A FIREWALL MODEL OF FILE SYSTEM SECURITY

File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.

A systematic review of the survival and complication rates of implant supported fixed dental prostheses with cantilever extensions after an observation period of at least 5 years

OBJECTIVE: The aim of this systematic review was to assess the survival rates of short-span implant-supported cantilever fixed dental prostheses (ICFDPs) and the incidence of technical and biological complications after an observation period of at least 5 years. MATERIAL AND METHODS: An electronic MEDLINE search supplemented by manual searching was conducted to identify prospective or retrospective cohort studies reporting data of at least 5 years on ICFDPs. Five- and 10-year estimates for failure and complication rates were calculated using standard or random-effect Poisson regression analysis. RESULTS: The five studies eligible for the meta-analysis yielded an estimated 5- and 10-year ICFDP cumulative survival rate of 94.3% [95 percent confidence interval (95% CI): 84.1-98%] and 88.9% (95% CI: 70.8-96.1%), respectively. Five-year estimates for peri-implantitis were 5.4% (95% CI: 2-14.2%) and 9.4% (95% CI: 3.3-25.4%) at implant and prosthesis levels, respectively. Veneer fracture (5-year estimate: 10.3%; 95% CI: 3.9-26.6%) and screw loosening (5-year estimate: 8.2%; 95% CI: 3.9-17%) represented the most common complications, followed by loss of retention (5-year estimate: 5.7%; 95% CI: 1.9-16.5%) and abutment/screw fracture (5-year estimate: 2.1%; 95% CI: 0.9-5.1%). Implant fracture was rare (5-year estimate: 1.3%; 95% CI: 0.2-8.3%); no framework fracture was reported. Radiographic bone level changes did not yield statistically significant differences either at the prosthesis or at the implant levels when comparing ICFDPs with short-span implant-supported end-abutment fixed dental prostheses. CONCLUSIONS: ICFDPs represent a valid treatment modality; no detrimental effects can be expected on bone levels due to the presence of a cantilever extension per se.

Service-centric Networking Extensions

This paper discusses several issues of Service-Centric Networking (SCN) as an extension of the Information-Centric Networking (ICN) paradigm. SCN allows extended caching, where not exactly the same content as requested can be read from caches, but similar content can be used to produce the content requested, e.g., by filtering or transcoding. We discuss the issue of naming and routing for general dynamic services for both tightly coupled and decoupled ICN approaches. Challenges and solutions for service management are identified, in particular for composed services, which allow distributed in-network processing of service requests. We introduce the term Software-Defined Service-Centric Networking as an extension of Software-Defined Networking. A prototype implementation for SCN proofs its validity and feasibility and underlines its potential benefits.

Observations of the Eastern Maine Coastal Current and Its Offshore Extensions in 1994

Cold surface temperatures, reflecting Scotian Shelf origins and local tidal mixing, serve as a tracer of the Eastern Maine Coastal Current and its offshore extensions, which appear episodically as cold plumes erupting from the eastern Maine shelf. A cold water plume emanating from the Eastern Maine Coastal Current in May 1994 was investigated using advanced very high resolution radiometer (AVHRR) imagery, shipboard surveys of physical and biochemical properties, and satellite-tracked drifters. Evidence is presented that suggests that some of the plume waters were entrained within the cyclonic circulation over Jordan Basin, while the major portion participated in an anticyclonic eddy at the distal end of the plume. Calculations of the nitrate transported offshore by the plume show that this feature can episodically export significant quantities of nutrients from the Eastern Maine Coastal Current to offshore regions that are generally nutrient depleted during spring-summer. A series of AVHRR images is used to document the seasonal along-shelf progression of the coastal plume separation point. We speculate on potential causes and consequences of plume separation from the coastal current and suggest that this feature may be an important factor influencing the patterns and overall biological productivity of the eastern Gulf of Maine.

