Security-Policy Analysis with eXtended Unix Tools

During our fieldwork with real-world organizations---including those in Public Key Infrastructure (PKI), network configuration management, and the electrical power grid---we repeatedly noticed that security policies and related security artifacts are hard to manage. We observed three core limitations of security policy analysis that contribute to this difficulty. First, there is a gap between policy languages and the tools available to practitioners. Traditional Unix text-processing tools are useful, but practitioners cannot use these tools to operate on the high-level languages in which security policies are expressed and implemented. Second, practitioners cannot process policy at multiple levels of abstraction but they need this capability because many high-level languages encode hierarchical object models. Finally, practitioners need feedback to be able to measure how security policies and policy artifacts that implement those policies change over time. We designed and built our eXtended Unix tools (XUTools) to address these limitations of security policy analysis. First, our XUTools operate upon context-free languages so that they can operate upon the hierarchical object models of high-level policy languages. Second, our XUTools operate on parse trees so that practitioners can process and analyze texts at multiple levels of abstraction. Finally, our XUTools enable new computational experiments on multi-versioned structured texts and our tools allow practitioners to measure security policies and how they change over time. Just as programmers use high-level languages to program more efficiently, so can practitioners use these tools to analyze texts relative to a high-level language. Throughout the historical transmission of text, people have identified meaningful substrings of text and categorized them into groups such as sentences, pages, lines, function blocks, and books to name a few. Our research interprets these useful structures as different context-free languages by which we can analyze text. XUTools are already in demand by practitioners in a variety of domains and articles on our research have been featured in various news outlets that include ComputerWorld, CIO Magazine, Communications of the ACM, and Slashdot

Applying Domain Knowledge from Structured Citation Formats to Text and Data Mining: Examples Using the CITE Architecture

Domain knowledge expressed in structured citation formats can be exploited in data mining. We propose four structural properties of canonically cited texts, then look at to two classic problems in the study of the scholia, or ancient scholarly commentary, found in the manuscripts of the Iliad. We cluster citations of scholia to analyze their distribution in different manuscripts; this leads to a revised view of how the manuscripts\u27 scribes drew on their source material. Correlated frequencies of named entities suggest that one group of manuscripts had access to material more closely based on the work of the greatest Hellenistic editor of Homer, Aristarchus of Samothrace

BGrep and BDiff: UNIX Tools for High-Level Languages

The rise in high-level languages for system administrators requires us to rethink traditional UNIX tools designed for these older data formats. We propose new block-oriented tools, bgrep and bdiff, operating on syntactic blocks of code rather than the line, the traditional information container of UNIX. Transcending the line number allows us to introduce longitudinal diff, a mode of bdiff that lets us track changes across arbitrary blocks of code. We present a detailed implementation roadmap and evaluation framework for the full version of this paper. In addition we demonstrate how the design of our tools already addresses several real-wold problems faced by network administrators to maintain security policy

Beyond SELinux: the Case for Behavior-Based Policy and Trust Languages

Despite the availability of powerful mechanisms for security policy and access control, real-world information security practitioners---both developers and security officers---still find themselves in need of something more. We believe that this is the case because available policy languages do not provide clear and intelligible ways to allow developers to communicate their knowledge and expectations of trustworthy behaviors and actual application requirements to IT administrators. We work to address this policy engineering gap by shifting the focus of policy language design to this communication via behavior-based policies and their motivating scenarios

An Actor-Centric, Asset-Based Monitor Deployment Model for Cloud Computing

Effective monitoring is essential for the security of cloud systems. Although many monitoring tools exist in the cloud domain, there is little guidance on how to deploy monitors to make the most of collected monitor data and increase the likelihood of detecting breaches of security. We introduce an actor-centric, asset-based monitor deployment model for the cloud that enables practitioners to reason about monitor deployment in terms of the security of the cloud assets that they own. We define an actor model that consolidates several roles in the literature to three roles that are motivated by security. We then develop an architectural model that identifies the assets that can be owned by each of those actors, and use it to drive an asset-based cloud threat model. Using our threat model, we claim that a cloud practitioner can reason about monitor deployment to more efficiently deploy monitors and increase its chances of detecting intrusions. We demonstrate the utility of our model with a cloud scenario based on Netflix’s use of Amazon Web Services.Air Force Research Laboratory & Air Force Office of Scientific Research/FA8750-11-2-0084Ope

Visualization of membrane loss during the shrinkage of giant vesicles under electropulsation

