages (15 in main tex and 7 appendix), 5 postscript figure

A Fourier approach to valuating derivative assets

This paper valuates two different financial contracts, the European Call and the Spread option using the Fourier transform. In the European Call case the underlying asset is modelled by the geometric Brownian motion stochastic differential equation. All necessary conditions in order for the transform to exists are examined and it turns out that the payoff needs to be scaled by an exponential factor which includes a constant a where a < 0. Later an optimization problem is defined in order to find the a which yields the best numeric integration. At the end the Fourier method is compared against the Black Scholes formula yielding a difference with 10 −15 in magnitude. In the Spread option case the underlying assets are modelled by a two-dimensional Heston model with three volatilities, one for each asset and one for how they effect each other. Here the payoff need to be scaled by two different exponential factors each including one constant, call them a and b where a < 0 and b < 0. Again an optimization problem is defined in order to find the a,b which yields the best numeric integration. The Fourier method for this case is compared against a Monte Carlo simulation with and without a control variate

Children looked after and their right to participation in accordance with the UN Convention on the Rights of the Child, article 12

Research has been done on children’s participation in review meetings, a method for reviewing foster and residential care. The method is tested within the national project Children’s Needs in Focus (BBIC) inspired by the British Integrated Children’s System and operated by the National Board of Health and Welfare (Socialstyrelsen) in Sweden. The objective of the evaluation, conducted on behalf of Socialstyrelsen, was to investigate frameworks and scope for – as well as the child’s experiences of – participation and joint decision making concerning planning, decision-making processes and review of arrangements. The overall issue propounded was linked to one of the aims of the development work: do review meetings contribute to strengthen the child’s position in accordance with the aims of the UN Convention on the Rights of the Child and the Social Services Act? The study included content analysis of 55 BBIC-forms, together with interviews with 11 children, 8 – 18 years old, 8 independent chairpersons and 11 social workers. One of the conclusions is that the framework and scope that is created for the child’s participation in reviews, within the BBIC project, provide the preconditions to strengthen the position of the child in accordance with the aims of the Social Services Act and the articles 3 and 12 of the UN Convention on the Rights of the Child

Patient Outcomes after Radiotherapy of Prostate Cancer. Impact of Absorbed Dose and Treated Volume.

Abstract Backgound Prostate cancer is the most common form of cancer in men in Sweden. Radiotherapy, including external beam radiation therapy (EBRT) and brachytherapy (BT), is important treatment alternatives to surgery and active surveillance. Precise delivery of the prescribed absorbed dose to the prostate with minimal irradiation of normal tissue, specifically organs at risk, is crucial for optimal tumour response and limited side effects. The overall aim of this work was to investigate the outcome of radiotherapy for prostate cancer in the clinical settings. A specific aim was to study associations between radiation dose and outcome (tumour response and/or side effects) when applicable. Material and methods The studies were based on clinical patient data.Lymphedema was studied in 22 patients treated with EBRT including large pelvic volumes in combination with high-dose-rate (HDR)-BT and hormonal therapy after lymph-node dissection. Tumour outcome was studied retrospectlively in 195 patients treated with low-dose-rate (LDR)-BT at Skåne University Hospital. Erectile dysfunction (ED) after EBRT was studied in 673 patients, treated in the HYPO-RT-PC randomised phase 3 trial comparing conventional fractionation (CF) with ultrahypofractionation (UHF). Long-term incidence of hip complications after EBRT was studied in 351 patients using outcome data from the National Prostate Cancer Datatbase, PCBaSe. Results: A low rate of lymphedema was found in the group of high-risk node-positive cancer patients, supporting the feasability of this extensive treatment. Excellent outcomes were found in the cohort of low-risk prostate cancer patients treated with LDR-BT showing a biochemical failure-free survival (BFFS) rate of 95.7% at 5 years with few side effects. The dose to the prostate ( D90%) was significantly associated with BFFS. The frequency of ED was similar in the CF and UHF treatment groups. Age was the strongest predictor of severe ED followed by dose to penile bulb (PB) beeing most evident for younger patients. EQD2-corrected doses of D2 % < 50 Gy and Dmean < 20 Gy to PB are suggested as treatement planning objectives in order to minimise ED after EBRT. No increased risk of hip fracture was found after radical radiotherpy but an increased risk of clinically relevant osteoarthritis was observed. These results indicate that osteoarthritis after EBRT is reduced by limiting the volume of the femoral heads receiving more than 40 Gy (EQD2). Conclusions: Toxicity was acceptable after treating pelvic nodes with EBRT. Significant associations were found between dose coverage and tumour-control in LDR-BT, between dose to PB and ED and dose to femoral head and ostearthritis, following EBRT. These findings add valuable information in the design of future radiotherapy regimens

Farmhouse Market: A Small Market that’s Big on Technology

Many rural communities in Minnesota are facing a similar problem… a lack of access to healthy, high-quality food. This is a problem because grocery stores in many rural communities are struggling to keep their doors open as a result of high operating costs and low profit margins. The Farmhouse Market provides an innovative solution to this problem by reducing operating costs through technology