From doubled Chern–Simons–Maxwell lattice gauge theory to extensions of the toric code

We regularize compact and non-compact Abelian Chern–Simons–Maxwell theories on a spatial lattice using the Hamiltonian formulation. We consider a doubled theory with gauge fields living on a lattice and its dual lattice. The Hilbert space of the theory is a product of local Hilbert spaces, each associated with a link and the corresponding dual link. The two electric field operators associated with the link-pair do not commute. In the non-compact case with gauge group R, each local Hilbert space is analogous to the one of a charged “particle” moving in the link-pair group space R2 in a constant “magnetic” background field. In the compact case, the link-pair group space is a torus U(1)2 threaded by k units of quantized “magnetic” flux, with k being the level of the Chern–Simons theory. The holonomies of the torus U(1)2 give rise to two self-adjoint extension parameters, which form two non-dynamical background lattice gauge fields that explicitly break the manifest gauge symmetry from U(1) to Z(k). The local Hilbert space of a link-pair then decomposes into representations of a magnetic translation group. In the pure Chern–Simons limit of a large “photon” mass, this results in a Z(k)-symmetric variant of Kitaev’s toric code, self-adjointly extended by the two non-dynamical background lattice gauge fields. Electric charges on the original lattice and on the dual lattice obey mutually anyonic statistics with the statistics angle . Non-Abelian U(k) Berry gauge fields that arise from the self-adjoint extension parameters may be interesting in the context of quantum information processing.

Lipschitz extensions of maps between Heisenberg groups

Let $\H^n$ be the Heisenberg group of topological dimension 2n+1 . We prove that if n is odd, the pair of metric spaces $(\H^n, \H^n)$ does not have the Lipschitz extension property.

Visualizing the Simulation of 3-D Underwater Sensor Networks

The majority of sensor network research deals with land-based networks, which are essentially two-dimensional, and thus the majority of simulation and animation tools also only handle such networks. Underwater sensor networks on the other hand, are essentially 3D networks because the depth at which a sensor node is located needs to be considered as well. Due to that additional dimension, specialized tools need to be used when conducting simulations for experimentation. The School of Engineering’s Underwater Sensor Network (UWSN) lab is conducting research on underwater sensor networks and requires simulation tools for 3D networks. The lab has extended NS-2, a widely used network simulator, so that it can simulate three-dimensional networks. However, NAM, a widely used network animator, currently only supports two-dimensional networks and no extensions have been implemented to give it three-dimensional capabilities. In this project, we develop a network visualization tool that functions similarly to NAM but is able to render network environments in full 3-D. It is able to take as input a NS-2 trace file (the same file taken as input by NAM), create the environment, position the sensor nodes, and animate the events of the simulation. Further, the visualization tool is easy to use, especially friendly to NAM users, as it is designed to follow the interfaces and functions similar to NAM. So far, the development has fulfilled the basic functionality. Future work includes fully functional capabilities for visualization and much improved user interfaces.

International Transfer Pricing for Goods and Intangible Asset Licenses in a Decentralized Multinational Corporation: Review and Extensions

We review and extend the core literature on international transfer price manipulation to avoid or evade taxes. Under negotiated transfer pricing with a viable bargaining structure, including performance evaluation disconnected from the transfer price, divisions voluntarily exchange accurate information to obtain firm-wide optimality, a result not dependent on restraint from exercising internal market power. For intangible licenses, a larger optimal profit shift for a given tax rate change strengthens incentives for transfer pricing abuse. In practice, an intangible's arm's length range is viewed as a guideline, a context where incentives for abuse materialize. Transfer pricing for intangibles obliges greater tax authority scrutiny.

Do Exposure Suits Produce a 'Race to File'? An Economic Analysis of a Tort for Risk

Conventional tort law does not allow victims of exposure to a toxic substance to seek compensation until they develop actual symptoms of illness. This may effectively bar recovery because at the time the illness arises, injurers may be judgment proof. One possible response is to allow a tort for risk that allows victims to seek expected damages at the time of exposure. However, critics charge that this could create a 'race to file' wherein victims rush to file suit to ensure that they will get a share of the injurer's limited assets. We show that such a race may or may not occur in equilibrium, and that when it does occur, not all victims choose to file at exposure if bankruptcy is an inevitable result. If bankruptcy is not inevitable, it is possible that a tort for risk will trigger bankruptcy, although a no-bankruptcy equilibrium always exists and Paretodominates the bankruptcy equilibrium. We examine the consequences of the various tort-for-risk equilibria on the compensation of exposure victims, litigation costs, and injurer care.