We study the effect of permeabilizing electric fields applied to two different types of giant unilamellar vesicles, the first formed from EggPC lipids and the second formed from DOPC lipids. Experiments on vesicles of both lipid types show a decrease in vesicle radius which is interpreted as being due to lipid loss during the permeabilization process. We show that the decrease in size can be qualitatively explained as a loss of lipid area which is proportional to the area of the vesicle which is permeabilized. Three possible mechanisms responsible for lipid loss were directly observed: pore formation, vesicle formation and tubule formation.Comment: Final published versio

The Link Between the Hidden Broad Line Region and the Accretion Rate in Seyfert 2 Galaxies

In the past few years more and more pieces of evidence have been presented for a revision of the widely accepted Unified Model of Active Galactic Nuclei. A model based solely on orientation cannot explain all the observed phenomenology. In the following, we will present evidence that accretion rate is also a key parameter for the presence of Hidden Broad Line Regions in Seyfert 2 galaxies. Our sample consists of 21 sources with polarized Hidden Broad Lines and 18 sources without Hidden Broad Lines. We use stellar velocity dispersions from several studies on the CaII and Mg b triplets in Seyfert 2 galaxies, to estimate the mass of the central black holes via the Mbh-{\sigma}\ast relation. The ratio between the bolometric luminosity, derived from the intrinsic (i.e. unabsorbed) X-ray luminosity, and the Eddington luminosity is a measure of the rate at which matter accretes onto the central supermassive black hole. A separation between Compton-thin HBLR and non-HBLR sources is clear, both in accretion rate (log Lbol/LEdd = -1.9) and in luminosity (log Lbol = 43.90). When, properly luminosity-corrected, Compton-thick sources are included, the separation between HBLR and non-HBLR is less sharp but no HBLR source falls below the Eddington ratio threshold. We speculate that non-HBLR Compton-thick sources with accretion rate higher than the threshold, do possess a BLR, but something, probably related to their heavy absorption, is preventing us from observing it even in polarized light. Our results for Compton-thin sources support theoretical expectations. In a model presented by Nicastro (2000), the presence of broad emission lines is intrinsically connected with disk instabilities occuring in proximity of a transition radius, which is a function of the accretion rate, becoming smaller than the innermost stable orbit for very low accretion rates and therefore luminosities.Comment: 23 pages, 4 figure

The archival discovery of a strong Lyman-α\alpha and [CII] emitter at z = 7.677

We report the archival discovery of Lyman-$\alpha$ emission from the bright ultraviolet galaxy Y002 at $z=7.677$, spectroscopically confirmed by its ionized carbon [CII] 158$\mu$m emission line. The Ly$\alpha$ line is spatially associated with the rest-frame UV stellar emission ($M_{\rm UV}$~-22, 2x brighter than $M^\star_{\rm UV}$) and it appears offset from the peak of the extended [CII] emission at the current ~1" spatial resolution. We derive an estimate of the unobscured SFR(UV)=$(22\pm1)\,M_\odot$ yr$^{-1}$ and set an upper limit of SFR(IR)$<15\,M_\odot$ yr$^{-1}$ from the far-infrared wavelength range, which globally place Y002 on the SFR(UV+IR)-L([CII]) correlation observed at lower redshifts. In terms of velocity, the peak of the Ly$\alpha$ emission is redshifted by $\Delta v$(Ly$\alpha$)~500 km s$^{-1}$ from the systemic redshift set by [CII] and a high-velocity tail extends to up to ~1000 km s$^{-1}$. The velocity offset is up to ~3.5x higher than the average estimate for similarly UV-bright emitters at z~6-7, which might suggest that we are witnessing the merging of two clumps. A combination of strong outflows and the possible presence of an extended ionized bubble surrounding Y002 would likely facilitate the escape of copious Ly$\alpha$ light, as indicated by the large equivalent width EW(Ly$\alpha$)=$24^{+5}_{-6}$ \r{A}. Assuming that [CII] traces the neutral hydrogen, we estimate a HI gas fraction of $M({\rm HI})/M_\star\gtrsim8$ for Y002 as a system and speculate that patches of high HI column densities could contribute to explain the observed spatial offsets between Ly$\alpha$ and [CII] emitting regions. The low dust content, implied by the non-detection of the far-infrared continuum emission at rest-frame ~160 $\mu$m, would be sufficient to absorb any potential Ly$\alpha$ photons produced within the [CII] clump as a result of large HI column densities.Comment: 10 pages, 4 figures. Accepted for publication in The Astrophysical Journal Letter